Pada panduan ini akan membahas cara mengonfigurasi external DNS di kluster Kubernetes. Dengan men-deploy external DNS di kluster, proses pengelolaan data DNS pada aplikasi, service, atau ingress dapat lebih efisien waktu.
Preparation:
- Server DNS dengan PowerDNS dan PowerDNS-Admin.
- MetalLB
Create the namespace #
Buat namespace dengan nama external-dns-pdns
kubectl create namespace external-dns-pdns
Set Up ExternalDNS #
Buat manifest RBAC yang terdiri dari beberapa resource seperti ServiceAccount, ClusterRole, dan ClusterRoleBinding.
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: external-dns-pdns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: external-dns-pdns
Selanjutnya buat resource deployment untuk men-deploy external DNS dengan PowerDNS.
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
namespace: external-dns-pdns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
# Only use if you're also using RBAC
serviceAccountName: external-dns
containers:
- name: external-dns
image: registry.k8s.io/external-dns/external-dns:v0.13.5
args:
- --source=service # or ingress or both
- --provider=pdns
- --pdns-server=http://192.168.100.31:8081 # Your PowerDNS API URL (eg. http://127.0.0.1:8081)
- --pdns-api-key=7c354e13f2482cd821c715b563d5f90ea4a57a
- --txt-owner-id=2023081202
- --domain-filter=muterin.local
- --log-level=debug
- --interval=30s
Ganti domain pada --domain-filter dengan domain yang ada di server DNS, sedangkan --txt-owner-id dapat dengan bebas Anda tentukan. Namun Saya sarankan untuk diisi dengan
serial domain.
Pastikan status pod external-dns running. Jika status pod error, cek logs atau events kemungkinan ada kesalahan konfigurasi server.
kubectl logs -n external-dns-pdns pod/external-dns-xxx-xx
kubectl events -n external-dns-pdns pod/external-dns-xxx-xx
Testing and Verification #
Test dengan cara membuat deployment menggunakan image nginxdemos/hello lalu buat service dengan menambahkan external-dns.alpha.kubernetes.io/hostname:
pada bagian annotations.
apiVersion: v1
kind: Namespace
metadata:
name: site
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo
namespace: site
spec:
replicas: 2
selector:
matchLabels:
app: demo
template:
metadata:
labels:
app: demo
spec:
containers:
- image: nginxdemos/hello
name: hello
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: demo.muterin.local
name: demo
namespace: site
spec:
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: demo
type: LoadBalancer
Tunggu sekitar 30 detik sampai 1 menit, lalu cek pada dashboard PowerDNS-Admin untuk memastikan record sudah berhasil dibuat.
Atau dapat dicek menggunakan perintah dig.
dig demo.muterin.local @IP-DNS