ExternalDNS is an open-source tool that automates the management of public DNS records for Kubernetes resources such as services and ingresses, that are publicly exposed outside the cluster.
The ExternalDNS solution offers the following capabilities:
Control to developers to manage DNS resources that are usually managed manually by third teams. Example: Infrastructure team.
Ensures that the DNS records are always up-to-date with the current state of the Kubernetes cluster.
Manages a large number of records automatedly.
Simplifies the management of DNS records with improved security.
Deployment of ExternalDNS on Managed Kubernetes
Prerequisites: Ensure that you have the following before you begin:
A domain name that is registered with your domain provider aka Registrar or a subdomain under your control.
Create configuration: Create values file for ExternalDNS Helm chart that includes the plugin configuration. In this example, the values file is called external-dns-ionos-values.yaml.
# OCI image of ExternalDNS that contains the plugin provider featureimage:registry:ghcr.iorepository:ionos-cloud/external-dns-plugin-providertag:latest# Modify how DNS records are synchronised between sources and providers (default: sync, options: sync, upsert-only, create-only)policy:sync# provider needs to be set to pluginprovider:plugin# url of the provider which the external-dns will targetextraArgs:plugin-provider-url:http://localhost:8888# plugin is deployed as sidecarsidecars:-name:ionos-pluginimage:ghcr.io/ionos-cloud/external-dns-ionos-plugin:latestports:-containerPort:8888name:httplivenessProbe:httpGet:path:/healthport:httpinitialDelaySeconds:10timeoutSeconds:5readinessProbe:httpGet:path:/healthport:httpinitialDelaySeconds:10timeoutSeconds:5env:# Set port of plugin (value needs to match the container port and plugin provider url port, default value: 8888)-name:SERVER_PORTvalue:"8888"# Listen on all interfaces for kubernetes probes-name:SERVER_HOSTvalue:""# Limit possible target zones by a domain suffix (optional)-name:DOMAIN_FILTERvalue:"example1.com,example2.com"# Exclude subdomains (optional)-name:EXCLUDE_DOMAIN_FILTERvalue:"example3.com"# Limit possible domains and target zones by a Regex filter. Overrides domain-filter (optional)-name:REGEXP_DOMAIN_FILTERvalue:".*.example4.com"# Regex filter that excludes domains and target zones matched by regex-domain-filter (optional)-name:REGEXP_DOMAIN_FILTER_EXCLUSIONvalue:".*.example5.com"# When enabled, prints DNS record changes rather than actually performing them (default: false)-name:DRY_RUNvalue:"true"# Token for DNSaaS rest API authentication (mandatory) -name:IONOS_API_KEYvalue:"21215454"-name:LOG_LEVELvalue:debug# When enabled debug logs for the DNSaaS rest API are enabled (default: false) -name:IONOS_DEBUGvalue:"true"
Install ExternalDNS: To install ExternalDNS with Bitnami Helm chart, use the following commad:
Deploy application: Follow this step to deploy an application:
Deploy an echo server application by using the file echoserver_app.yaml.
apiVersion:apps/v1kind:Deploymentmetadata:name:echoservernamespace:echoserverspec:replicas:1selector:matchLabels:app:echoservertemplate:metadata:labels:app:echoserverspec:containers:-image:ealen/echo-server:latestimagePullPolicy:IfNotPresentname:echoserverports:-containerPort:80env:-name:PORTvalue:"80"---apiVersion:v1kind:Servicemetadata:name:echoservernamespace:echoserverspec:ports:-port:80targetPort:80protocol:TCPtype:ClusterIPselector:app:echoserver---apiVersion:networking.k8s.io/v1kind:Ingressmetadata:name:echoservernamespace:echoserverannotations:kubernetes.io/ingress.class:nginxspec:rules:-host:app.example1.com#This is your subdomain / record namehttp:paths:-path:/pathType:Prefixbackend:service:name:echoserverport:number:80
If you want to use a service, you do not need to install an ingress controller. You can install an ingress controller in the cluster and deploy the application with kubectl by using the following command:
kubectlapply-fechoserver_app.yaml
Result: The deployment of ExternalDNS on Managed Kubernetes is complete.
Verify deployment
You can verify that the application deployed is functioning as expected by using one of the following options.
Access application
Check that the echo server app runs on the subdomain you have specified by using the following command:
curl-Iapp.example1.com/?echo_code=404-300
Expected result:
HTTP/1.1404NotFoundHTTP/1.1300MultipleChoices
Check DNS records
Check that the new A and TXT records are created by using the following command: