You can use ExternalDNS to configure external DNS servers for Ingresses and Services in your Container Service for Kubernetes (ACK) clusters. This allows you to use public DNS servers to discover Kubernetes resources in your clusters. ExternalDNS works in a similar manner to kube-dns. ExternalDNS retrieves information about Services and Ingresses from the Kubernetes API server to create DNS records. This topic describes how to deploy ExternalDNS in an ACK cluster and provides examples on how to use ExternalDNS.
Step 1: Grant RAM permissions
Perform the following steps to grant the required Resource Access Management (RAM) permissions to the RAM role of worker nodes in your cluster:
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the name of the cluster that you want to manage and click Cluster Information in the left-side navigation pane.
On the cluster details page, click the Cluster Resources tab. On the Cluster Resources tab, click the hyperlink next to Worker RAM Role.
Click Grant Permission. In the Grant Permission panel, click Create Policy.
On the Create Policy page, click the JSON tab and enter the following policy content in the code editor.
{ "Version": "1", "Statement": [ { "Action": "alidns:AddDomainRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:DeleteDomainRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:UpdateDomainRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:DescribeDomainRecords", "Resource": "*", "Effect": "Allow" }, { "Action": "alidns:DescribeDomains", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:AddZoneRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DeleteZoneRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:UpdateZoneRecord", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DescribeZoneRecords", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DescribeZones", "Resource": "*", "Effect": "Allow" }, { "Action": "pvtz:DescribeZoneInfo", "Resource": "*", "Effect": "Allow" } ] }Click Next to edit policy information. Enter a name in the Name field, and click OK.
Return to the details page of the worker role in Substep 4, click Grant Permission and then click Custom Policy. Select the policy that you created and then click OK.
Click Complete.
Step 2: Deploy ExternalDNS
Log on to the ACK console.
In the left-side navigation pane of the ACK console, choose .
On the Marketplace page, click the App Catalog tab. Find and click external-dns.
On the external-dns page, click Deploy.
On the Basic Information wizard page, select a cluster and a namespace, and then click Next.
On the Parameters wizard page, set the
alibabaCloudZoneTypefield based on your requirements. The default value ispublic.A value of
publicspecifies that Alibaba Cloud DNS is used. A value ofprivatespecifies that Alibaba Cloud DNS PrivateZone is used.
Step 3: Use ExternalDNS
You can use ExternalDNS only with LoadBalancer Services and Ingresses.
Specify a domain name that is added to Alibaba Cloud DNS for a Service
Log on to the Alibaba Cloud DNS console and select a domain name.
NoteMake sure that the domain name that you select is valid and real-name verification is completed for the domain name.
Run the following command to create an application and specify the domain name in the configuration:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx annotations: external-dns.alpha.kubernetes.io/hostname: nginx.**** # Replace **** with the domain name that you select. spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx EOFNoteThe
external-dns.alpha.kubernetes.io/hostnamefield specifies the domain name that you want to use. ExternalDNS automatically creates a DNS record to map the domain name to an IP address.After you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console, as shown in the following figure.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx.****.com <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Specify a domain name that is added to Alibaba Cloud DNS for an Ingress
Log on to the Alibaba Cloud DNS console and select a domain name.
NoteMake sure that the domain name that you select is valid and real-name verification is completed for the domain name.
Run the following command to create an application and specify the domain name in the configuration:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx spec: ingressClassName: nginx rules: - host: nginx-ing.**** # Replace **** with the domain name that you select. http: paths: - backend: service: name: nginx port: number: 80 path: / pathType: ImplementationSpecific EOFNoteThe
hostfield specifies the domain name that you want to use. ExternalDNS automatically creates a DNS record to map the domain name to an IP address.After you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console, as shown in the following figure.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx-ing.****.com <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Specify a domain name that is added to Alibaba Cloud DNS PrivateZone for a Service
If you want to use Alibaba Cloud DNS PrivateZone for DNS resolution, you must set alibabaCloudZoneType to private in Substep 6 when you deployed ExternalDNS and associate a private domain name with a virtual private cloud (VPC). To do this, perform the following steps:
Log on to the Alibaba Cloud DNS console.
On the PrivateZone page, click Add Zone. In the dialog box that appears, enter a zone name and click OK.
Find the private zone that you created and click DNS Settings in the Actions column to add a DNS record. After you add a DNS record, you can associate the private domain name with a VPC.
For more information about the record types that are supported by Alibaba Cloud DNS PrivateZone and how to use the records, see Record Type List.
Find the private zone that you created and click Associate VPC in the Actions column. In the Associate VPC panel, select the VPC in which your cluster resides and click OK.
Run the following command to create an application:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx annotations: external-dns.alpha.kubernetes.io/hostname: nginx.**** # Replace **** with the name of the private zone that you created on the PrivateZone page. service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet" # The internal-facing Server Load Balancer (SLB) instance. spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx EOFNoteexternal-dns.alpha.kubernetes.io/hostnamespecifies the domain name that you want to add to Alibaba Cloud DNS PrivateZone. ExternalDNS automatically creates a DNS record to map the domain name to an IP address.After you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console, as shown in the following figure.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx.**** <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Specify a domain name that is added to Alibaba Cloud DNS PrivateZone for an Ingress
Log on to the Alibaba Cloud DNS console.
On the PrivateZone page, click Add Zone. In the dialog box that appears, enter a zone name and click OK.
Find the private zone that you created and click DNS Settings in the Actions column to add a DNS record. After you add a DNS record, you can associate the private domain name with a VPC.
For more information about the record types that are supported by Alibaba Cloud DNS PrivateZone and how to use the records, see Record Type List.
Find the private zone that you created and click Associate VPC in the Actions column. In the Associate VPC panel, select the VPC in which your cluster resides and click OK.
Run the following command to create an application:
kubectl apply -f - << EOF apiVersion: v1 kind: Service metadata: name: nginx annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet" # The internal-facing SLB instance. spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx spec: ingressClassName: nginx rules: - host: nginx-ing.**** # Replace **** with the name of the private zone that you created on the PrivateZone page. http: paths: - backend: service: name: nginx port: number: 80 path: / pathType: ImplementationSpecific EOFAfter you create the application, a DNS record is automatically added in the Alibaba Cloud DNS console, as shown in the following figure.
Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx-ing.**** <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>