You can use ExternalDNS to configure external Domain Name System (DNS) servers for
Ingresses and Services in your Container Service for Kubernetes (ACK) clusters. This
allows you to use public DNS servers to discover Kubernetes resources in your clusters.
ExternalDNS works in a similar manner to kube-dns. ExternalDNS retrieves information
about Services and Ingresses from the Kubernetes API server to create DNS records.
This topic describes how to deploy ExternalDNS in an ACK cluster and provides examples
on how to use ExternalDNS.
Step 1: Grant RAM permissions
Perform the following steps to grant the required Resource Access Management (RAM)
permissions to the RAM role of worker nodes in your cluster:
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
- On the cluster details page, click the Cluster Resources tab. On the Cluster Resources tab, click the hyperlink next to Worker RAM Role.
- On the details page of the worker role, click Add Permissions. In the Add Permissions panel, click Create Policy.
- On the Create Policy page, click the JSON tab and copy the following content to the code editor:
{
"Version": "1",
"Statement": [
{
"Action": "alidns:AddDomainRecord",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "alidns:DeleteDomainRecord",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "alidns:UpdateDomainRecord",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "alidns:DescribeDomainRecords",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "alidns:DescribeDomains",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "pvtz:AddZoneRecord",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "pvtz:DeleteZoneRecord",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "pvtz:UpdateZoneRecord",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "pvtz:DescribeZoneRecords",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "pvtz:DescribeZones",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "pvtz:DescribeZoneInfo",
"Resource": "*",
"Effect": "Allow"
}
]
}
- Click Next Step. Then, enter a name in the Name field and click OK.
- Return to the details page of the worker role and click Add Permissions. In the Add Permissions panel, click Custom Policy. Then, select the custom policy that you created and click OK.
- Click Complete.
Step 2: Deploy ExternalDNS
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, choose .
- On the Marketplace page, click the App Catalog tab. Find and click external-dns.
- On the external-dns page, click Deploy.
- In the Deploy wizard, select a cluster and namespace, and then click Next.
- On the Parameters wizard page, set the
alibabaCloudZoneType field based on your requirements. The default value is public. A value of
public specifies that Alibaba Cloud DNS is used. A value of
private specifies that Alibaba Cloud DNS PrivateZone is used.
Step 3: Use ExternalDNS
Note ExternalDNS' allows you to synchronize with Ingresses and Services of type=LoadBalancer.
Specify a domain name that is added to Alibaba Cloud DNS for a Service
- Log on to the Alibaba Cloud DNS console and select a domain name.
Note Make sure that the domain name that you select is valid and real-name verification
is completed for the domain name.
- Run the following command to create an application and specify the domain name in
the configuration:
kubectl apply -f - << EOF
apiVersion: v1
kind: Service
metadata:
name: nginx
annotations:
external-dns.alpha.kubernetes.io/hostname: nginx.**** # Replace **** with the domain name that you select.
spec:
type: LoadBalancer
ports:
- port: 80
name: http
targetPort: 80
selector:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
EOF
Note The external-dns.alpha.kubernetes.io/hostname field specifies the domain name that you want to use. ExternalDNS automatically creates
a DNS record to map the domain name to an IP address.
After you create the application, a DNS record is automatically added in the
Alibaba Cloud DNS console.
- Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx.****.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Specify a domain name that is added to Alibaba Cloud DNS for an Ingress
- Log on to the Alibaba Cloud DNS console and select a domain name.
Note Make sure that the domain name that you select is valid and real-name verification
is completed for the domain name.
- Run the following command to create an application and specify the domain name in
the configuration:
kubectl apply -f - << EOF
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
type: LoadBalancer
ports:
- port: 80
name: http
targetPort: 80
selector:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
spec:
ingressClassName: nginx
rules:
- host: nginx-ing.**** # Replace **** with the domain name that you select.
http:
paths:
- backend:
service:
name: nginx
port:
number: 80
path: /
pathType: ImplementationSpecific
EOF
Note The host field specifies the domain name that you want to use. ExternalDNS automatically creates
a DNS record to map the domain name to an IP address.
After you create the application, a DNS record is automatically added in the
Alibaba Cloud DNS console.
- Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx-ing.****.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Specify a domain name that is added to Alibaba Cloud DNS PrivateZone for a Service
If you want to use Alibaba Cloud DNS PrivateZone for DNS resolution, you must set
alibabaCloudZoneType to private in 6 and associate a private domain name with a virtual private cloud (VPC). To do this,
perform the following steps:
- Log on to the Alibaba Cloud DNS console.
- On the PrivateZone page, click Add Zone. In the Add PrivateZone dialog box, enter a Zone Name and click OK.
- Find the private zone that you created and click Configure in the Actions column to add a DNS record. After you add a DNS record, you can associate
the private domain name with a VPC.
- Find the private zone that you created and click Bind VPC in the Actions column. In the Bind VPC panel, select the VPC in which your cluster
resides and click Confirm.
- Run the following command to create an application:
kubectl apply -f - << EOF
apiVersion: v1
kind: Service
metadata:
name: nginx
annotations:
external-dns.alpha.kubernetes.io/hostname: nginx.**** # Replace **** with the name of the private zone that you created on the PrivateZone page.
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet" # Internal-facing SLB instance.
spec:
type: LoadBalancer
ports:
- port: 80
name: http
targetPort: 80
selector:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
EOF
Note The external-dns.alpha.kubernetes.io/hostname specifies the domain name that you want to add to Alibaba Cloud DNS PrivateZone.
ExternalDNS automatically creates a DNS record to map the domain name to an IP address.
After you create the application, a DNS record is automatically added in the
Alibaba Cloud DNS console, as shown in the following figure.
- Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx.****
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Specify a domain name that is added to Alibaba Cloud DNS PrivateZone for an Ingress
- Log on to the Alibaba Cloud DNS console.
- On the PrivateZone page, click Add Zone. In the Add PrivateZone dialog box, enter a Zone Name and click OK.
- Find the private zone that you created and click Configure in the Actions column to add a DNS record. After you add a DNS record, you can associate
the private domain name with a VPC.
- Find the private zone that you created and click Bind VPC in the Actions column. In the Bind VPC panel, select the VPC in which your cluster
resides and click Confirm.
- Run the following command to create an application:
kubectl apply -f - << EOF
apiVersion: v1
kind: Service
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet" #Internal-facing SLB instance.
spec:
type: LoadBalancer
ports:
- port: 80
name: http
targetPort: 80
selector:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
spec:
ingressClassName: nginx
rules:
- host: nginx-ing.**** # Replace **** with the name of the private zone that you created on the PrivateZone page.
http:
paths:
- backend:
service:
name: nginx
port:
number: 80
path: /
pathType: ImplementationSpecific
EOF
After you create the application, a DNS record is automatically added in the
Alibaba Cloud DNS console, as shown in the following figure.
- Run the following command to test DNS resolution:
[root@iZbp1hy7cb2g933cmy7w3aZ ~]# curl nginx-ing.****
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
