K
Q

Kubernetes ExternalDNS is not creating record set in Azure DNS Zone

7/7/2021

I followed this to deploy K8s ExternalDNS and did followings:

  • created Azure App Service Domain and DNS Zone (i.e. demo.com)
  • enabled managed identity for AKS cluster
  • assigned contributor role to AKS managed identiry for DNS Zone
  • created K8s secret for ExternalDNS (using azure.json)
  • deployed ExternalDNS in default K8s (AKS) namespace
  • created 2 ingresses with host: api.demo.com and paths /foo & /bar (FYI, AKS AGIC is enabled and "Static Public IP" is being used by Application Gateway)

If I understand correctly, ExternalDNS should create record set in Azure DNS Zone and ingresses should work. But no record set is created by ExternalDNS (ingresses are not working).

FYI, If i do the followings, then things are working fine

  • create an alias record set with "Alias type: Azure resource" which points to the "Static Public IP" used by Application Gateway
  • controllers annotated with [Route("api/foo")] & [Route("api/bar")] respectively
  • create 2 ingresses with host: demo.com and paths api/foo/* & api/bar/*
  • use annotation for each ingress : appgw.ingress.kubernetes.io/backend-path-prefix: "/foo/" (same for Bar API: "/bar/")

But, what I want is to host my APIs with api.demo.com (also SSL with Let's Encrypt)

foo-ingress.yaml 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: foo-api
  namespace: default
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/ssl-redirect: "false"
    appgw.ingress.kubernetes.io/backend-path-prefix: "/foo/"
spec:
  rules:
  - host: api.demo.com
    http:
      paths:
      - path: /foo/*
        pathType: Prefix
        backend:
          service:
            name: foo-api
            port:
              number: 80

external-dns.yaml 

apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: external-dns
rules:
- apiGroups: [""]
  resources: ["services","endpoints","pods"]
  verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
  resources: ["ingresses"] 
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:v0.8.0
        args:
        - --source=service
        - --source=ingress
        - --domain-filter=demo.com
        - --provider=azure
        - --azure-resource-group=my-poc-rg
        volumeMounts:
        - name: azure-config-file
          mountPath: /etc/kubernetes
          readOnly: true
      volumes:
      - name: azure-config-file
        secret:
          secretName: azure-config-file
-- HASSAN MD TAREQ
azure-aks
azure-dns
external-dns
kubernetes
kubernetes-ingress

Similar Questions

Capture Helm Package name once it is formed
Using RBAC Network Filter to block ingress or egress to/from service in Envoy Proxy
Kubernetes open /run/flannel/subnet.env: no such file or directory
Kubernetes nginx Ingress configuration not working for Grafana
certificate signed by unknown authority Kubernetes Engine

0 Answers