PART — 1 Setup External DNS with EKS along With Route 53

External DNS Work : external DNS is a pod running in your EKS cluster which watched over all your ingress. When it detects an ingress with a host, it automatically pick up the hostname as well as the endpoint and creates a record for that resource in Route53. External DNS will reflect the change immediately in Route53. With External DNS we can automatically add it for a Kubernetes Ingress Service or Kubernetes Service by defining it as Annotation. Eternal-dns retrieves a list of resources services,ingress,etc from the Kuberentes API server to determine a desired list of DNS records that need to be created update deleted from AWS Route53.

Step 1 : Register the Domain in Route53 aws service.

Step 2 : we need to create IAM policy,K8s Service Account and IAM Role and associate them together for external-dns pod to add or remove entries in AWS Rote53 Hosted Zones.

→ Create IAM Policy :

→ Go to Service à IAM à Policy à Create Policy

→ Click on JSON Tab and copy the below JSON

→ Click on Create Policy

And Copy the ARN to update in K8s Service Account.

Step 3 : K8s Service Account and Associate IAM Policy

Step 4 : Verify the Service Account.

Kubectl get sa external-dns

eksctl get iamerviceaccount –cluster cluster-name

Step 5 : Deploy External-DNS on k8S eks.

→ Create YAML file to deploy External-DNS.

→ Vi external-dns.yml # in that file past the below Code.

apiVersion: v1

kind: ServiceAccount

metadata:

name: external-dns

annotations:

eks.amazonaws.com/role-arn: #Past the Policy-ARN

— -

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

name: external-dns

rules:

- apiGroups: [“”]

resources: [“services”,”endpoints”,”pods”]

verbs: [“get”,”watch”,”list”]

- apiGroups: [“extensions”,”networking.k8s.io”]

resources: [“ingresses”]

verbs: [“get”,”watch”,”list”]

- apiGroups: [“”]

resources: [“nodes”]

verbs: [“list”,”watch”]

— -

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

name: external-dns-viewer

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: external-dns

subjects:

- kind: ServiceAccount

name: external-dns

namespace: default

— -

apiVersion: apps/v1

kind: Deployment

metadata:

name: external-dns

spec:

strategy:

type: Recreate

selector:

matchLabels:

app: external-dns

template:

metadata:

labels:

app: external-dns

spec:

serviceAccountName: external-dns

containers:

- name: external-dns

image: k8s.gcr.io/external-dns/external-dns:v0.11.1 # Docker image for external DNS we can able to get the image from kuberenetes Document website

args:

- — source=service

- — source=ingress

- — provider=aws # it a service provider details we can chage different provider for that we need to give API

- — aws-zone-type=public

- — registry=txt

- — txt-owner-id=my-hostedzone-identifier

securityContext:

fsGroup: 65534

Step 6: Verfiy the External-DNS.

Kubectl get all # List ALL resources drom default namespace

Kubectl get pods # list Pods

Kubectl logs –f $(kubectl get pod | egrep –o ‘external-dns[A-Za-z0–9-]+’) # verficy Deployment by checking logs