2020-10-12 ML: add ExternalDNS section

README.md

@@ -193,11 +193,13 @@ $ kubefedctl disable services --kubefed-namespace kube-federation-system
 **N.B.**: Do not federate the “kind: pod” resource. In this case, federating a whole namespace will federate pods and deployments at the same time. Deployments will create replicasets which in turn create pods. It will result a duplication of the pods resources.
 
 
-## Deploy application
+## Federate an application
 
 Below the procedure to deploy and federate an application and enable ExternalDNS.
 
-### Create namespace (Host Cluster)
+**N.B.**: all commands must be run on Host Cluster. 
+
+### Create namespace
 
 The first step is create a namespace in the host cluster:
 
@@ -244,3 +246,98 @@ $ kubectl --context=<host-cluster-context> create -f resource/federated_namespac
 ```
 
 **N.B.**: the option `--context` is not necessary but make sure that the right context is selected.
+
+### Create RBAC for ExternalDNS
+
+Now it is possible to deploy ExternalDNS in the federated namespace. Create the RBAC for the ExternalDNS:
+
+```yaml
+# rbac_externaldns.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: fed-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: external-dns
+  namespace: fed-namespace
+rules:
+- apiGroups: [""]
+  resources: ["services","endpoints","pods"]
+  verbs: ["get","watch","list"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses"]
+  verbs: ["get","watch","list"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get","watch","list"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+  namespace: fed-namespace
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: fed-namespace
+```
+
+```bash
+$ kubectl --context=<host-cluster-context> create -f resource/rbac_externaldns.yaml
+```
+
+### Deploy ExternalDNS for PowerDNS
+
+Create the ExternalDNS deployment and configure it for PowerDNS (in the our case):
+
+```yaml
+# externaldns.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: fed-namespace
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      # Only use if you're also using RBAC
+      serviceAccountName: external-dns
+      containers:
+      - name: external-dns
+        image: registry.opensource.zalan.do/teapot/external-dns:latest
+        args:
+        - --source=crd # or service or ingress
+        - --crd-source-apiversion=multiclusterdns.kubefed.io/v1alpha1
+        - --crd-source-kind=DNSEndpoint
+        - --provider=pdns
+        - --pdns-server=http://<ip>:<port>
+        - --pdns-api-key=<api-key>
+        - --registry=txt
+        - --txt-prefix=cname
+        - --domain-filter=<domain> # will make ExternalDNS see only the zones matching provided domain; omit to process all available zones in PowerDNS 
+        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
+
+```
+
+```bash
+$ kubectl --context=<host-cluster-context> create -f resource/externaldns.yaml
+```

externalDNS/externaldns.yaml

-# create_externaldns.yaml
+# externaldns.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:

externalDNS/rbac_externaldns.yaml

-# create_rbac_externaldns.yaml
+# rbac_externaldns.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata: