Improve Azure tutorials

* Bump container images to v0.13.1
* Add example with kubernetes service and `external-dns.alpha.kubernetes.io/hostname` annotation
* Add example with `external-dns.alpha.kubernetes.io/internal-hostname`
* Add example used in combination with `service.beta.kubernetes.io/azure-load-balancer-internal`
This commit is contained in:
Saverio Proto 2022-11-29 16:20:55 +01:00
parent 736c763650
commit 617a32aa3d
2 changed files with 149 additions and 70 deletions

View File

@ -3,10 +3,13 @@
This tutorial describes how to set up ExternalDNS for managing records in Azure Private DNS. This tutorial describes how to set up ExternalDNS for managing records in Azure Private DNS.
It comprises of the following steps: It comprises of the following steps:
1) Install NGINX Ingress Controller 1) Provision Azure Private DNS
2) Provision Azure Private DNS 2) Configure service principal for managing the zone
3) Configure service principal for managing the zone 3) Deploy ExternalDNS
4) Deploy ExternalDNS 4) Expose an NGINX service with a LoadBalancer and annotate it with the desired DNS name
5) Install NGINX Ingress Controller (Optional)
6) Expose an nginx service with an ingress (Optional)
7) Verify the DNS records
Everything will be deployed on Kubernetes. Everything will be deployed on Kubernetes.
Therefore, please see the subsequent prerequisites. Therefore, please see the subsequent prerequisites.
@ -15,50 +18,6 @@ Therefore, please see the subsequent prerequisites.
- Azure Kubernetes Service is deployed and ready - Azure Kubernetes Service is deployed and ready
- [Azure CLI 2.0](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) and `kubectl` installed on the box to execute the subsequent steps - [Azure CLI 2.0](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) and `kubectl` installed on the box to execute the subsequent steps
## Install NGINX Ingress Controller
Helm is used to deploy the ingress controller.
We employ the popular chart [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx).
```
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo update
$ helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
--set controller.publishService.enabled=true
```
The parameter `controller.publishService.enabled` needs to be set to `true.`
It will make the ingress controller update the endpoint records of ingress-resources to contain the external-ip of the loadbalancer serving the ingress-controller.
This is crucial as ExternalDNS reads those endpoints records when creating DNS-Records from ingress-resources.
In the subsequent parameter we will make use of this. If you don't want to work with ingress-resources in your later use, you can leave the parameter out.
Verify the correct propagation of the loadbalancer's ip by listing the ingresses.
```
$ kubectl get ingress
```
The address column should contain the ip for each ingress. ExternalDNS will pick up exactly this piece of information.
```
NAME HOSTS ADDRESS PORTS AGE
nginx1 sample1.aks.com 52.167.195.110 80 6d22h
nginx2 sample2.aks.com 52.167.195.110 80 6d21h
```
If you do not want to deploy the ingress controller with Helm, ensure to pass the following cmdline-flags to it through the mechanism of your choice:
```
flags:
--publish-service=<namespace of ingress-controller >/<svcname of ingress-controller>
--update-status=true (default-value)
example:
./nginx-ingress-controller --publish-service=default/nginx-ingress-controller
```
## Provision Azure Private DNS ## Provision Azure Private DNS
The provider will find suitable zones for domains it manages. It will The provider will find suitable zones for domains it manages. It will
@ -119,7 +78,6 @@ $ az ad sp create-for-rbac --skip-assignment -n http://externaldns-sp
``` ```
> Note: Alternatively, you can issue `az account show --query "tenantId"` to retrieve the id of your AAD Tenant too. > Note: Alternatively, you can issue `az account show --query "tenantId"` to retrieve the id of your AAD Tenant too.
Next, assign the roles to the service principal. Next, assign the roles to the service principal.
But first **retrieve the ID's** of the objects to assign roles on. But first **retrieve the ID's** of the objects to assign roles on.
@ -338,11 +296,12 @@ Create the deployment for ExternalDNS:
$ kubectl create -f externaldns.yaml $ kubectl create -f externaldns.yaml
``` ```
## Deploying sample service ## Create an nginx deployment
Create a service file called 'nginx.yaml' with the following contents: This step creates a demo workload in your cluster. Apply the following manifest to create a deployment that we are going to expose later in this tutorial in multiple ways:
```yaml ```yaml
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -357,15 +316,92 @@ spec:
app: nginx app: nginx
spec: spec:
containers: containers:
- image: nginx - image: nginx
name: nginx name: nginx
ports: ports:
- containerPort: 80 - containerPort: 80
```
## Expose the nginx deployment with a load balancer
Apply the following manifest to create a service of type `LoadBalancer`. This will create a public load balancer in Azure that will forward traffic to the nginx pods.
```yaml
---
apiVersion: v1
kind: Service
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
external-dns.alpha.kubernetes.io/hostname: server.example.com
external-dns.alpha.kubernetes.io/internal-hostname: server-clusterip.example.com
metadata:
name: nginx-svc
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
```
In the service we used multiple annptations. The annotation `service.beta.kubernetes.io/azure-load-balancer-internal` is used to create an internal load balancer. The annotation `external-dns.alpha.kubernetes.io/hostname` is used to create a DNS record for the load balancer that will point to the internal IP address in the VNET allocated by the internal load balancer. The annotation `external-dns.alpha.kubernetes.io/internal-hostname` is used to create a private DNS record for the load balancer that will point to the cluster IP.
## Install NGINX Ingress Controller (Optional)
Helm is used to deploy the ingress controller.
We employ the popular chart [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx).
```
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo update
$ helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
--set controller.publishService.enabled=true
```
The parameter `controller.publishService.enabled` needs to be set to `true.`
It will make the ingress controller update the endpoint records of ingress-resources to contain the external-ip of the loadbalancer serving the ingress-controller.
This is crucial as ExternalDNS reads those endpoints records when creating DNS-Records from ingress-resources.
In the subsequent parameter we will make use of this. If you don't want to work with ingress-resources in your later use, you can leave the parameter out.
Verify the correct propagation of the loadbalancer's ip by listing the ingresses.
```
$ kubectl get ingress
```
The address column should contain the ip for each ingress. ExternalDNS will pick up exactly this piece of information.
```
NAME HOSTS ADDRESS PORTS AGE
nginx1 sample1.aks.com 52.167.195.110 80 6d22h
nginx2 sample2.aks.com 52.167.195.110 80 6d21h
```
If you do not want to deploy the ingress controller with Helm, ensure to pass the following cmdline-flags to it through the mechanism of your choice:
```
flags:
--publish-service=<namespace of ingress-controller >/<svcname of ingress-controller>
--update-status=true (default-value)
example:
./nginx-ingress-controller --publish-service=default/nginx-ingress-controller
```
## Expose the nginx deployment with the ingress (Optional)
Apply the following manifest to create an ingress resource that will expose the nginx deployment. The ingress resource backend points to a `ClusterIP` service that is needed to select the pods that will receive the traffic.
```yaml
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: nginx-svc name: nginx-svc-clusterip
spec: spec:
ports: ports:
- port: 80 - port: 80
@ -389,7 +425,7 @@ spec:
paths: paths:
- backend: - backend:
service: service:
name: nginx-svc name: nginx-svc-clusterip
port: port:
number: 80 number: 80
pathType: Prefix pathType: Prefix

View File

@ -518,7 +518,7 @@ Create the deployment for ExternalDNS:
$ kubectl create --namespace "default" --filename externaldns.yaml $ kubectl create --namespace "default" --filename externaldns.yaml
``` ```
## Deploying an Nginx Service ## Ingress Option: Expose an nginx service with an ingress
Create a file called `nginx.yaml` with the following contents: Create a file called `nginx.yaml` with the following contents:
@ -586,6 +586,49 @@ $ kubectl create --namespace "default" --filename nginx.yaml
Since your external IP would have already been assigned to the nginx-ingress service, the DNS records pointing to the IP of the nginx-ingress service should be created within a minute. Since your external IP would have already been assigned to the nginx-ingress service, the DNS records pointing to the IP of the nginx-ingress service should be created within a minute.
## Azure Load Balancer option: Expose an nginx service with a load balancer
Create a file called `nginx.yaml` with the following contents:
```yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
annotations:
external-dns.alpha.kubernetes.io/hostname: server.example.com
metadata:
name: nginx-svc
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
```
The annotation `external-dns.alpha.kubernetes.io/hostname` is used to specify the DNS name that should be created for the service. The annotation value is a comma separated list of host names.
## Verifying Azure DNS records ## Verifying Azure DNS records
Run the following command to view the A records for your Azure DNS zone: Run the following command to view the A records for your Azure DNS zone: