external-dns is a component that manages DNS records in public DNS providers (like AWS Route53) and creates a DNS records for LoadBalancer services based on the configured annotations on the Service objects. This feature is useful when provisioning clusters with custom domains that should be automatically managed by the cluster itself.
This document explains on how to create a unique domain configuration per each cluster in a single Kommander Workspace.
Applicable versions
- DKP 2.0.x
- DKP 2.1.x
- DKP 2.2.x
Unique DNS domain for each cluster
CLUSTER: management
Create Traefik configuration override in the workspace. Having these overrides allows to deploy per cluster configuration for external-dns application.
These commands should be executed only once per Workspace.
# Workspace name where the clusters are attached. export WORKSPACE_NAMESPACE=acme
cat << EOF | kubectl -n $WORKSPACE_NAMESPACE patch appdeployment traefik --type='merge' --patch-file=/dev/stdin spec: configOverrides: name: traefik-config-overrides EOF export TRAEFIK_UID=$(kubectl -n $WORKSPACE_NAMESPACE get appdeployment traefik -o jsonpath='{.metadata.uid}') cat << EOF | kubectl apply -f - apiVersion: v1 data: values.yaml: '# NOOP' kind: ConfigMap metadata: labels: apps.kommander.mesosphere.io/federated-config-map-name: traefik-overrides name: traefik-config-overrides namespace: ${WORKSPACE_NAMESPACE} ownerReferences: - apiVersion: apps.kommander.d2iq.io/v1alpha2 kind: AppDeployment name: traefik uid: ${TRAEFIK_UID} EOF
Configuring unique domain name per every attached cluster.
export CLUSTER_DOMAIN_NAME="attached.cluster.mydomain.com" export ATTACHED_CLUSTER_NAME="cluster-01" cat << EOF | kubectl -n $WORKSPACE_NAMESPACE patch fcm traefik-overrides --type="merge" --patch-file=/dev/stdin --- spec: overrides: - clusterName: "${ATTACHED_CLUSTER_NAME}" clusterOverrides: - path: "/data" value: values.yaml: | service: annotations: external-dns.alpha.kubernetes.io/hostname: "${CLUSTER_DOMAIN_NAME}" EOF
External DNS (AWS)
CLUSTER: management
Create external-dns AppDeployment in the workspace. This will deploy the external-dns each cluster in the workspace.
export EXTERNAL_DNS_VERSION=6.5.5 cat << EOF | kubectl apply -f - apiVersion: apps.kommander.d2iq.io/v1alpha2 kind: AppDeployment metadata: name: external-dns namespace: ${WORKSPACE_NAMESPACE} spec: appRef: kind: ClusterApp name: external-dns-${EXTERNAL_DNS_VERSION} configOverrides: name: external-dns-config-overrides EOF
Applying this configuration assumes that every attached cluster can assume given AWS IAM role and will manage DNS records in the shared DNS zone.
export EXTERNAL_DNS_AWS_REGION=us-west-2 export EXTERNAL_DNS_AWS_ASSUME_ROLE=arn:aws:iam::999867407951:role/cert-manager-dns01 export EXTERNAL_DNS_DOMAIN_FILTER=cluster.mydomain.com export EXTERNAL_DNS_UID=$(kubectl -n $WORKSPACE_NAMESPACE get appdeployment external-dns -o jsonpath='{.metadata.uid}') cat << EOF | kubectl apply -f - apiVersion: v1 kind: ConfigMap metadata: labels: apps.kommander.mesosphere.io/federated-config-map-name: external-dns-overrides name: external-dns-config-overrides namespace: ${WORKSPACE_NAMESPACE} ownerReferences: - apiVersion: apps.kommander.d2iq.io/v1alpha2 kind: AppDeployment name: external-dns uid: ${EXTERNAL_DNS_UID} data: values.yaml: | aws: region: "${EXTERNAL_DNS_AWS_REGION}" assumeRoleArn: "${EXTERNAL_DNS_AWS_ASSUME_ROLE}" preferCNAME: true policy: upsert-only txtPrefix: local- domainFilters: - "${EXTERNAL_DNS_DOMAIN_FILTER}" EOF
For any issues implementing the change, you may file a ticket to the support team.