ExternalDNS

Version Notice:

ExternalDNS as a CRD feature is introduced in CIS version 2.2.1.

Overview

ExternalDNS is a Kubernetes add-on that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.

ExternalDNS in CRD allows you to control DNS records dynamically via Kubernetes/OSCP resources in a DNS provider-agnostic way.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: "cis.f5.com/v1"
kind: ExternalDNS
metadata:
  name: exdns
  labels:
    f5cr: "true"
spec:
  domainName: example.com
  dnsRecordType: A
  loadBalanceMethod: round-robin
  pools:
  - name: example.site1.com
    dnsRecordType: A
    loadBalanceMethod: round-robin
    dataServerName: /Common/GSLBServer
    monitor:
      type: https
      send: "GET /"
      recv: ""
      interval: 10
      timeout: 10

Example Topologies:

The images below show the use cases and topology for External DNS CRD:

  • Two sites​
  • Each Site will run an Openshift Cluster​
  • Each Site will have 1 pair of BIG-IPs running LTM and DNS​
  • Each Openshift cluster will run a CIS per BIG-IP (traditional deployment): So 2 CIS will be deployed per site.
../../_images/crd-externaldns-topology1.png ../../_images/crd-externaldns-topology2.png

Prerequisites

  • OpenShift/Kubernetes Cluster must be up and running
  • AS3 version 3.18+
  • External DNS objects created in the COMMON partition
  • You must have a fully active/licensed BIG-IP.
  • VXLAN tunnel should be configured from OpenShift/Kubernetes Cluster to BIG-IP.
  • LTM and GTM are mandatory but they do not need to be on the same device.
  • VXLAN tunnel is not mandatory.
  • SDN license is not needed. Only DNS license is required.

Components

CIS Configuration Parameters for BIG-IP GTM

Parameter Type Required Default Description
gtm-bigip-password String Required N/A Password for the GMT BIG-IP user account. You can secure your GTM BIG-IP credentials using a Kubernetes Secret.
gtm-bigip-url String Required N/A URL for the GTM BIG-IP.
gtm-bigip-username String Required N/A Username for the GTM BIG-IP user account.
gtm-credentials-directory String Optional N/A The directory that contains the GTM BIG-IP username, password, and/or URL files. To be used instead of username, password, and/or URL arguments.

Important

If the same BIG-IP is configured for GTM resources, then the following GTM parameters are not necessary in the CIS deployment:

  • gtm-bigip-password
  • gtm-bigip-url
  • gtm-bigip-username)

If the GTM resources are configured by a different BIG-IP, then these GTM parameters are required in the CIS deployment.

ExternalDNS Components

Parameter Type Required Default Description
domainName String Required N/A Domain name of virtual server CRD.
dnsRecordType String Required A DNS record type.
loadBalancerMethod String Required round-robin Load balancing method for DNS traffic.
pools Pool Optional N/A GTM Pools.

Pool Components

Parameter Type Required Default Description
name String Required N/A Name of the GSLB pool.
dnsRecordType String Required N/A DNS record type.
loadBalancerMethod String Required round-robin Load balancing method for DNS traffic.
dataServerName String Optional N/A Name of the GSLB server on BIG-IP. For example: /Common/SiteName
monitor Monitor Optional N/A Monitor for GSLB Pool.

Important

The user needs to mention the same GSLB DataServer Name to dataServerName field, which is created on the BIG-IP common partition.

GSLB Monitor Components

Parameter Type Required Default Description
type String Required N/A http or https
send String Required N/A Send string for monitor. For example: GET /health HTTP/1.1\r\nHOST: example.com\r\n
recv String Optional N/A Receive string. This can be empty.
interval Int Required 5 Seconds between health queries.
timeout Int Optional 16 Seconds before query fails.
  • The credentials-directory option is an alternative to using the bigip-username, bigip-password, or bigip-url arguments.
  • When you use this argument, the controller looks for three files in the specified directory: username, password, and url. If any of these files do not exist, the controller falls back to using the CLI arguments as parameters.
  • Each file should contain only the username, password, and url, respectively. You can create and mount the files as Kubernetes Secrets.
  • It is important to not project the Secret keys to specific paths, as the controller looks for the “username”, “password”, and “url” files directly within the credentials directory.

ExternalDNS with BIG-IP GTM

To set up external DNS using BIG-IP GTM, the user needs to first manually configure the following:

In the BIG-IP user interface, go to DNSGSLBData Center and GSLBServers on BIG-IP common partition.

Note

Wide IP, Pool, Pool member, and Health Monitor will be managed with ExternalDNS CRD.

BIG-IP DNS is expected to be setup with Service discovery Enabled (no delete).

../../_images/crd-externaldns-ui.png

From the below YAML configuration, the user can enable the External DNS feature on BIG-IP.

External DNS Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: "cis.f5.com/v1"
kind: ExternalDNS
metadata:
  name: exdns
  labels:
    f5cr: "true"
spec:
  domainName: example.com
  dnsRecordType: A
  loadBalanceMethod: round-robin
  pools:
  - name: example.site1.com
    dnsRecordType: A
    loadBalanceMethod: round-robin
    dataServerName: /Common/GSLBServer
    monitor:
      type: https
      send: "GET /"
      recv: ""
      interval: 10
      timeout: 10

externaldns.yaml

Below is an example of the VirtualServer CRD that has to be created to resonate with the EDNS configuration.

VS-CRD Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: "cis.f5.com/v1"
kind: ExternalDNS
metadata:
  name: exdns
  labels:
    f5cr: "true"
spec:
  domainName: example.com
  dnsRecordType: A
  loadBalanceMethod: round-robin
  pools:
  - name: example.site1.com
    dnsRecordType: A
    loadBalanceMethod: round-robin
    dataServerName: /Common/GSLBServer
    monitor:
      type: https
      send: "GET /"
      recv: ""
      interval: 10
      timeout: 10
  • The name in GSLB → DataServer Name needs to be the same as dataServerName field in the BIG-IP common partition.
  • The domain name should be the same as mentioned in the virtual server CRD.
  • If the same BIG-IP is configured for GTM resources then the GTM parameters (gtm-bigip-password, gtm-bigip-url, gtm-bigip-username) in CIS deployment are not mandatory.
  • If the GTM resources are configured by a different BIG-IP, then the GTM parameters (gtm-bigip-password,gtm-bigip-url,gtm-bigip-username) in CIS are mandatory.

Note

To provide feedback on Container Ingress Services or this documentation, you can file a GitHub Issue.