Commit f6f63c91 authored by Marco Lorini's avatar Marco Lorini
Browse files

2020-10-12 ML: add ExternalDNS section

parent d6d9bdd5
...@@ -193,11 +193,13 @@ $ kubefedctl disable services --kubefed-namespace kube-federation-system ...@@ -193,11 +193,13 @@ $ kubefedctl disable services --kubefed-namespace kube-federation-system
**N.B.**: Do not federate the “kind: pod” resource. In this case, federating a whole namespace will federate pods and deployments at the same time. Deployments will create replicasets which in turn create pods. It will result a duplication of the pods resources. **N.B.**: Do not federate the “kind: pod” resource. In this case, federating a whole namespace will federate pods and deployments at the same time. Deployments will create replicasets which in turn create pods. It will result a duplication of the pods resources.
## Deploy application ## Federate an application
Below the procedure to deploy and federate an application and enable ExternalDNS. Below the procedure to deploy and federate an application and enable ExternalDNS.
### Create namespace (Host Cluster) **N.B.**: all commands must be run on Host Cluster.
### Create namespace
The first step is create a namespace in the host cluster: The first step is create a namespace in the host cluster:
...@@ -244,3 +246,98 @@ $ kubectl --context=<host-cluster-context> create -f resource/federated_namespac ...@@ -244,3 +246,98 @@ $ kubectl --context=<host-cluster-context> create -f resource/federated_namespac
``` ```
**N.B.**: the option `--context` is not necessary but make sure that the right context is selected. **N.B.**: the option `--context` is not necessary but make sure that the right context is selected.
### Create RBAC for ExternalDNS
Now it is possible to deploy ExternalDNS in the federated namespace. Create the RBAC for the ExternalDNS:
```yaml
# rbac_externaldns.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: fed-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: external-dns
namespace: fed-namespace
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
namespace: fed-namespace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: fed-namespace
```
```bash
$ kubectl --context=<host-cluster-context> create -f resource/rbac_externaldns.yaml
```
### Deploy ExternalDNS for PowerDNS
Create the ExternalDNS deployment and configure it for PowerDNS (in the our case):
```yaml
# externaldns.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
namespace: fed-namespace
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
# Only use if you're also using RBAC
serviceAccountName: external-dns
containers:
- name: external-dns
image: registry.opensource.zalan.do/teapot/external-dns:latest
args:
- --source=crd # or service or ingress
- --crd-source-apiversion=multiclusterdns.kubefed.io/v1alpha1
- --crd-source-kind=DNSEndpoint
- --provider=pdns
- --pdns-server=http://<ip>:<port>
- --pdns-api-key=<api-key>
- --registry=txt
- --txt-prefix=cname
- --domain-filter=<domain> # will make ExternalDNS see only the zones matching provided domain; omit to process all available zones in PowerDNS
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
```
```bash
$ kubectl --context=<host-cluster-context> create -f resource/externaldns.yaml
```
# create_externaldns.yaml # externaldns.yaml
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
......
# create_rbac_externaldns.yaml # rbac_externaldns.yaml
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment