mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2025-08-06 01:26:59 +02:00
Merge pull request #4457 from stefanlasiewski/patch-2
Fix headings, whitespace
This commit is contained in:
commit
93b831d81d
@ -6,9 +6,8 @@ To use external-dns with BIND: generate/procure a key, configure DNS and add a
|
||||
deployment of external-dns.
|
||||
|
||||
### Server credentials:
|
||||
- RFC2136 was developed for and tested with
|
||||
[BIND](https://www.isc.org/downloads/bind/) DNS server. This documentation
|
||||
assumes that you already have a configured and working server. If you don't,
|
||||
- RFC2136 was developed for and tested with [BIND](https://www.isc.org/downloads/bind/) DNS server.
|
||||
This documentation assumes that you already have a configured and working server. If you don't,
|
||||
please check BIND documents or tutorials.
|
||||
- If your DNS is provided for you, ask for a TSIG key authorized to update and
|
||||
transfer the zone you wish to update. The key will look something like below.
|
||||
@ -134,7 +133,11 @@ tutorial and are covered in the main documentation.
|
||||
|
||||
### Test with external-dns installed on local machine (optional)
|
||||
You may install external-dns and test on a local machine by running:
|
||||
```external-dns --txt-owner-id k8s --provider rfc2136 --rfc2136-host=192.168.0.1 --rfc2136-port=53 --rfc2136-zone=k8s.example.org --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8= --rfc2136-tsig-secret-alg=hmac-sha256 --rfc2136-tsig-keyname=externaldns-key --rfc2136-tsig-axfr --source ingress --once --domain-filter=k8s.example.org --dry-run```
|
||||
|
||||
```
|
||||
external-dns --txt-owner-id k8s --provider rfc2136 --rfc2136-host=192.168.0.1 --rfc2136-port=53 --rfc2136-zone=k8s.example.org --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8= --rfc2136-tsig-secret-alg=hmac-sha256 --rfc2136-tsig-keyname=externaldns-key --rfc2136-tsig-axfr --source ingress --once --domain-filter=k8s.example.org --dry-run
|
||||
```
|
||||
|
||||
- host should be the IP of your master DNS server.
|
||||
- tsig-secret should be changed to match your secret.
|
||||
- tsig-keyname needs to match the keyname you used (if you changed it).
|
||||
@ -309,7 +312,7 @@ You'll want to configure `external-dns` similarly to the following:
|
||||
|
||||
### Secure Updates Using RFC3645 (GSS-TSIG)
|
||||
|
||||
### DNS-side configuration
|
||||
#### DNS-side configuration
|
||||
|
||||
1. Create a DNS zone
|
||||
2. Enable secure dynamic updates for the zone
|
||||
@ -318,7 +321,7 @@ You'll want to configure `external-dns` similarly to the following:
|
||||
If you see any error messages which indicate that `external-dns` was somehow not able to fetch
|
||||
existing DNS records from your DNS server, this could mean that you forgot about step 3.
|
||||
|
||||
#### Kerberos Configuration
|
||||
##### Kerberos Configuration
|
||||
|
||||
DNS with secure updates relies upon a valid Kerberos configuration running within the `external-dns` container. At this time, you will need to create a ConfigMap for the `external-dns` container to use and mount it in your deployment. Below is an example of a working Kerberos configuration inside a ConfigMap definition. This may be different depending on many factors in your environment:
|
||||
|
||||
@ -356,8 +359,7 @@ data:
|
||||
yourdomain.com = YOUR-REALM.COM
|
||||
.yourdomain.com = YOUR-REALM.COM
|
||||
```
|
||||
In most cases, the realm name will probably be the same as the domain name, so you can simply replace
|
||||
`YOUR-REALM.COM` with something like `YOURDOMAIN.COM`.
|
||||
In most cases, the realm name will probably be the same as the domain name, so you can simply replace `YOUR-REALM.COM` with something like `YOURDOMAIN.COM`.
|
||||
|
||||
Once the ConfigMap is created, the container `external-dns` container needs to be told to mount that ConfigMap as a volume at the default Kerberos configuration location. The pod spec should include a similar configuration to the following:
|
||||
|
||||
@ -376,7 +378,7 @@ Once the ConfigMap is created, the container `external-dns` container needs to b
|
||||
...
|
||||
```
|
||||
|
||||
#### `external-dns` configuration
|
||||
##### `external-dns` configuration
|
||||
|
||||
You'll want to configure `external-dns` similarly to the following:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user