Deploy ExternalDNS¶
In this section you will configure and deploy ExternalDNS using an IAM role to provide it with permissions to manage DNS records on Route 53.
Fast Forward
If you have already deployed ExternalDNS, expand this box to fast-forward.
- Proceed to the Verify section.
See also
Choose one of the following options to deploy ExternalDNS:
Air Gapped
ExternalDNS will not be able to access Amazon Route 53 because there is no VPC endpoint. You may proceed to the What's Next section.
Overview
What You'll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
- An existing Amazon Route 53 hosted zone.
- An existing IAM role for ExternalDNS.
Option 1: Deploy ExternalDNS Automatically (preferred)¶
Deploy ExternalDNS by following the on-screen instructions on the rok-deploy
user interface.
If rok-deploy
is not already running, start it with:
root@rok-tools:~# rok-deploy --run-from eks-alb-edns
Proceed to the Summary section.
Option 2: Deploy ExternalDNS Manually¶
If you want to deploy ExternalDns manually, follow the instructions below.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deployments
Restore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.{eks-alb-zone,eks-alb-iam-edns})
root@rok-tools:~/ops/deployments# export EKS_ALB_ZONE_DOMAIN EKS_ALB_IAM_EDNS_ROLE
Verify that the IAM role exists, obtain its ARN and copy it to your clipboard, as you are going to use this value in later steps:
root@rok-tools:~/ops/deployments# aws iam get-role \ > --role-name ${EKS_ALB_IAM_EDNS_ROLE?} \ > --query Role.Arn \ > --output text arn:aws:iam::123456789012:role/rok-us-west-2-arrikto-cluster-edns
Edit
rok/external-dns/overlays/deploy/kustomization.yaml
and useeks
as base:bases: - ../eks #- ../gke
Edit
rok/external-dns/overlays/deploy/kustomization.yaml
and enable only thesa
anddeploy
patches:patches: - path: patches/sa.yaml #- path: patches/sa-gcp.yaml - target: kind: Deployment name: external-dns path: patches/deploy.yaml #- target: # kind: Deployment # name: external-dns # path: patches/deploy-gcp.yaml
Edit
rok/external-dns/overlays/deploy/patches/deploy.yaml
and set--domain-filter
to your domain:- --domain-filter=apps.example.com # <-- Update this line with your EKS_ALB_ZONE_DOMAIN
Edit
rok/external-dns/overlays/deploy/patches/sa.yaml
and set the IAM role related annotation to the ARN of your IAM role for ExternalDNS:annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/rok-us-west-2-arrikto-cluster-edns # <-- Update this line with your IAM role ARN
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Deploy ExternalDNS"
Deploy ExternalDNS:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/external-dns/overlays/deploy