Install ExternalDNS in Workload Clusters Deployed by a Supervisor

This topic explains how to deploy ExternalDNS to Tanzu Kubernetes Grid (TKG) workload clusters deployed to vSphere by a vSphere with Tanzu Supervisor.

External DNS allows for DNS records to be created automatically for Kubernetes services with an ingress component such as Contour with Envoy. The ExternalDNS package is validated with the following DNS providers: AWS (Route 53), Azure DNS, and RFC2136-compliant DNS servers (such as BIND).

You can install External DNS on a workload cluster in two ways:

• Using the Tanzu CLI
• Using kubectl

Note

As of v2.5, TKG does not support clusters on AWS or Azure. See the End of Support for TKG Management and Workload Clusters on AWS and Azure in the Tanzu Kubernetes Grid v2.5 Release Notes.

Install ExternalDNS Using the Tanzu CLI

Prerequisites

Adhere to the following prerequisites.

• Prepare to Install Tanzu Packages.
• Install Cert Manager Using the Tanzu CLI.
• Install Contour Using the Tanzu CLI.

Reference

Refer to the following topic as needed.

• ExternalDNS Components, Configuration, Data Values.

Install ExternalDNS

Complete these steps to install the ExternalDNS package on a TKG cluster.

1. Create the namespace for ExternalDNS.

   kubectl create ns tanzu-system-service-discovery
   

2. Use Kubectl to list the packages and their versions available in the repository.

   kubectl -n tkg-system get packages
   

   The latest available package in the repository is 0.11.0+vmware.1-tkg.2. This is the version to install.

3. If necessary, create a configmap that defines the DNS server the ExternalDNS package will interface with.

   See ExternalDNS Components, Configuration, Data Values for an example.

4. Create a data values specification for the ExternalDNS package for your chosen DNS provider.

   See External DNS Configuration Parameters for a full list of available parameters.

5. Install the ExternalDNS package using the Tanzu CLI.

   tanzu package install external-dns -p external-dns.tanzu.vmware.com -n tanzu-system-service-discovery -v 0.11.0+vmware.1-tkg.2 --values-file external-dns-data-values.yaml
   

6. Verify that the package is installed using the Tanzu CLI.

   tanzu package installed list -n tanzu-system-service-discovery
   
   NAME          PACKAGE-NAME                   PACKAGE-VERSION        STATUS
   external-dns  external-dns.tanzu.vmware.com  0.11.0+vmware.1-tkg.2  Reconcile succeeded
   

   kubectl -n tanzu-system-service-discovery get all
   NAME                               READY   STATUS    RESTARTS   AGE
   pod/external-dns-77d947745-tcjz9   1/1     Running   0          63s
   
   NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
   deployment.apps/external-dns   1/1     1            1           63s
   
   NAME                                     DESIRED   CURRENT   READY   AGE
   replicaset.apps/external-dns-77d947745   1         1         1       63s
   

Install ExternalDNS Using Kubectl

Install the ExternalDNS package to synchronize exposed Kubernetes services and ingresses with DNS providers. The ExternalDNS package is validated for AWS (Route 53), Azure DNS, and RFC2136 (BIND).

Prerequisites

Adhere to the following prerequisites to install the ExternalDNS package.

• Prepare to Install Tanzu Packages
• Install Cert Manager Using Kubectl
• Install Contour Using Kubectl

Reference

Refer to the following topic as needed.

• ExternalDNS Components, Configuration, Data Values.

Install ExternalDNS

Complete the following steps to install the ExternalDNS package.

1. List the available ExternalDNS versions in the repository.

   kubectl get packages -n tkg-system
   

   The most version is external-dns.tanzu.vmware.com.0.13.4+vmware.2-tkg.2.

2. Create the external-dns.yaml specification.

   The following example is for Azure DNS. See ExternalDNS Components, Configuration, Data Values for others.

   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: dns-sa
     namespace: tkg-system
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: dns-role-binding
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: cluster-admin
   subjects:
     - kind: ServiceAccount
       name: dns-sa
       namespace: tkg-system
   ---
   apiVersion: packaging.carvel.dev/v1alpha1
   kind: PackageInstall
   metadata:
     name: dns
     namespace: tkg-system
   spec:
     serviceAccountName: dns-sa
     packageRef:
       refName: dns.tanzu.vmware.com
       versionSelection:
         constraints: 0.13.4+vmware.2-tkg.2
     values:
     - secretRef:
         name: dns-data-values
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: dns-data-values
     namespace: tkg-system
   stringData:
     values.yml: |
       ---
       namespace: service-discovery
       dns:
         pspNames: "vmware-system-restricted"
         deployment:
           args:
           - --provider=azure
           - --source=service
           - --source=ingress
           - --source=contour-httpproxy #! configure external-dns to read Contour HTTPProxy resources
           - --domain-filter=my-zone.example.org #! zone where services are deployed
           - --azure-resource-group=my-resource-group #! Azure resource group
           volumeMounts:
           - name: azure-config-file
             mountPath: /etc/kubernetes
             readOnly: true
           #@overlay/replace
           volumes:
           - name: azure-config-file
             secret:
               secretName: azure-config-file
   

3. Customize the dns-data-values secret of the external-dns.yaml specification with appropriate values for your environment.

   See External DNS Configuration Parameters for a full list of available parameters.

4. Install the ExternalDNS package.

   kubectl apply -f external-dns.yaml
   

5. Verify ExternalDNS installation.

   kubectl get all -n service-discovery