ExternalDNS is used to configure external DNS servers for Ingresses and Services in your Container Service for Kubernetes (ACK) clusters. You can use ExternalDNS to discover Kubernetes resources in your clusters by using public DNS servers. ExternalDNS retrieves information about resources such as Services and Ingresses from the Kubernetes API server to create DNS records. This topic describes how to deploy ExternalDNS in an ACK cluster and provides examples on how to use ExternalDNS.
Step 1: Grant RAM permissions
Perform the following steps to grant the required Resource Access Management (RAM) permissions to the worker role of your cluster:
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, click Cluster Information.
On the Cluster Information page, click the Basic Information tab. Then, in the Cluster Resources section, click the hyperlink on the right side of Worker RAM Role.
In the left-side navigation pane, click Policies. On the Policies page, click Create Policy.
On the Create Policy page, click the JSON tab and copy the following policy content to the code editor.
{ "Version": "1", "Statement": [ { "Action": "alidns:AddDomainRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:DeleteDomainRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:UpdateDomainRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:DescribeDomainRecords", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:DescribeDomains", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:AddZoneRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DeleteZoneRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:UpdateZoneRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DescribeZoneRecords", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DescribeZones", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DescribeZoneInfo", "Resource": "*", "Effect": "Allow" } ] }Click Next to edit policy information. Enter a name in the Name field and click OK.
Return to the role details page in Step 3 and click Grant Permission. In the Grant Permission panel, click Custom Policy from the All Types drop-down list. Then, select the RAM policy you created and click OK.
Click Close.
Step 2: Deploy ExternalDNS
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose .
On the Helm page, click Deploy. In the Basic Information step, configure the parameters based on the following table.
Parameter
Example
Application Name
external-dns
Namespace
kube-system
Source
Default value: Marketplace.
Chart
Use Scenarios: Select All.
Supported Architecture: Select amd64.
Search box: Search for external-dns.
Click the external-dns card and click Next.
In the Parameters step, configure the Chart Version parameter and specify the
alibabaCloudZoneTypeparameter based on your business requirements. Default value:public. Click OK.A value of
publicindicates that Alibaba Cloud DNS is used. A value ofprivateindicates that Alibaba Cloud DNS PrivateZone is used.
Step 3: Use ExternalDNS
You can use ExternalDNS only with LoadBalancer Services and Ingresses.
Specify a domain name that is added to Alibaba Cloud DNS for a Service
Log on to the Alibaba Cloud DNS console and select a domain name.
NoteMake sure that the domain name that you select is valid and has passed real-name verification.
Run the following command to create a test application and specify the domain name in the configuration:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx annotations: external-dns.alpha.kubernetes.io/hostname: nginx.**** # Replace **** with the domain name that you select. spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx EOFNoteThe
external-dns.alpha.kubernetes.io/hostnamefield specifies the domain name that you want to use. ExternalDNS automatically creates a DNS record to map the domain name to an IP address.After you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console. The following figure shows an example.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx.****.com <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Specify a domain name that is added to Alibaba Cloud DNS for an Ingress
Log on to the Alibaba Cloud DNS console and select a domain name.
NoteMake sure that the domain name that you select is valid and has passed real-name verification.
Run the following command to create a test application and specify the domain name in the configuration:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx spec: ingressClassName: nginx rules: - host: nginx-ing.**** # Replace **** with the domain name that you select. http: paths: - backend: service: name: nginx port: number: 80 path: / pathType: ImplementationSpecific EOFNoteThe
hostfield specifies the domain name that you want to use. ExternalDNS automatically creates a DNS record to map the domain name to an IP address.After you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console. The following figure shows an example.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx-ing.****.com <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Specify a domain name that is added to Alibaba Cloud DNS PrivateZone for a Service
If you want to use Alibaba Cloud DNS PrivateZone for DNS resolution, you must set the alibabaCloudZoneType parameter to private in 4 when you deploy ExternalDNS and perform the following steps to associate a private domain name with a virtual private cloud (VPC):
Log on to the Alibaba Cloud DNS console.
In the left-side navigation pane, click Private DNS (PrivateZone). On the Private DNS (PrivateZone) page, click Add New Zone. In the Add Built-in Authoritative Zone panel, enter a private authoritative zone name and click OK.
Find the zone you added and click Resource Records Settings in the Actions column. On the Resource Records Settings tab, add a record to associate the private domain name with a VPC.
For more information about the record types that are supported by Alibaba Cloud DNS PrivateZone and how to use the records, see Record types supported by Alibaba Cloud DNS PrivateZone.
After you add the record, click Effective Scope Settings in the Actions column. On the page that appears, select the VPC in which your cluster is deployed from the Alibaba Cloud VPC drop-down list and click OK.
Run the following command to create a test application:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx annotations: external-dns.alpha.kubernetes.io/hostname: nginx.**** # Replace **** with the zone name you specified on the Private DNS (PrivateZone) page. service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet" # The Server Load Balancer (SLB) instance used by the Service is internal-facing. spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx EOFNoteexternal-dns.alpha.kubernetes.io/hostnamespecifies the domain name that you want to add to Alibaba Cloud DNS PrivateZone. ExternalDNS automatically creates a DNS record to map the domain name to an IP address.After you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console. The following figure shows an example.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx.**** <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Specify a domain name that is added to Alibaba Cloud DNS PrivateZone for an Ingress
Log on to the Alibaba Cloud DNS console.
In the left-side navigation pane, click Private DNS (PrivateZone). On the Private DNS (PrivateZone) page, click Add New Zone. In the Add Built-in Authoritative Zone panel, enter a private authoritative zone name and click OK.
Find the zone you added and click Resource Records Settings in the Actions column. On the Resource Records Settings tab, add a record to associate the private domain name with a VPC.
For more information about the record types that are supported by Alibaba Cloud DNS PrivateZone and how to use the records, see Record types supported by Alibaba Cloud DNS PrivateZone.
After you add the record, click Effective Scope Settings in the Actions column. On the page that appears, select the VPC in which your cluster is deployed from the Alibaba Cloud VPC drop-down list and click OK.
Run the following command to create a test application:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet" # The internal-facing SLB instance. spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx spec: ingressClassName: nginx rules: - host: nginx-ing.**** # Replace **** with the zone name you specified on the Private DNS (PrivateZone) page. http: paths: - backend: service: name: nginx port: number: 80 path: / pathType: ImplementationSpecific EOFAfter you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console. The following figure shows an example.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx-ing.**** <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>