Using the Tanzu Service Mesh CLI, you can create a Domain Name System (DNS) account based on an external DNS service, such as Amazon Route 53, to enable DNS functionality in Tanzu Service Mesh.

To create a DNS account with the Tanzu CLI, you must describe its configuration in a YAML file and then apply the configuration file. The account will be added to your tenant in Tanzu Service Mesh.

To create a DNS account configuration file, you need to get the API specification for a DNS account in YAML format from Tanzu Service Mesh, create a YAML file based on the specification, and provide configuration values in the file. You can then apply the account configuration file.

For more information about DNS accounts in Tanzu Service Mesh, see Manage Domains.

Prerequisites

  • Create an integration account for your external DNS provider (for example, AWS) in Tanzu Service Mesh. You must provide the ID of the integration account in the configuration of the DNS account. For information about creating an AWS integration account, see Create an AWS Integration Account Using the CLI.

  • Verify that you are familiar with the Kubernetes YAML manifest format.

Procedure

  1. Retrieve the API specification for a DNS account: 
    tanzu sm get spec externaldns
  2. Create a YAML file for the DNS account configuration and paste the API specification into the file.
  3. Provide values for the following fields in the file.

    Field

    Description

    name

    Provide a name to identify this DNS account.

    Important:

    Make sure that you specify the same name under name and spec.

    description

    An optional description of the account. If you don't want to provide a description, remove this field.

    dns_region

    The region that your domain is associated with in Amazon Route 53, for example, us-west-2.

    dns_type

    Type of DNS account. Set this field to GLOBAL.

    enabled_for_projects

    This field is not used for a DNS account. Remove this field.

    infrastructure_account_id

    The ID of the AWS integration account.

    Tip:

    To get the ID of the AWS integration account that you need, perform these steps:

    1. Run tanzu sm get externalaccount.

    2. From the list in the output, copy the AWS integration account ID that you want.

    3. To verify that this is the ID of the integration account that you want to use, run tanzu sm get externaldnss {integration-account-ID}.

    The output contains the details of the integration account. The name of the account and the other details should help you determine if this is the right integration account.

    See an example of a configuration file for a DNS integration account in the Example: A configuration YAML file for a DNS account section.

  4. Apply the resulting configuration YAML file: 
    tanzu sm apply -f {file-name.yaml}

    The output contains a message that a DNS account with the specified name was created.

Example: A configuration YAML file for a DNS account

apiVersion: externaldns.tsm.vmware.com/v1
kind: ExternalDNS
metadata:
  name : sample-dns-account
spec:
  name: sample-dns-account
  description: "Sample DNS account"
  infrastructure_account_id: sample-aws-account
  dns_type: GLOBAL
  dns_region: "us-west-2"

What to do next

The new DNS account is added to the Admin area of the Tanzu Service Mesh Console. To view the details of the new account, perform these steps:

  1. Access the Tanzu Service Mesh Console.

  2. In the navigation pane on the left, click Admin > DNS & Domains.

  3. In the table on the DNS & Domains page, locate the row for the DNS account that you created.