ExternalDNS is the component that bridges your cluster and your DNS provider — in this case, Google Cloud DNS. Rather than managing DNS records by hand, ExternalDNS watches your ingresses and services and configures them automatically.
Create a service account to allow ExternalDNS to interact with Google Cloud DNS:
SERVICE_ACCOUNT_NAME="external-dns"
SERVICE_ACCOUNT_EMAIL="$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com"
# Create service account
gcloud iam service-accounts create external-dns \
--display-name "external-dns"
# Grant DNS admin permissions
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member "serviceAccount:external-dns@$PROJECT_ID.iam.gserviceaccount.com" \
--role "roles/dns.admin"
gcloud iam service-accounts add-iam-policy-binding \
external-dns@$PROJECT_ID.iam.gserviceaccount.com \
--role "roles/iam.workloadIdentityUser" \
--member "serviceAccount:$PROJECT_ID.svc.id.goog[external-dns/external-dns]"Deploy ExternalDNS
With the service account in place, deploy ExternalDNS using Helm:
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
helm repo update
helm upgrade external-dns external-dns/external-dns \
--install \
--create-namespace \
--namespace external-dns \
--set provider.name=google \
--set google.project=$PROJECT_ID \
--set serviceAccount.annotations."iam\.gke\.io/gcp-service-account"=external-dns@${PROJECT_ID}.iam.gserviceaccount.com \
--set "sources[0]=service" \
--set "sources[1]=ingress" \
--set policy=sync \
--waitThe setup allows us to test ExternalDNS with a service :
apiVersion: v1
kind: Service
metadata:
name: example-service
namespace: example
annotations:
external-dns.alpha.kubernetes.io/hostname: example.mydomain.com
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: example-appReferences
Continue to Part III — Ingress NGINX.
Keywords : Kubernetes, Google Kubernetes Engine, GKE, DNS, ExternalDNS