PART — 1 Setup External DNS with EKS along With Route 53
External DNS Work : external DNS is a pod running in your EKS cluster which watched over all your ingress. When it detects an ingress with a host, it automatically pick up the hostname as well as the endpoint and creates a record for that resource in Route53. External DNS will reflect the change immediately in Route53. With External DNS we can automatically add it for a Kubernetes Ingress Service or Kubernetes Service by defining it as Annotation. Eternal-dns retrieves a list of resources services,ingress,etc from the Kuberentes API server to determine a desired list of DNS records that need to be created update deleted from AWS Route53.
Step 1 : Register the Domain in Route53 aws service.
Step 2 : we need to create IAM policy,K8s Service Account and IAM Role and associate them together for external-dns pod to add or remove entries in AWS Rote53 Hosted Zones.
→ Create IAM Policy :
→ Go to Service à IAM à Policy à Create Policy
→ Click on JSON Tab and copy the below JSON
→ Click on Create Policy
And Copy the ARN to update in K8s Service Account.
Step 3 : K8s Service Account and Associate IAM Policy
Step 4 : Verify the Service Account.
Kubectl get sa external-dns
eksctl get iamerviceaccount –cluster cluster-name
Step 5 : Deploy External-DNS on k8S eks.
→ Create YAML file to deploy External-DNS.
→ Vi external-dns.yml # in that file past the below Code.
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
annotations:
eks.amazonaws.com/role-arn: #Past the Policy-ARN
— -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [“”]
resources: [“services”,”endpoints”,”pods”]
verbs: [“get”,”watch”,”list”]
- apiGroups: [“extensions”,”networking.k8s.io”]
resources: [“ingresses”]
verbs: [“get”,”watch”,”list”]
- apiGroups: [“”]
resources: [“nodes”]
verbs: [“list”,”watch”]
— -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: default
— -
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.11.1 # Docker image for external DNS we can able to get the image from kuberenetes Document website
args:
- — source=service
- — source=ingress
- — provider=aws # it a service provider details we can chage different provider for that we need to give API
- — aws-zone-type=public
- — registry=txt
- — txt-owner-id=my-hostedzone-identifier
securityContext:
fsGroup: 65534
Step 6: Verfiy the External-DNS.
Kubectl get all # List ALL resources drom default namespace
Kubectl get pods # list Pods
Kubectl logs –f $(kubectl get pod | egrep –o ‘external-dns[A-Za-z0–9-]+’) # verficy Deployment by checking logs