ExternalDNS

Overview

ExternalDNS is a Kubernetes add-on that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.

ExternalDNS in CRD allows you to control DNS records dynamically via Kubernetes/OSCP resources in a DNS provider-agnostic way.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: "cis.f5.com/v1"
kind: ExternalDNS
metadata:
  name: exdns
  labels:
    f5cr: "true"
spec:
  domainName: example.com
  dnsRecordType: A
  loadBalanceMethod: round-robin
  pools:
  - name: example.site1.com
    dnsRecordType: A
    loadBalanceMethod: round-robin
    dataServerName: /Common/GSLBServer
    monitor:
      type: https
      send: "GET /"
      recv: ""
      interval: 10
      timeout: 10

Example Topologies:

The images below show the use cases and topology for External DNS CRD:

  • Two sites​
  • Each Site will run an Openshift Cluster​
  • Each Site will have 1 pair of BIG-IPs running LTM and DNS​
  • Each Openshift cluster will run a CIS per BIG-IP (traditional deployment): So 2 CIS will be deployed per site.
../../_images/crd-externaldns-topology1.png ../../_images/crd-externaldns-topology2.png

Prerequisites

  • OpenShift/Kubernetes Cluster must be up and running
  • AS3 version 3.18+
  • External DNS objects created in the COMMON partition
  • You must have a fully active/licensed BIG-IP. SDN must be licensed.
  • VXLAN tunnel should be configured from OpenShift/Kubernetes Cluster to BIG-IP.

Components

Configuration Parameters for GTM BIG-IP system

Parameter Type Required Default Description
gtm-bigip-password String Required N/A Password for the GMT BIG-IP user account. You can secure your GTM BIG-IP credentials using a Kubernetes Secret.
gtm-bigip-url String Required N/A URL for the GTM BIG-IP.
gtm-bigip-username String Required N/A Username for the GTM BIG-IP user account.
gtm-credentials-directory String Optional N/A The directory that contains the GTM BIG-IP username, password, and/or URL files. To be used instead of username, password, and/or URL arguments.

ExternalDNS Components

Parameter Type Required Default Description
domainName String Required N/A Domain name of virtual server CRD.
dnsRecordType String Required A DNS record type.
loadBalancerMethod String Required round-robin Load balancing method for DNS traffic.
pools Pool Optional N/A GTM Pools.

Pool Components

Parameter Type Required Default Description
name String Required N/A Name of the GSLB pool.
dnsRecordType String Required N/A DNS record type.
loadBalancerMethod String Required round-robin Load balancing method for DNS traffic.
dataServerName String Optional N/A Name of the GSLB server on BIG-IP. For example: /Common/SiteName
monitor Monitor Optional N/A Monitor for GSLB Pool.

Important

The user needs to mention the same GSLB DataServer Name to dataServerName field, which is created on the BIG-IP common partition.

GSLB Monitor Components

Parameter Type Required Default Description
type String Required N/A http or https
send String Required N/A Send string for monitor. For example: GET /health HTTP/1.1\r\nHOST: example.com\r\n
recv String Optional N/A Receive string. This can be empty.
interval Int Required 5 Seconds between health queries.
timeout Int Optional 16 Seconds before query fails.
  • The credentials-directory option is an alternative to using the bigip-username, bigip-password, or bigip-url arguments.
  • When you use this argument, the controller looks for three files in the specified directory: username, password, and url. If any of these files do not exist, the controller falls back to using the CLI arguments as parameters.
  • Each file should contain only the username, password, and url, respectively. You can create and mount the files as Kubernetes Secrets.
  • It is important to not project the Secret keys to specific paths, as the controller looks for the “username”, “password”, and “url” files directly within the credentials directory.

ExternalDNS with BIG-IP GTM

To set up external DNS using BIG-IP GTM, the user needs to first manually configure the following:

In the BIG-IP user interface, go to DNSGSLBData Center and GSLBServers on BIG-IP common partition.

Note

Wide IP, Pool, Pool member, and Health Monitor will be managed with ExternalDNS CRD.

From the below YAML configuration, the user can enable the External DNS feature on BIG-IP

External DNS Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: "cis.f5.com/v1"
kind: ExternalDNS
metadata:
  name: exdns
  labels:
    f5cr: "true"
spec:
  domainName: example.com
  dnsRecordType: A
  loadBalanceMethod: round-robin
  pools:
  - name: example.site1.com
    dnsRecordType: A
    loadBalanceMethod: round-robin
    dataServerName: /Common/GSLBServer
    monitor:
      type: https
      send: "GET /"
      recv: ""
      interval: 10
      timeout: 10

externaldns.yaml

  • The name in GSLB → DataServer Name needs to be the same as dataServerName field in the BIG-IP common partition.
  • The domain name should be the same as mentioned in the virtual server CRD.
  • If the same BIG-IP is configured for GTM resources then the GTM parameters (gtm-bigip-password, gtm-bigip-url, gtm-bigip-username) in CIS deployment are not mandatory.
  • If the GTM resources are configured by a different BIG-IP, then the GTM parameters (gtm-bigip-password,gtm-bigip-url,gtm-bigip-username) in CIS are mandatory.