The ExternalDNS Operator allows you to deploy and manage ExternalDNS, a cluster-internal component which makes Kubernetes resources discoverable through public DNS servers. For more information about the initial motivation, see ExternalDNS Operator OpenShift Enhancement Proposal.
The following procedure describes how to deploy the ExternalDNS Operator for AWS.
Prepare your environment for the installation commands.
- Select the container runtime you want to build the images with (
podmanordocker):export CONTAINER_ENGINE=podman - Select the name settings of the image:
export REGISTRY=quay.io export REPOSITORY=myuser export VERSION=1.0.0
- Login to the image registry:
${CONTAINER_ENGINE} login ${REGISTRY} -u ${REPOSITORY}
-
Build and push the Operator image to a registry:
export IMG=${REGISTRY}/${REPOSITORY}/external-dns-operator:${VERSION} make image-build image-push
-
Prepare the operand namespace:
kubectl create ns external-dns kubectl apply -f config/rbac/extra-roles.yaml
-
Run the following command to deploy the
ExternalDNSOperator:make deploy
-
The previous step deploys the validation webhook, which requires TLS authentication for the webhook server. The manifests deployed through the
make deploycommand do not contain a valid certificate and key. You must provision a valid certificate and key through other tools. You can use a convenience script,hack/generate-certs.shto generate the certificate bundle and patch the validation webhook config.
Important: Do not use the hack/generate-certs.sh script in a production environment.
Run thehack/generate-certs.shscript with the following inputs:hack/generate-certs.sh --service webhook-service --webhook validating-webhook-configuration \ --secret webhook-server-cert --namespace external-dns-operator
-
Now you can deploy an instance of ExternalDNS:
-
Run the following command to create the credentials secret for AWS:
kubectl -n external-dns-operator create secret generic aws-access-key \ --from-literal=aws_access_key_id=${ACCESS_KEY_ID} \ --from-literal=aws_secret_access_key=${ACCESS_SECRET_KEY}Note: See this guide for instructions specific to other providers.
-
Run the following command:
# for AWS kubectl apply -k config/samples/awsNote: For other providers, see
config/samples/.
-
Note: The below procedure works best with podman as container engine
-
Build and push the operator image to the registry:
export IMG=${REGISTRY}/${REPOSITORY}/external-dns-operator:${VERSION} make image-build image-push
-
Build and push the bundle image to the registry:
a. In the
bundle/manifests/external-dns-operator_clusterserviceversion.yamladd the operator image created in Step 1 as follows:sed -i "s|quay.io/openshift/origin-external-dns-operator:latest|${IMG}|g" bundle/manifests/external-dns-operator_clusterserviceversion.yamlb. Build the image
export BUNDLE_IMG=${REGISTRY}/${REPOSITORY}/external-dns-operator-bundle:${VERSION} make bundle-image-build bundle-image-push
-
Build and push the index image to the registry:
export INDEX_IMG=${REGISTRY}/${REPOSITORY}/external-dns-operator-bundle-index:${VERSION} make index-image-build index-image-push
-
Prepare the operand namespace:
oc create ns external-dns oc apply -f config/rbac/extra-roles.yaml
-
You may need to link the registry secret to the pod of
external-dns-operatorcreated in theopenshift-marketplacenamespace if the image is not made public (Doc link). If you are usingpodmanthen these are the instructions:a. Create a secret with authentication details of your image registry:
oc -n openshift-marketplace create secret generic extdns-olm-secret --type=kubernetes.io/dockercfg --from-file=.dockercfg=${XDG_RUNTIME_DIR}/containers/auth.jsonb. Link the secret to
defaultservice account:oc -n openshift-marketplace secrets link default extdns-olm-secret --for=pull
-
Create the
CatalogSourceobject:cat <<EOF | oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: external-dns-operator namespace: openshift-marketplace spec: sourceType: grpc image: ${INDEX_IMG} EOF
-
Create the operator namespace:
oc create namespace external-dns-operator
-
Create the
OperatorGroupobject to scope the operator toexternal-dns-operatornamespace:cat <<EOF | oc apply -f - apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: external-dns-operator namespace: external-dns-operator spec: targetNamespaces: - external-dns-operator EOF
-
Create the
Subscriptionobject:cat <<EOF | oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: external-dns-operator namespace: external-dns-operator spec: channel: alpha name: external-dns-operator source: external-dns-operator sourceNamespace: openshift-marketplace EOF
Note: The steps starting from the 7th can be replaced with the following actions in the web console: Navigate to Operators -> OperatorHub, search for the ExternalDNS Operator, and install it in the external-dns-operator namespace.
-
Deploy the operator as described above
-
Set the necessary environment variables
For AWS:
export KUBECONFIG=/path/to/mycluster/kubeconfig export CLOUD_PROVIDER=AWS export AWS_ACCESS_KEY_ID=my-aws-access-key export AWS_SECRET_ACCESS_KEY=my-aws-access-secret
For the other providers: check out e2e directory.
-
Run the test suite
make test-e2e