Skip to content

Commit

Permalink
Merge pull request #122 from alebedev87/align-with-docs
Browse files Browse the repository at this point in the history 
Align docs with the official OCP ones
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot committed Mar 9, 2022
2 parents 8006042 + 0b63f32 commit 8957198
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 108 deletions.
74 changes: 19 additions & 55 deletions docs/azure-openshift.md
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,20 @@
# Use external dns operator on Openshift in Azure environment
## Note: These instructions are not for Azure private DNS.
# Use ExternalDNS Operator on Openshift in Azure environment
**Note**: These instructions are not for Azure private DNS.

### Steps
## Steps

1. Export your kubeconfig
1. Export your cluster's kubeconfig:
```bash
$ export KUBECONFIG=~/<path to>/kubeconfig
$ export KUBECONFIG=/path/to/your/cluster/kubeconfig
```

2. Check user. The user shall access to kube-system.

2. Make sure your user have the access to `kube-system` namespace:
```bash
$ oc whoami
system:admin
$ oc whoami
system:admin
```

3. Fetch the values from azure-credentials secret present in kube-system
3. Fetch the values from `azure-credentials` secret present in `kube-system` namespace:
```bash
$ CLIENT_ID=$(oc get secrets azure-credentials -n kube-system --template={{.data.azure_client_id}} | base64 -d)
$ CLIENT_SECRET=$(oc get secrets azure-credentials -n kube-system --template={{.data.azure_client_secret}} | base64 -d)
Expand All @@ -24,78 +23,43 @@ $ SUBSCRIPTION_ID=$(oc get secrets azure-credentials -n kube-system --template
$ TENANT_ID=$(oc get secrets azure-credentials -n kube-system --template={{.data.azure_tenant_id}} | base64 -d)
```

4. Login to azure with base64 decoded values you get from above

4. Login to Azure with base64 decoded values you get from above:
```bash
$ az login --service-principal -u "${CLIENT_ID}" -p "${CLIENT_SECRET}" --tenant "${TENANT_ID}"
```

5. Get the routes to check the domain
5. Get the routes to check your cluster's domain (everything after `apps.`):
```bash
oc get routes --all-namespaces | grep console
$ oc get routes --all-namespaces | grep console
openshift-console console console-openshift-console.apps.test-azure.qe.azure.devcluster.openshift.com console https reencrypt/Redirect None
openshift-console downloads downloads-openshift-console.apps.test-azure.qe.azure.devcluster.openshift.com downloads http edge/Redirect None
```

6. Get the dns zone list w.r.t your resource group.
6. Get the list of dns zones w.r.t your resource group to find the one which corresponds to the previously found route’s domain:
```bash
$ az network dns zone list --resource-group "${RESOURCE_GROUP}"
[]
```
Initially you will see nothing. So you will have to create a zone for your resource group.

7. Create a dns zone for you resourcegroup.
7. Create [ExternalDNS CR](https://github.com/openshift/external-dns-operator/blob/main/config/samples/azure/operator_v1alpha1_externaldns_openshift.yaml) as follows:
```bash
$ az network dns zone create -g "${RESOURCE_GROUP}" -n <pick up the zone name from the route eg- the part after apps. eg - test-azure.qe.azure.devcluster.openshift.com>
```

8. Then create [ExternalDNS CR](https://github.com/openshift/external-dns-operator/blob/main/config/samples/azure/operator_v1alpha1_externaldns_openshift.yaml) as follows -
```yaml
$ cat <<EOF | oc create -f -
apiVersion: externaldns.olm.openshift.io/v1alpha1
kind: ExternalDNS
metadata:
name: sample-azure
spec:
domains:
- filterType: Include
matchType: Exact
name: test-azure1.qe.azure.devcluster.openshift.com
zones:
- "/subscriptions/53b4f551-f0fc-4bea-8cba-11111111111/resourceGroups/test-azure1-nxkxm-rg/providers/Microsoft.Network/dnszones/test-azure.qe.azure.devcluster.openshift.com"
provider:
type: Azure
source:
type: OpenShiftRoute
openshiftRouteOptions:
routerName: default
fqdnTemplate:
- "{{.Name}}.apps.test-azure1.qe.azure.devcluster.openshift.com"
type: OpenShiftRoute
zones:
- "/subscriptions/53b4f551-f0fc-4bea-8cba-11111111111/resourceGroups/test-azure1-nxkxm-rg/providers/Microsoft.Network/dnszones/test-azure1.qe.azure.devcluster.openshift.com"
EOF
```

9. Now you shall see records getting created for OCP created routes using the following command -
8. Check the records created for `console` routes:
```bash
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z <zone name you created in step 7 eg - test-azure.qe.azure.devcluster.openshift.com> > record-list-azure.txt
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z test-azure.qe.azure.devcluster.openshift.com | grep console
```

10. You can try to create a route with a sample app.
```bash
$ oc new-app --docker-image=openshift/hello-openshift -l app=hello-openshift
$ oc expose service/hello-openshift -l app=hello-openshift
```

11. `hello-openshift` DNS records shall exist in the zone:
```bash
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z <zone name you created in step 7 eg - test-azure.qe.azure.devcluster.openshift.com> | grep -c "hello-openshift"
```

13. Similarly you can delete the route and app
```bash
$ oc delete all -l app=hello-openshift
```

14. Then again run the command to check that `hello-openshift` records are not there anymore:
```bash
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z <zone name you created in step 7 eg - test-azure.qe.azure.devcluster.openshift.com> | grep -c "hello-openshift"
```
82 changes: 29 additions & 53 deletions docs/gcp-openshift.md
View file
Original file line number Diff line number Diff line change
@@ -1,102 +1,78 @@
# Use ExternalDNS Operator on Openshift in GCP environment

### This document provides information about how to use the `ExternalDNS Operator` in OpenShift Container Platform on GCP.

### Steps
1. Export your cluster's kubeconfig
## Steps
1. Export your cluster's kubeconfig:
```bash
$ export KUBECONFIG=/path/to/your/cluster/kubeconfig
$ export KUBECONFIG=/path/to/your/cluster/kubeconfig
```

2. Check user. The user shall have the access to `kube-system` namespace.

2. Make sure your user have the access to `kube-system` namespace:
```bash
$ oc whoami
system:admin
$ oc whoami
system:admin
```

3. Copy the value of service_account.json in gcp-credentials secret in a file encoded-gcloud.json
3. Extract the value of `service_account.json` field from `gcp-credentials` secret into a file:
```bash
$ oc get secret gcp-credentials -n kube-system --template='{{$v := index .data "service_account.json"}}{{$v}}' | base64 -d - > decoded-gcloud.json
```

4. Export Google credentials
4. Set Google credentials:
```bash
$ export GOOGLE_CREDENTIALS=decoded-gcloud.json
```

5. Activate your account
5. Fetch the values from the credentials file:
```bash
$ CLIENT_EMAIL=$(jq -r .client_email < decoded-gcloud.json)
$ PROJECT_ID=$(jq -r .project_id < decoded-gcloud.json)
```

6. Activate your account:
```bash
$ gcloud auth activate-service-account <client_email as per decoded-gcloud.json> --key-file=decoded-gcloud.json
$ gcloud auth activate-service-account "${CLIENT_EMAIL}" --key-file=decoded-gcloud.json
```

6. Set your project
7. Set your project:
```bash
$ gcloud config set project <project_id as per decoded-gcloud.json>
$ gcloud config set project "${PROJECT_ID}"
```

7. Get the routes to check the domain
8. Get the routes to check your cluster's domain (everything after `apps.`):
```bash
$ oc get routes --all-namespaces | grep console
openshift-console console console-openshift-console.apps.qe.gcp.devcluster.openshift.com console https reencrypt/Redirect None
openshift-console downloads downloads-openshift-console.apps.qe.gcp.devcluster.openshift.com downloads http edge/Redirect None
```

8. Get your zone which was created by the installer
9. Get your cluster's zone:
```bash
$ gcloud dns managed-zones list | grep <dns name eg- As per the route the section after apps. i.e misalunk-azure.qe.azure.devcluster.openshift.com>
$ gcloud dns managed-zones list | grep qe.gcp.devcluster.openshift.com
qe-cvs4g-private-zone qe.gcp.devcluster.openshift.com
```

9. Check the zone doesn't have DNS records other than `NS` and `SOA`
10. Create [ExternalDNS CR](https://github.com/openshift/external-dns-operator/blob/main/config/samples/gcp/operator_v1alpha1_externaldns_openshift.yaml) as follows:
```bash
$ gcloud dns record-sets list --zone=<the zone name you get from step 9>
```

10. Create a [ExternalDNS CR](https://github.com/openshift/external-dns-operator/blob/main/config/samples/gcp/operator_v1alpha1_externaldns_openshift.yaml)
```yaml
$ cat <<EOF | oc create -f -
apiVersion: externaldns.olm.openshift.io/v1alpha1
kind: ExternalDNS
metadata:
name: sample-gcp
spec:
domains:
- filterType: Include
matchType: Exact
name: test-gcp1.qe.gcp.devcluster.openshift.com
- filterType: Include
matchType: Exact
name: qe.gcp.devcluster.openshift.com
provider:
type: GCP
source:
type: OpenShiftRoute
openshiftRouteOptions:
routerName: default
type: OpenShiftRoute
fqdnTemplate:
- "{{.Name}}.apps.test-gcp1.qe.gcp.devcluster.openshift.com"
#You will get this from step 9
zones:
- test-gcp1-q6m5v-private-zone
EOF
```

11. Now you shall see records created for OCP routes using the following command
11. Check the records created for `console` routes:
```bash
$ gcloud dns record-sets list --zone=<zone name you get from step 9>
$ gcloud dns record-sets list --zone= qe-cvs4g-private-zone | grep console
```

12. You can try to create a route with a sample app.
```bash
$ oc new-app --docker-image=openshift/hello-openshift -l app=hello-openshift
$ oc expose service/hello-openshift -l app=hello-openshift
```

13. Check the record for the hello-openshift route
```bash
$ gcloud dns record-sets list --zone=<zone name you get from step 9> | grep hello-openshift
```

14. Similarly you can delete the route and app
```bash
$ oc delete all -l app=hello-openshift
```

15. Then again run the command in step 13 to get the records for hello. They should not exist.

0 comments on commit 8957198

Please sign in to comment.