ExternalDNS¶
Overview¶
ExternalDNS is a Kubernetes add-on that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.
ExternalDNS in CRD allows you to control DNS records dynamically via Kubernetes/OSCP resources in a DNS provider-agnostic way.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | apiVersion: "cis.f5.com/v1"
kind: ExternalDNS
metadata:
name: exdns
labels:
f5cr: "true"
spec:
domainName: example.com
dnsRecordType: A
loadBalanceMethod: round-robin
pools:
- name: example.site1.com
dnsRecordType: A
loadBalanceMethod: round-robin
dataServerName: /Common/GSLBServer
monitor:
type: https
send: "GET /"
recv: ""
interval: 10
timeout: 10
|
Example Topologies:¶
The images below show the use cases and topology for External DNS CRD:
- Two sites
- Each Site will run an Openshift Cluster
- Each Site will have 1 pair of BIG-IPs running LTM and DNS
- Each Openshift cluster will run a CIS per BIG-IP (traditional deployment): So 2 CIS will be deployed per site.
Prerequisites¶
- OpenShift/Kubernetes Cluster must be up and running
- AS3 version 3.18+
- External DNS objects created in the COMMON partition
- You must have a fully active/licensed BIG-IP. SDN must be licensed.
- VXLAN tunnel should be configured from OpenShift/Kubernetes Cluster to BIG-IP.
Components¶
Configuration Parameters for GTM BIG-IP system¶
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| gtm-bigip-password | String | Required | N/A | Password for the GMT BIG-IP user account. You can secure your GTM BIG-IP credentials using a Kubernetes Secret. |
| gtm-bigip-url | String | Required | N/A | URL for the GTM BIG-IP. |
| gtm-bigip-username | String | Required | N/A | Username for the GTM BIG-IP user account. |
| gtm-credentials-directory | String | Optional | N/A | The directory that contains the GTM BIG-IP username, password, and/or URL files. To be used instead of username, password, and/or URL arguments. |
ExternalDNS Components¶
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| domainName | String | Required | N/A | Domain name of virtual server CRD. |
| dnsRecordType | String | Required | A | DNS record type. |
| loadBalancerMethod | String | Required | round-robin | Load balancing method for DNS traffic. |
| pools | Pool | Optional | N/A | GTM Pools. |
Pool Components¶
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| name | String | Required | N/A | Name of the GSLB pool. |
| dnsRecordType | String | Required | N/A | DNS record type. |
| loadBalancerMethod | String | Required | round-robin | Load balancing method for DNS traffic. |
| dataServerName | String | Optional | N/A | Name of the GSLB server on BIG-IP. For example: /Common/SiteName |
| monitor | Monitor | Optional | N/A | Monitor for GSLB Pool. |
Important
The user needs to mention the same GSLB DataServer Name to dataServerName field, which is created on the BIG-IP common partition.
GSLB Monitor Components¶
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| type | String | Required | N/A | http or https |
| send | String | Required | N/A | Send string for monitor. For example: GET /health HTTP/1.1\r\nHOST: example.com\r\n |
| recv | String | Optional | N/A | Receive string. This can be empty. |
| interval | Int | Required | 5 | Seconds between health queries. |
| timeout | Int | Optional | 16 | Seconds before query fails. |
- The credentials-directory option is an alternative to using the bigip-username, bigip-password, or bigip-url arguments.
- When you use this argument, the controller looks for three files in the specified directory:
username,password, andurl. If any of these files do not exist, the controller falls back to using the CLI arguments as parameters. - Each file should contain only the username, password, and url, respectively. You can create and mount the files as Kubernetes Secrets.
- It is important to not project the Secret keys to specific paths, as the controller looks for the “username”, “password”, and “url” files directly within the credentials directory.
ExternalDNS with BIG-IP GTM¶
To set up external DNS using BIG-IP GTM, the user needs to first manually configure the following:
In the BIG-IP user interface, go to DNS → GSLB → Data Center and GSLB → Servers on BIG-IP common partition.
Note
Wide IP, Pool, Pool member, and Health Monitor will be managed with ExternalDNS CRD.
From the below YAML configuration, the user can enable the External DNS feature on BIG-IP
External DNS Example¶
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | apiVersion: "cis.f5.com/v1"
kind: ExternalDNS
metadata:
name: exdns
labels:
f5cr: "true"
spec:
domainName: example.com
dnsRecordType: A
loadBalanceMethod: round-robin
pools:
- name: example.site1.com
dnsRecordType: A
loadBalanceMethod: round-robin
dataServerName: /Common/GSLBServer
monitor:
type: https
send: "GET /"
recv: ""
interval: 10
timeout: 10
|
- The name in GSLB → DataServer Name needs to be the same as dataServerName field in the BIG-IP common partition.
- The domain name should be the same as mentioned in the virtual server CRD.
- If the same BIG-IP is configured for GTM resources then the GTM parameters (gtm-bigip-password, gtm-bigip-url, gtm-bigip-username) in CIS deployment are not mandatory.
- If the GTM resources are configured by a different BIG-IP, then the GTM parameters (gtm-bigip-password,gtm-bigip-url,gtm-bigip-username) in CIS are mandatory.
Note
To provide feedback on Container Ingress Services or this documentation, you can file a GitHub Issue.