mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-12 12:36:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
gh-pages
external-dns/v0.12.0/tutorials/aws/index.html

2409 lines
112 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="author" content="external-dns maintainers">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.3.0, mkdocs-material-8.2.8">
<title>Setting up ExternalDNS for Services on AWS - external-dns</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.644de097.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.e6a45f82.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../..",location),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#setting-up-externaldns-for-services-on-aws" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-component="outdated" hidden>
<aside class="md-banner md-banner--warning">
</aside>
</div>
<header class="md-header md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="external-dns" class="md-header__button md-logo" aria-label="external-dns" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
external-dns
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Setting up ExternalDNS for Services on AWS
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/kubernetes-sigs/external-dns/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
kubernetes-sigs/external-dns
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-tabs__inner md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../.." class="md-tabs__link">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../UKFast_SafeDNS/" class="md-tabs__link md-tabs__link--active">
Tutorials
</a>
</li>
<li class="md-tabs__item">
<a href="../../initial-design/" class="md-tabs__link">
Advanced Topics
</a>
</li>
<li class="md-tabs__item">
<a href="../../CONTRIBUTING/" class="md-tabs__link">
Contributing
</a>
</li>
<li class="md-tabs__item">
<a href="../../faq/" class="md-tabs__link">
About
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="external-dns" class="md-nav__button md-logo" aria-label="external-dns" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
external-dns
</label>
<div class="md-nav__source">
<a href="https://github.com/kubernetes-sigs/external-dns/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
kubernetes-sigs/external-dns
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
Home
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" checked>
<label class="md-nav__link" for="__nav_2">
Tutorials
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Tutorials" data-md-level="1">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../UKFast_SafeDNS/" class="md-nav__link">
Setting up ExternalDNS for Services on UKFast's SafeDNS
</a>
</li>
<li class="md-nav__item">
<a href="../akamai-edgedns/" class="md-nav__link">
Setting up External-DNS for Services on Akamai Edge DNS
</a>
</li>
<li class="md-nav__item">
<a href="../alb-ingress/" class="md-nav__link">
Using ExternalDNS with alb-ingress-controller
</a>
</li>
<li class="md-nav__item">
<a href="../alibabacloud/" class="md-nav__link">
Setting up ExternalDNS for Services on Alibaba Cloud
</a>
</li>
<li class="md-nav__item">
<a href="../aws-sd/" class="md-nav__link">
Setting up ExternalDNS using AWS Cloud Map API
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Setting up ExternalDNS for Services on AWS
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
Setting up ExternalDNS for Services on AWS
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#iam-policy" class="md-nav__link">
IAM Policy
</a>
</li>
<li class="md-nav__item">
<a href="#create-iam-role" class="md-nav__link">
Create IAM Role
</a>
<nav class="md-nav" aria-label="Create IAM Role">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#amazon-eks" class="md-nav__link">
Amazon EKS
</a>
</li>
<li class="md-nav__item">
<a href="#kiam" class="md-nav__link">
kiam
</a>
</li>
<li class="md-nav__item">
<a href="#kube2iam" class="md-nav__link">
kube2iam
</a>
</li>
<li class="md-nav__item">
<a href="#ec2-instance-role-not-recommended" class="md-nav__link">
EC2 Instance Role (not recommended)
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#set-up-a-hosted-zone" class="md-nav__link">
Set up a hosted zone
</a>
</li>
<li class="md-nav__item">
<a href="#deploy-externaldns" class="md-nav__link">
Deploy ExternalDNS
</a>
<nav class="md-nav" aria-label="Deploy ExternalDNS">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#manifest-for-clusters-without-rbac-enabled" class="md-nav__link">
Manifest (for clusters without RBAC enabled)
</a>
</li>
<li class="md-nav__item">
<a href="#manifest-for-clusters-with-rbac-enabled" class="md-nav__link">
Manifest (for clusters with RBAC enabled)
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#arguments" class="md-nav__link">
Arguments
</a>
<nav class="md-nav" aria-label="Arguments">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aws-zone-type" class="md-nav__link">
aws-zone-type
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#annotations" class="md-nav__link">
Annotations
</a>
<nav class="md-nav" aria-label="Annotations">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#alias" class="md-nav__link">
alias
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#verify-externaldns-works-ingress-example" class="md-nav__link">
Verify ExternalDNS works (Ingress example)
</a>
</li>
<li class="md-nav__item">
<a href="#verify-externaldns-works-service-example" class="md-nav__link">
Verify ExternalDNS works (Service example)
</a>
</li>
<li class="md-nav__item">
<a href="#custom-ttl" class="md-nav__link">
Custom TTL
</a>
</li>
<li class="md-nav__item">
<a href="#routing-policies" class="md-nav__link">
Routing policies
</a>
</li>
<li class="md-nav__item">
<a href="#associating-dns-records-with-healthchecks" class="md-nav__link">
Associating DNS records with healthchecks
</a>
</li>
<li class="md-nav__item">
<a href="#govcloud-caveats" class="md-nav__link">
Govcloud caveats
</a>
</li>
<li class="md-nav__item">
<a href="#clean-up" class="md-nav__link">
Clean up
</a>
</li>
<li class="md-nav__item">
<a href="#throttling" class="md-nav__link">
Throttling
</a>
<nav class="md-nav" aria-label="Throttling">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#eks" class="md-nav__link">
EKS
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../azure-private-dns/" class="md-nav__link">
Set up ExternalDNS for Azure Private DNS
</a>
</li>
<li class="md-nav__item">
<a href="../azure/" class="md-nav__link">
Setting up ExternalDNS for Services on Azure
</a>
</li>
<li class="md-nav__item">
<a href="../bluecat/" class="md-nav__link">
Setting up external-dns for BlueCat
</a>
</li>
<li class="md-nav__item">
<a href="../cloudflare/" class="md-nav__link">
Setting up ExternalDNS for Services on Cloudflare
</a>
</li>
<li class="md-nav__item">
<a href="../contour/" class="md-nav__link">
Setting up External DNS with Contour
</a>
</li>
<li class="md-nav__item">
<a href="../coredns/" class="md-nav__link">
Setting up ExternalDNS for CoreDNS with minikube
</a>
</li>
<li class="md-nav__item">
<a href="../designate/" class="md-nav__link">
Setting up ExternalDNS for Services on OpenStack Designate
</a>
</li>
<li class="md-nav__item">
<a href="../digitalocean/" class="md-nav__link">
Setting up ExternalDNS for Services on DigitalOcean
</a>
</li>
<li class="md-nav__item">
<a href="../dnsimple/" class="md-nav__link">
Setting up ExternalDNS for Services on DNSimple
</a>
</li>
<li class="md-nav__item">
<a href="../dyn/" class="md-nav__link">
Setting up ExternalDNS for Dyn
</a>
</li>
<li class="md-nav__item">
<a href="../exoscale/" class="md-nav__link">
Setting up ExternalDNS for Exoscale
</a>
</li>
<li class="md-nav__item">
<a href="../externalname/" class="md-nav__link">
Setting up ExternalDNS for ExternalName Services
</a>
</li>
<li class="md-nav__item">
<a href="../gandi/" class="md-nav__link">
Setting up ExternalDNS for Services on Gandi
</a>
</li>
<li class="md-nav__item">
<a href="../gateway-api/" class="md-nav__link">
Configuring ExternalDNS to use Gateway API Route Sources
</a>
</li>
<li class="md-nav__item">
<a href="../gke/" class="md-nav__link">
Setting up ExternalDNS on Google Kubernetes Engine
</a>
</li>
<li class="md-nav__item">
<a href="../gloo-proxy/" class="md-nav__link">
Configuring ExternalDNS to use the Gloo Proxy Source
</a>
</li>
<li class="md-nav__item">
<a href="../godaddy/" class="md-nav__link">
Setting up ExternalDNS for Services on GoDaddy
</a>
</li>
<li class="md-nav__item">
<a href="../hostport/" class="md-nav__link">
Setting up ExternalDNS for Headless Services
</a>
</li>
<li class="md-nav__item">
<a href="../ibmcloud/" class="md-nav__link">
Setting up ExternalDNS for Services on IBMCloud
</a>
</li>
<li class="md-nav__item">
<a href="../infoblox/" class="md-nav__link">
Setting up ExternalDNS for Infoblox
</a>
</li>
<li class="md-nav__item">
<a href="../istio/" class="md-nav__link">
Configuring ExternalDNS to use the Istio Gateway and/or Istio Virtual Service Source
</a>
</li>
<li class="md-nav__item">
<a href="../kong/" class="md-nav__link">
Configuring ExternalDNS to use the Kong TCPIngress Source
</a>
</li>
<li class="md-nav__item">
<a href="../kops-dns-controller/" class="md-nav__link">
kOps dns-controller compatibility mode
</a>
</li>
<li class="md-nav__item">
<a href="../kube-ingress-aws/" class="md-nav__link">
Using ExternalDNS with kube-ingress-aws-controller
</a>
</li>
<li class="md-nav__item">
<a href="../linode/" class="md-nav__link">
Setting up ExternalDNS for Services on Linode
</a>
</li>
<li class="md-nav__item">
<a href="../nginx-ingress/" class="md-nav__link">
Setting up ExternalDNS on GKE with nginx-ingress-controller
</a>
</li>
<li class="md-nav__item">
<a href="../nodes/" class="md-nav__link">
Configuring ExternalDNS to use Cluster Nodes as Source
</a>
</li>
<li class="md-nav__item">
<a href="../ns-record/" class="md-nav__link">
Creating NS record with CRD source
</a>
</li>
<li class="md-nav__item">
<a href="../ns1/" class="md-nav__link">
Setting up ExternalDNS for Services on NS1
</a>
</li>
<li class="md-nav__item">
<a href="../openshift/" class="md-nav__link">
Configuring ExternalDNS to use the OpenShift Route Source
</a>
</li>
<li class="md-nav__item">
<a href="../oracle/" class="md-nav__link">
Setting up ExternalDNS for Oracle Cloud Infrastructure (OCI)
</a>
</li>
<li class="md-nav__item">
<a href="../ovh/" class="md-nav__link">
Setting up ExternalDNS for Services on OVH
</a>
</li>
<li class="md-nav__item">
<a href="../pdns/" class="md-nav__link">
Setting up ExternalDNS for PowerDNS
</a>
</li>
<li class="md-nav__item">
<a href="../public-private-route53/" class="md-nav__link">
Setting up ExternalDNS using the same domain for public and private Route53 zones
</a>
</li>
<li class="md-nav__item">
<a href="../rcodezero/" class="md-nav__link">
Setting up ExternalDNS for Services on RcodeZero
</a>
</li>
<li class="md-nav__item">
<a href="../rdns/" class="md-nav__link">
Setting up ExternalDNS for RancherDNS(RDNS) with kubernetes
</a>
</li>
<li class="md-nav__item">
<a href="../rfc2136/" class="md-nav__link">
Configuring RFC2136 provider
</a>
</li>
<li class="md-nav__item">
<a href="../scaleway/" class="md-nav__link">
Setting up ExternalDNS for Services on Scaleway
</a>
</li>
<li class="md-nav__item">
<a href="../security-context/" class="md-nav__link">
Running ExternalDNS with limited privileges
</a>
</li>
<li class="md-nav__item">
<a href="../transip/" class="md-nav__link">
Setting up ExternalDNS for Services on TransIP
</a>
</li>
<li class="md-nav__item">
<a href="../ultradns/" class="md-nav__link">
Setting up ExternalDNS for Services on UltraDNS
</a>
</li>
<li class="md-nav__item">
<a href="../vinyldns/" class="md-nav__link">
Setting up ExternalDNS for VinylDNS
</a>
</li>
<li class="md-nav__item">
<a href="../vultr/" class="md-nav__link">
Setting up ExternalDNS for Services on Vultr
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3">
Advanced Topics
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Advanced Topics" data-md-level="1">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Advanced Topics
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../initial-design/" class="md-nav__link">
Initial Design
</a>
</li>
<li class="md-nav__item">
<a href="../../ttl/" class="md-nav__link">
TTL
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4">
Contributing
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Contributing" data-md-level="1">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../CONTRIBUTING/" class="md-nav__link">
Kubernetes Contributions
</a>
</li>
<li class="md-nav__item">
<a href="../../release/" class="md-nav__link">
Release
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/chart/" class="md-nav__link">
Helm Chart
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/crd-source/" class="md-nav__link">
CRD Source
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/getting-started/" class="md-nav__link">
Quick Start
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/sources-and-providers/" class="md-nav__link">
Sources and Providers
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5">
About
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="About" data-md-level="1">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
About
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../faq/" class="md-nav__link">
FAQ
</a>
</li>
<li class="md-nav__item">
<a href="../../20190708-external-dns-incubator/" class="md-nav__link">
Out of Incubator
</a>
</li>
<li class="md-nav__item">
<a href="../../code-of-conduct/" class="md-nav__link">
Code of Conduct
</a>
</li>
<li class="md-nav__item">
<a href="../../LICENSE/" class="md-nav__link">
License
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#iam-policy" class="md-nav__link">
IAM Policy
</a>
</li>
<li class="md-nav__item">
<a href="#create-iam-role" class="md-nav__link">
Create IAM Role
</a>
<nav class="md-nav" aria-label="Create IAM Role">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#amazon-eks" class="md-nav__link">
Amazon EKS
</a>
</li>
<li class="md-nav__item">
<a href="#kiam" class="md-nav__link">
kiam
</a>
</li>
<li class="md-nav__item">
<a href="#kube2iam" class="md-nav__link">
kube2iam
</a>
</li>
<li class="md-nav__item">
<a href="#ec2-instance-role-not-recommended" class="md-nav__link">
EC2 Instance Role (not recommended)
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#set-up-a-hosted-zone" class="md-nav__link">
Set up a hosted zone
</a>
</li>
<li class="md-nav__item">
<a href="#deploy-externaldns" class="md-nav__link">
Deploy ExternalDNS
</a>
<nav class="md-nav" aria-label="Deploy ExternalDNS">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#manifest-for-clusters-without-rbac-enabled" class="md-nav__link">
Manifest (for clusters without RBAC enabled)
</a>
</li>
<li class="md-nav__item">
<a href="#manifest-for-clusters-with-rbac-enabled" class="md-nav__link">
Manifest (for clusters with RBAC enabled)
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#arguments" class="md-nav__link">
Arguments
</a>
<nav class="md-nav" aria-label="Arguments">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aws-zone-type" class="md-nav__link">
aws-zone-type
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#annotations" class="md-nav__link">
Annotations
</a>
<nav class="md-nav" aria-label="Annotations">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#alias" class="md-nav__link">
alias
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#verify-externaldns-works-ingress-example" class="md-nav__link">
Verify ExternalDNS works (Ingress example)
</a>
</li>
<li class="md-nav__item">
<a href="#verify-externaldns-works-service-example" class="md-nav__link">
Verify ExternalDNS works (Service example)
</a>
</li>
<li class="md-nav__item">
<a href="#custom-ttl" class="md-nav__link">
Custom TTL
</a>
</li>
<li class="md-nav__item">
<a href="#routing-policies" class="md-nav__link">
Routing policies
</a>
</li>
<li class="md-nav__item">
<a href="#associating-dns-records-with-healthchecks" class="md-nav__link">
Associating DNS records with healthchecks
</a>
</li>
<li class="md-nav__item">
<a href="#govcloud-caveats" class="md-nav__link">
Govcloud caveats
</a>
</li>
<li class="md-nav__item">
<a href="#clean-up" class="md-nav__link">
Clean up
</a>
</li>
<li class="md-nav__item">
<a href="#throttling" class="md-nav__link">
Throttling
</a>
<nav class="md-nav" aria-label="Throttling">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#eks" class="md-nav__link">
EKS
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/kubernetes-sigs/external-dns/edit/master/docs/tutorials/aws.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
</a>
<h1 id="setting-up-externaldns-for-services-on-aws">Setting up ExternalDNS for Services on AWS<a class="headerlink" href="#setting-up-externaldns-for-services-on-aws" title="Permanent link">&para;</a></h1>
<p>This tutorial describes how to setup ExternalDNS for usage within a Kubernetes cluster on AWS. Make sure to use <strong>&gt;=0.4</strong> version of ExternalDNS for this tutorial</p>
<h2 id="iam-policy">IAM Policy<a class="headerlink" href="#iam-policy" title="Permanent link">&para;</a></h2>
<p>The following IAM Policy document allows ExternalDNS to update Route53 Resource<br />
Record Sets and Hosted Zones. You&rsquo;ll want to create this Policy in IAM first. In<br />
our example, we&rsquo;ll call the policy AllowExternalDNSUpdates (but you can call<br />
it whatever you prefer).</p>
<p>If you prefer, you may fine-tune the policy to permit updates only to explicit<br />
Hosted Zone IDs.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a><span class="p">{</span><span class="w"></span>
<a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a><span class="w"> </span><span class="nt">&quot;Version&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;2012-10-17&quot;</span><span class="p">,</span><span class="w"></span>
<a id="__codelineno-0-3" name="__codelineno-0-3" href="#__codelineno-0-3"></a><span class="w"> </span><span class="nt">&quot;Statement&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a><span class="w"> </span><span class="p">{</span><span class="w"></span>
<a id="__codelineno-0-5" name="__codelineno-0-5" href="#__codelineno-0-5"></a><span class="w"> </span><span class="nt">&quot;Effect&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Allow&quot;</span><span class="p">,</span><span class="w"></span>
<a id="__codelineno-0-6" name="__codelineno-0-6" href="#__codelineno-0-6"></a><span class="w"> </span><span class="nt">&quot;Action&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<a id="__codelineno-0-7" name="__codelineno-0-7" href="#__codelineno-0-7"></a><span class="w"> </span><span class="s2">&quot;route53:ChangeResourceRecordSets&quot;</span><span class="w"></span>
<a id="__codelineno-0-8" name="__codelineno-0-8" href="#__codelineno-0-8"></a><span class="w"> </span><span class="p">],</span><span class="w"></span>
<a id="__codelineno-0-9" name="__codelineno-0-9" href="#__codelineno-0-9"></a><span class="w"> </span><span class="nt">&quot;Resource&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<a id="__codelineno-0-10" name="__codelineno-0-10" href="#__codelineno-0-10"></a><span class="w"> </span><span class="s2">&quot;arn:aws:route53:::hostedzone/*&quot;</span><span class="w"></span>
<a id="__codelineno-0-11" name="__codelineno-0-11" href="#__codelineno-0-11"></a><span class="w"> </span><span class="p">]</span><span class="w"></span>
<a id="__codelineno-0-12" name="__codelineno-0-12" href="#__codelineno-0-12"></a><span class="w"> </span><span class="p">},</span><span class="w"></span>
<a id="__codelineno-0-13" name="__codelineno-0-13" href="#__codelineno-0-13"></a><span class="w"> </span><span class="p">{</span><span class="w"></span>
<a id="__codelineno-0-14" name="__codelineno-0-14" href="#__codelineno-0-14"></a><span class="w"> </span><span class="nt">&quot;Effect&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Allow&quot;</span><span class="p">,</span><span class="w"></span>
<a id="__codelineno-0-15" name="__codelineno-0-15" href="#__codelineno-0-15"></a><span class="w"> </span><span class="nt">&quot;Action&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<a id="__codelineno-0-16" name="__codelineno-0-16" href="#__codelineno-0-16"></a><span class="w"> </span><span class="s2">&quot;route53:ListHostedZones&quot;</span><span class="p">,</span><span class="w"></span>
<a id="__codelineno-0-17" name="__codelineno-0-17" href="#__codelineno-0-17"></a><span class="w"> </span><span class="s2">&quot;route53:ListResourceRecordSets&quot;</span><span class="w"></span>
<a id="__codelineno-0-18" name="__codelineno-0-18" href="#__codelineno-0-18"></a><span class="w"> </span><span class="p">],</span><span class="w"></span>
<a id="__codelineno-0-19" name="__codelineno-0-19" href="#__codelineno-0-19"></a><span class="w"> </span><span class="nt">&quot;Resource&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<a id="__codelineno-0-20" name="__codelineno-0-20" href="#__codelineno-0-20"></a><span class="w"> </span><span class="s2">&quot;*&quot;</span><span class="w"></span>
<a id="__codelineno-0-21" name="__codelineno-0-21" href="#__codelineno-0-21"></a><span class="w"> </span><span class="p">]</span><span class="w"></span>
<a id="__codelineno-0-22" name="__codelineno-0-22" href="#__codelineno-0-22"></a><span class="w"> </span><span class="p">}</span><span class="w"></span>
<a id="__codelineno-0-23" name="__codelineno-0-23" href="#__codelineno-0-23"></a><span class="w"> </span><span class="p">]</span><span class="w"></span>
<a id="__codelineno-0-24" name="__codelineno-0-24" href="#__codelineno-0-24"></a><span class="p">}</span><span class="w"></span>
</code></pre></div>
<h2 id="create-iam-role">Create IAM Role<a class="headerlink" href="#create-iam-role" title="Permanent link">&para;</a></h2>
<p>You&rsquo;ll need to create an IAM Role that can be assumed by the ExternalDNS Pod.<br />
Note the role name; you&rsquo;ll need to refer to it in the K8S manifest below.</p>
<p>Attach the AllowExternalDNSUpdates IAM Policy (above) to the role.</p>
<p>The trust relationship associated with the IAM Role will vary depending on how<br />
you&rsquo;ve configured your Kubernetes cluster:</p>
<h3 id="amazon-eks">Amazon EKS<a class="headerlink" href="#amazon-eks" title="Permanent link">&para;</a></h3>
<p>If your EKS-managed cluster is &gt;= 1.13 and was created after 2019-09-04, refer<br />
to the <a href="https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html">Amazon EKS<br />
documentation</a><br />
for instructions on how to create the IAM Role. Otherwise, you will need to use<br />
kiam or kube2iam or set the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY on the deployment.</p>
<h3 id="kiam">kiam<a class="headerlink" href="#kiam" title="Permanent link">&para;</a></h3>
<p>If you&rsquo;re using <a href="https://github.com/uswitch/kiam">kiam</a>, follow the<br />
<a href="https://github.com/uswitch/kiam/blob/HEAD/docs/IAM.md">instructions</a> for<br />
creating the IAM role.</p>
<h3 id="kube2iam">kube2iam<a class="headerlink" href="#kube2iam" title="Permanent link">&para;</a></h3>
<p>If you&rsquo;re using <a href="https://github.com/jtblin/kube2iam">kube2iam</a>, follow the<br />
instructions for creating the IAM Role.</p>
<h3 id="ec2-instance-role-not-recommended">EC2 Instance Role (not recommended)<a class="headerlink" href="#ec2-instance-role-not-recommended" title="Permanent link">&para;</a></h3>
<p><strong><img alt="⚠" class="twemoji" src="https://twemoji.maxcdn.com/v/latest/svg/26a0.svg" title=":warning:" /> WARNING: This will grant all pods on the node the ability to<br />
manipulate Route 53 Resource Record Sets. If exploited by an attacker, this<br />
could lead to a serious security and/or availability incident. For this reason,<br />
it is not recommended.</strong></p>
<p>Create an IAM Role for your EC2 instances as described in the <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html">Amazon EC2<br />
documentation</a>.<br />
Then, attach the associated Instance Profile to the EC2 instances that comprise<br />
your K8S cluster.</p>
<p>For this method to work, you must permit your pods the ability to access the EC2<br />
instance metadata service (169.254.169.254). This is allowed by default.</p>
<h2 id="set-up-a-hosted-zone">Set up a hosted zone<a class="headerlink" href="#set-up-a-hosted-zone" title="Permanent link">&para;</a></h2>
<p><em>If you prefer to try-out ExternalDNS in one of the existing hosted-zones you can skip this step</em></p>
<p>Create a DNS zone which will contain the managed DNS records.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="gp">$ </span>aws route53 create-hosted-zone --name <span class="s2">&quot;external-dns-test.my-org.com.&quot;</span> --caller-reference <span class="s2">&quot;external-dns-test-</span><span class="k">$(</span>date +%s<span class="k">)</span><span class="s2">&quot;</span>
</code></pre></div>
<p>Make a note of the ID of the hosted zone you just created, which will serve as the value for my-hostedzone-identifier.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="gp">$ </span>aws route53 list-hosted-zones-by-name --output json --dns-name <span class="s2">&quot;external-dns-test.my-org.com.&quot;</span> <span class="p">|</span> jq -r <span class="s1">&#39;.HostedZones[0].Id&#39;</span>
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="go">/hostedzone/ZEWFWZ4R16P7IB</span>
</code></pre></div>
<p>Make a note of the nameservers that were assigned to your new zone.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="gp">$ </span>aws route53 list-resource-record-sets --output json --hosted-zone-id <span class="s2">&quot;/hostedzone/ZEWFWZ4R16P7IB&quot;</span> <span class="se">\</span>
<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a> --query <span class="s2">&quot;ResourceRecordSets[?Type == &#39;NS&#39;]&quot;</span> <span class="p">|</span> jq -r <span class="s1">&#39;.[0].ResourceRecords[].Value&#39;</span>
<a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a><span class="go">ns-5514.awsdns-53.org.</span>
<a id="__codelineno-3-4" name="__codelineno-3-4" href="#__codelineno-3-4"></a><span class="go">...</span>
</code></pre></div>
<p>In this case it&rsquo;s the ones shown above but your&rsquo;s will differ.</p>
<h2 id="deploy-externaldns">Deploy ExternalDNS<a class="headerlink" href="#deploy-externaldns" title="Permanent link">&para;</a></h2>
<p>Connect your <code>kubectl</code> client to the cluster you want to test ExternalDNS with.<br />
Then apply one of the following manifests file to deploy ExternalDNS. You can check if your cluster has RBAC by <code>kubectl api-versions | grep rbac.authorization.k8s.io</code>.</p>
<p>For clusters with RBAC enabled, be sure to choose the correct <code>namespace</code>.</p>
<h3 id="manifest-for-clusters-without-rbac-enabled">Manifest (for clusters without RBAC enabled)<a class="headerlink" href="#manifest-for-clusters-without-rbac-enabled" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apps/v1</span><span class="w"></span>
<a id="__codelineno-4-2" name="__codelineno-4-2" href="#__codelineno-4-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Deployment</span><span class="w"></span>
<a id="__codelineno-4-3" name="__codelineno-4-3" href="#__codelineno-4-3"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-4" name="__codelineno-4-4" href="#__codelineno-4-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-4-5" name="__codelineno-4-5" href="#__codelineno-4-5"></a><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-6" name="__codelineno-4-6" href="#__codelineno-4-6"></a><span class="w"> </span><span class="nt">strategy</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-7" name="__codelineno-4-7" href="#__codelineno-4-7"></a><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Recreate</span><span class="w"></span>
<a id="__codelineno-4-8" name="__codelineno-4-8" href="#__codelineno-4-8"></a><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-9" name="__codelineno-4-9" href="#__codelineno-4-9"></a><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-10" name="__codelineno-4-10" href="#__codelineno-4-10"></a><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-4-11" name="__codelineno-4-11" href="#__codelineno-4-11"></a><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-12" name="__codelineno-4-12" href="#__codelineno-4-12"></a><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-13" name="__codelineno-4-13" href="#__codelineno-4-13"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-14" name="__codelineno-4-14" href="#__codelineno-4-14"></a><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-4-15" name="__codelineno-4-15" href="#__codelineno-4-15"></a><span class="w"> </span><span class="c1"># If you&#39;re using kiam or kube2iam, specify the following annotation.</span><span class="w"></span>
<a id="__codelineno-4-16" name="__codelineno-4-16" href="#__codelineno-4-16"></a><span class="w"> </span><span class="c1"># Otherwise, you may safely omit it.</span><span class="w"></span>
<a id="__codelineno-4-17" name="__codelineno-4-17" href="#__codelineno-4-17"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-18" name="__codelineno-4-18" href="#__codelineno-4-18"></a><span class="w"> </span><span class="nt">iam.amazonaws.com/role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::ACCOUNT-ID:role/IAM-SERVICE-ROLE-NAME</span><span class="w"></span>
<a id="__codelineno-4-19" name="__codelineno-4-19" href="#__codelineno-4-19"></a><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-20" name="__codelineno-4-20" href="#__codelineno-4-20"></a><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-21" name="__codelineno-4-21" href="#__codelineno-4-21"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-4-22" name="__codelineno-4-22" href="#__codelineno-4-22"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s.gcr.io/external-dns/external-dns:v0.7.6</span><span class="w"></span>
<a id="__codelineno-4-23" name="__codelineno-4-23" href="#__codelineno-4-23"></a><span class="w"> </span><span class="nt">args</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-4-24" name="__codelineno-4-24" href="#__codelineno-4-24"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--source=service</span><span class="w"></span>
<a id="__codelineno-4-25" name="__codelineno-4-25" href="#__codelineno-4-25"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--source=ingress</span><span class="w"></span>
<a id="__codelineno-4-26" name="__codelineno-4-26" href="#__codelineno-4-26"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--domain-filter=external-dns-test.my-org.com</span><span class="w"> </span><span class="c1"># will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones</span><span class="w"></span>
<a id="__codelineno-4-27" name="__codelineno-4-27" href="#__codelineno-4-27"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--provider=aws</span><span class="w"></span>
<a id="__codelineno-4-28" name="__codelineno-4-28" href="#__codelineno-4-28"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--policy=upsert-only</span><span class="w"> </span><span class="c1"># would prevent ExternalDNS from deleting any records, omit to enable full synchronization</span><span class="w"></span>
<a id="__codelineno-4-29" name="__codelineno-4-29" href="#__codelineno-4-29"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--aws-zone-type=public</span><span class="w"> </span><span class="c1"># only look at public hosted zones (valid values are public, private or no value for both)</span><span class="w"></span>
<a id="__codelineno-4-30" name="__codelineno-4-30" href="#__codelineno-4-30"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--registry=txt</span><span class="w"></span>
<a id="__codelineno-4-31" name="__codelineno-4-31" href="#__codelineno-4-31"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--txt-owner-id=my-hostedzone-identifier</span><span class="w"></span>
</code></pre></div>
<h3 id="manifest-for-clusters-with-rbac-enabled">Manifest (for clusters with RBAC enabled)<a class="headerlink" href="#manifest-for-clusters-with-rbac-enabled" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
<a id="__codelineno-5-2" name="__codelineno-5-2" href="#__codelineno-5-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ServiceAccount</span><span class="w"></span>
<a id="__codelineno-5-3" name="__codelineno-5-3" href="#__codelineno-5-3"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-4" name="__codelineno-5-4" href="#__codelineno-5-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-5" name="__codelineno-5-5" href="#__codelineno-5-5"></a><span class="w"> </span><span class="c1"># If you&#39;re using Amazon EKS with IAM Roles for Service Accounts, specify the following annotation.</span><span class="w"></span>
<a id="__codelineno-5-6" name="__codelineno-5-6" href="#__codelineno-5-6"></a><span class="w"> </span><span class="c1"># Otherwise, you may safely omit it.</span><span class="w"></span>
<a id="__codelineno-5-7" name="__codelineno-5-7" href="#__codelineno-5-7"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-8" name="__codelineno-5-8" href="#__codelineno-5-8"></a><span class="w"> </span><span class="c1"># Substitute your account ID and IAM service role name below.</span><span class="w"></span>
<a id="__codelineno-5-9" name="__codelineno-5-9" href="#__codelineno-5-9"></a><span class="w"> </span><span class="nt">eks.amazonaws.com/role-arn</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::ACCOUNT-ID:role/IAM-SERVICE-ROLE-NAME</span><span class="w"></span>
<a id="__codelineno-5-10" name="__codelineno-5-10" href="#__codelineno-5-10"></a><span class="nn">---</span><span class="w"></span>
<a id="__codelineno-5-11" name="__codelineno-5-11" href="#__codelineno-5-11"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rbac.authorization.k8s.io/v1</span><span class="w"></span>
<a id="__codelineno-5-12" name="__codelineno-5-12" href="#__codelineno-5-12"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterRole</span><span class="w"></span>
<a id="__codelineno-5-13" name="__codelineno-5-13" href="#__codelineno-5-13"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-14" name="__codelineno-5-14" href="#__codelineno-5-14"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-15" name="__codelineno-5-15" href="#__codelineno-5-15"></a><span class="nt">rules</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-16" name="__codelineno-5-16" href="#__codelineno-5-16"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-17" name="__codelineno-5-17" href="#__codelineno-5-17"></a><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;services&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;endpoints&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;pods&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-18" name="__codelineno-5-18" href="#__codelineno-5-18"></a><span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;get&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;watch&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;list&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-19" name="__codelineno-5-19" href="#__codelineno-5-19"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;extensions&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;networking.k8s.io&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-20" name="__codelineno-5-20" href="#__codelineno-5-20"></a><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;ingresses&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-21" name="__codelineno-5-21" href="#__codelineno-5-21"></a><span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;get&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;watch&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;list&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-22" name="__codelineno-5-22" href="#__codelineno-5-22"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-23" name="__codelineno-5-23" href="#__codelineno-5-23"></a><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;nodes&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-24" name="__codelineno-5-24" href="#__codelineno-5-24"></a><span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;list&quot;</span><span class="p p-Indicator">,</span><span class="s">&quot;watch&quot;</span><span class="p p-Indicator">]</span><span class="w"></span>
<a id="__codelineno-5-25" name="__codelineno-5-25" href="#__codelineno-5-25"></a><span class="nn">---</span><span class="w"></span>
<a id="__codelineno-5-26" name="__codelineno-5-26" href="#__codelineno-5-26"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rbac.authorization.k8s.io/v1</span><span class="w"></span>
<a id="__codelineno-5-27" name="__codelineno-5-27" href="#__codelineno-5-27"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterRoleBinding</span><span class="w"></span>
<a id="__codelineno-5-28" name="__codelineno-5-28" href="#__codelineno-5-28"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-29" name="__codelineno-5-29" href="#__codelineno-5-29"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns-viewer</span><span class="w"></span>
<a id="__codelineno-5-30" name="__codelineno-5-30" href="#__codelineno-5-30"></a><span class="nt">roleRef</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-31" name="__codelineno-5-31" href="#__codelineno-5-31"></a><span class="w"> </span><span class="nt">apiGroup</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rbac.authorization.k8s.io</span><span class="w"></span>
<a id="__codelineno-5-32" name="__codelineno-5-32" href="#__codelineno-5-32"></a><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterRole</span><span class="w"></span>
<a id="__codelineno-5-33" name="__codelineno-5-33" href="#__codelineno-5-33"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-34" name="__codelineno-5-34" href="#__codelineno-5-34"></a><span class="nt">subjects</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-35" name="__codelineno-5-35" href="#__codelineno-5-35"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ServiceAccount</span><span class="w"></span>
<a id="__codelineno-5-36" name="__codelineno-5-36" href="#__codelineno-5-36"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-37" name="__codelineno-5-37" href="#__codelineno-5-37"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
<a id="__codelineno-5-38" name="__codelineno-5-38" href="#__codelineno-5-38"></a><span class="nn">---</span><span class="w"></span>
<a id="__codelineno-5-39" name="__codelineno-5-39" href="#__codelineno-5-39"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apps/v1</span><span class="w"></span>
<a id="__codelineno-5-40" name="__codelineno-5-40" href="#__codelineno-5-40"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Deployment</span><span class="w"></span>
<a id="__codelineno-5-41" name="__codelineno-5-41" href="#__codelineno-5-41"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-42" name="__codelineno-5-42" href="#__codelineno-5-42"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-43" name="__codelineno-5-43" href="#__codelineno-5-43"></a><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-44" name="__codelineno-5-44" href="#__codelineno-5-44"></a><span class="w"> </span><span class="nt">strategy</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-45" name="__codelineno-5-45" href="#__codelineno-5-45"></a><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Recreate</span><span class="w"></span>
<a id="__codelineno-5-46" name="__codelineno-5-46" href="#__codelineno-5-46"></a><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-47" name="__codelineno-5-47" href="#__codelineno-5-47"></a><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-48" name="__codelineno-5-48" href="#__codelineno-5-48"></a><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-49" name="__codelineno-5-49" href="#__codelineno-5-49"></a><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-50" name="__codelineno-5-50" href="#__codelineno-5-50"></a><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-51" name="__codelineno-5-51" href="#__codelineno-5-51"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-52" name="__codelineno-5-52" href="#__codelineno-5-52"></a><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-53" name="__codelineno-5-53" href="#__codelineno-5-53"></a><span class="w"> </span><span class="c1"># If you&#39;re using kiam or kube2iam, specify the following annotation.</span><span class="w"></span>
<a id="__codelineno-5-54" name="__codelineno-5-54" href="#__codelineno-5-54"></a><span class="w"> </span><span class="c1"># Otherwise, you may safely omit it.</span><span class="w"></span>
<a id="__codelineno-5-55" name="__codelineno-5-55" href="#__codelineno-5-55"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-56" name="__codelineno-5-56" href="#__codelineno-5-56"></a><span class="w"> </span><span class="nt">iam.amazonaws.com/role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::ACCOUNT-ID:role/IAM-SERVICE-ROLE-NAME</span><span class="w"></span>
<a id="__codelineno-5-57" name="__codelineno-5-57" href="#__codelineno-5-57"></a><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-58" name="__codelineno-5-58" href="#__codelineno-5-58"></a><span class="w"> </span><span class="nt">serviceAccountName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-59" name="__codelineno-5-59" href="#__codelineno-5-59"></a><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-60" name="__codelineno-5-60" href="#__codelineno-5-60"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-dns</span><span class="w"></span>
<a id="__codelineno-5-61" name="__codelineno-5-61" href="#__codelineno-5-61"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s.gcr.io/external-dns/external-dns:v0.7.6</span><span class="w"></span>
<a id="__codelineno-5-62" name="__codelineno-5-62" href="#__codelineno-5-62"></a><span class="w"> </span><span class="nt">args</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-63" name="__codelineno-5-63" href="#__codelineno-5-63"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--source=service</span><span class="w"></span>
<a id="__codelineno-5-64" name="__codelineno-5-64" href="#__codelineno-5-64"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--source=ingress</span><span class="w"></span>
<a id="__codelineno-5-65" name="__codelineno-5-65" href="#__codelineno-5-65"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--domain-filter=external-dns-test.my-org.com</span><span class="w"> </span><span class="c1"># will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones</span><span class="w"></span>
<a id="__codelineno-5-66" name="__codelineno-5-66" href="#__codelineno-5-66"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--provider=aws</span><span class="w"></span>
<a id="__codelineno-5-67" name="__codelineno-5-67" href="#__codelineno-5-67"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--policy=upsert-only</span><span class="w"> </span><span class="c1"># would prevent ExternalDNS from deleting any records, omit to enable full synchronization</span><span class="w"></span>
<a id="__codelineno-5-68" name="__codelineno-5-68" href="#__codelineno-5-68"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--aws-zone-type=public</span><span class="w"> </span><span class="c1"># only look at public hosted zones (valid values are public, private or no value for both)</span><span class="w"></span>
<a id="__codelineno-5-69" name="__codelineno-5-69" href="#__codelineno-5-69"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--registry=txt</span><span class="w"></span>
<a id="__codelineno-5-70" name="__codelineno-5-70" href="#__codelineno-5-70"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--txt-owner-id=my-hostedzone-identifier</span><span class="w"></span>
<a id="__codelineno-5-71" name="__codelineno-5-71" href="#__codelineno-5-71"></a><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-5-72" name="__codelineno-5-72" href="#__codelineno-5-72"></a><span class="w"> </span><span class="nt">fsGroup</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">65534</span><span class="w"> </span><span class="c1"># For ExternalDNS to be able to read Kubernetes and AWS token files</span><span class="w"></span>
</code></pre></div>
<h2 id="arguments">Arguments<a class="headerlink" href="#arguments" title="Permanent link">&para;</a></h2>
<p>This list is not the full list, but a few arguments that where chosen.</p>
<h3 id="aws-zone-type">aws-zone-type<a class="headerlink" href="#aws-zone-type" title="Permanent link">&para;</a></h3>
<p><code>aws-zone-type</code> allows filtering for private and public zones</p>
<h2 id="annotations">Annotations<a class="headerlink" href="#annotations" title="Permanent link">&para;</a></h2>
<p>Annotations which are specific to AWS.</p>
<h3 id="alias">alias<a class="headerlink" href="#alias" title="Permanent link">&para;</a></h3>
<p><code>external-dns.alpha.kubernetes.io/alias</code> if set to <code>true</code> on an ingress, it will create an ALIAS record when the target is an ALIAS as well. To make the target an alias, the ingress needs to be configured correctly as described in <a href="../nginx-ingress/#with-a-separate-tcp-load-balancer">the docs</a>. In particular, the argument <code>--publish-service=default/nginx-ingress-controller</code> has to be set on the <code>nginx-ingress-controller</code> container. If one uses the <code>nginx-ingress</code> Helm chart, this flag can be set with the <code>controller.publishService.enabled</code> configuration option.</p>
<h2 id="verify-externaldns-works-ingress-example">Verify ExternalDNS works (Ingress example)<a class="headerlink" href="#verify-externaldns-works-ingress-example" title="Permanent link">&para;</a></h2>
<p>Create an ingress resource manifest file.</p>
<blockquote>
<p>For ingress objects ExternalDNS will create a DNS record based on the host specified for the ingress object.</p>
</blockquote>
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">networking.k8s.io/v1</span><span class="w"></span>
<a id="__codelineno-6-2" name="__codelineno-6-2" href="#__codelineno-6-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ingress</span><span class="w"></span>
<a id="__codelineno-6-3" name="__codelineno-6-3" href="#__codelineno-6-3"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-4" name="__codelineno-6-4" href="#__codelineno-6-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span><span class="w"></span>
<a id="__codelineno-6-5" name="__codelineno-6-5" href="#__codelineno-6-5"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-6" name="__codelineno-6-6" href="#__codelineno-6-6"></a><span class="w"> </span><span class="nt">kubernetes.io/ingress.class</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;nginx&quot;</span><span class="w"> </span><span class="c1"># use the one that corresponds to your ingress controller.</span><span class="w"></span>
<a id="__codelineno-6-7" name="__codelineno-6-7" href="#__codelineno-6-7"></a><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-8" name="__codelineno-6-8" href="#__codelineno-6-8"></a><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-9" name="__codelineno-6-9" href="#__codelineno-6-9"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo.bar.com</span><span class="w"></span>
<a id="__codelineno-6-10" name="__codelineno-6-10" href="#__codelineno-6-10"></a><span class="w"> </span><span class="nt">http</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-11" name="__codelineno-6-11" href="#__codelineno-6-11"></a><span class="w"> </span><span class="nt">paths</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-12" name="__codelineno-6-12" href="#__codelineno-6-12"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">backend</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-13" name="__codelineno-6-13" href="#__codelineno-6-13"></a><span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-14" name="__codelineno-6-14" href="#__codelineno-6-14"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span><span class="w"></span>
<a id="__codelineno-6-15" name="__codelineno-6-15" href="#__codelineno-6-15"></a><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-6-16" name="__codelineno-6-16" href="#__codelineno-6-16"></a><span class="w"> </span><span class="nt">number</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">80</span><span class="w"></span>
<a id="__codelineno-6-17" name="__codelineno-6-17" href="#__codelineno-6-17"></a><span class="w"> </span><span class="nt">pathType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Prefix</span><span class="w"></span>
</code></pre></div>
<h2 id="verify-externaldns-works-service-example">Verify ExternalDNS works (Service example)<a class="headerlink" href="#verify-externaldns-works-service-example" title="Permanent link">&para;</a></h2>
<p>Create the following sample application to test that ExternalDNS works.</p>
<blockquote>
<p>For services ExternalDNS will look for the annotation <code>external-dns.alpha.kubernetes.io/hostname</code> on the service and use the corresponding value.</p>
<p>If you want to give multiple names to service, you can set it to external-dns.alpha.kubernetes.io/hostname with a comma separator.</p>
</blockquote>
<div class="highlight"><pre><span></span><code><a id="__codelineno-7-1" name="__codelineno-7-1" href="#__codelineno-7-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
<a id="__codelineno-7-2" name="__codelineno-7-2" href="#__codelineno-7-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Service</span><span class="w"></span>
<a id="__codelineno-7-3" name="__codelineno-7-3" href="#__codelineno-7-3"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-4" name="__codelineno-7-4" href="#__codelineno-7-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-7-5" name="__codelineno-7-5" href="#__codelineno-7-5"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-6" name="__codelineno-7-6" href="#__codelineno-7-6"></a><span class="w"> </span><span class="nt">external-dns.alpha.kubernetes.io/hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx.external-dns-test.my-org.com</span><span class="w"></span>
<a id="__codelineno-7-7" name="__codelineno-7-7" href="#__codelineno-7-7"></a><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-8" name="__codelineno-7-8" href="#__codelineno-7-8"></a><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LoadBalancer</span><span class="w"></span>
<a id="__codelineno-7-9" name="__codelineno-7-9" href="#__codelineno-7-9"></a><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-10" name="__codelineno-7-10" href="#__codelineno-7-10"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">80</span><span class="w"></span>
<a id="__codelineno-7-11" name="__codelineno-7-11" href="#__codelineno-7-11"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http</span><span class="w"></span>
<a id="__codelineno-7-12" name="__codelineno-7-12" href="#__codelineno-7-12"></a><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">80</span><span class="w"></span>
<a id="__codelineno-7-13" name="__codelineno-7-13" href="#__codelineno-7-13"></a><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-14" name="__codelineno-7-14" href="#__codelineno-7-14"></a><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-7-15" name="__codelineno-7-15" href="#__codelineno-7-15"></a>
<a id="__codelineno-7-16" name="__codelineno-7-16" href="#__codelineno-7-16"></a><span class="nn">---</span><span class="w"></span>
<a id="__codelineno-7-17" name="__codelineno-7-17" href="#__codelineno-7-17"></a>
<a id="__codelineno-7-18" name="__codelineno-7-18" href="#__codelineno-7-18"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apps/v1</span><span class="w"></span>
<a id="__codelineno-7-19" name="__codelineno-7-19" href="#__codelineno-7-19"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Deployment</span><span class="w"></span>
<a id="__codelineno-7-20" name="__codelineno-7-20" href="#__codelineno-7-20"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-21" name="__codelineno-7-21" href="#__codelineno-7-21"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-7-22" name="__codelineno-7-22" href="#__codelineno-7-22"></a><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-23" name="__codelineno-7-23" href="#__codelineno-7-23"></a><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-24" name="__codelineno-7-24" href="#__codelineno-7-24"></a><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-25" name="__codelineno-7-25" href="#__codelineno-7-25"></a><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-7-26" name="__codelineno-7-26" href="#__codelineno-7-26"></a><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-27" name="__codelineno-7-27" href="#__codelineno-7-27"></a><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-28" name="__codelineno-7-28" href="#__codelineno-7-28"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-29" name="__codelineno-7-29" href="#__codelineno-7-29"></a><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-7-30" name="__codelineno-7-30" href="#__codelineno-7-30"></a><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-31" name="__codelineno-7-31" href="#__codelineno-7-31"></a><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-32" name="__codelineno-7-32" href="#__codelineno-7-32"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-7-33" name="__codelineno-7-33" href="#__codelineno-7-33"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-7-34" name="__codelineno-7-34" href="#__codelineno-7-34"></a><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-7-35" name="__codelineno-7-35" href="#__codelineno-7-35"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">80</span><span class="w"></span>
<a id="__codelineno-7-36" name="__codelineno-7-36" href="#__codelineno-7-36"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http</span><span class="w"></span>
</code></pre></div>
<p>After roughly two minutes check that a corresponding DNS record for your service was created.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-8-1" name="__codelineno-8-1" href="#__codelineno-8-1"></a><span class="gp">$ </span>aws route53 list-resource-record-sets --output json --hosted-zone-id <span class="s2">&quot;/hostedzone/ZEWFWZ4R16P7IB&quot;</span> <span class="se">\</span>
<a id="__codelineno-8-2" name="__codelineno-8-2" href="#__codelineno-8-2"></a> --query <span class="s2">&quot;ResourceRecordSets[?Name == &#39;nginx.external-dns-test.my-org.com.&#39;]|[?Type == &#39;A&#39;]&quot;</span>
<a id="__codelineno-8-3" name="__codelineno-8-3" href="#__codelineno-8-3"></a><span class="go">[</span>
<a id="__codelineno-8-4" name="__codelineno-8-4" href="#__codelineno-8-4"></a><span class="go"> {</span>
<a id="__codelineno-8-5" name="__codelineno-8-5" href="#__codelineno-8-5"></a><span class="go"> &quot;AliasTarget&quot;: {</span>
<a id="__codelineno-8-6" name="__codelineno-8-6" href="#__codelineno-8-6"></a><span class="go"> &quot;HostedZoneId&quot;: &quot;ZEWFWZ4R16P7IB&quot;,</span>
<a id="__codelineno-8-7" name="__codelineno-8-7" href="#__codelineno-8-7"></a><span class="go"> &quot;DNSName&quot;: &quot;ae11c2360188411e7951602725593fd1-1224345803.eu-central-1.elb.amazonaws.com.&quot;,</span>
<a id="__codelineno-8-8" name="__codelineno-8-8" href="#__codelineno-8-8"></a><span class="go"> &quot;EvaluateTargetHealth&quot;: true</span>
<a id="__codelineno-8-9" name="__codelineno-8-9" href="#__codelineno-8-9"></a><span class="go"> },</span>
<a id="__codelineno-8-10" name="__codelineno-8-10" href="#__codelineno-8-10"></a><span class="go"> &quot;Name&quot;: &quot;external-dns-test.my-org.com.&quot;,</span>
<a id="__codelineno-8-11" name="__codelineno-8-11" href="#__codelineno-8-11"></a><span class="go"> &quot;Type&quot;: &quot;A&quot;</span>
<a id="__codelineno-8-12" name="__codelineno-8-12" href="#__codelineno-8-12"></a><span class="go"> },</span>
<a id="__codelineno-8-13" name="__codelineno-8-13" href="#__codelineno-8-13"></a><span class="go"> {</span>
<a id="__codelineno-8-14" name="__codelineno-8-14" href="#__codelineno-8-14"></a><span class="go"> &quot;Name&quot;: &quot;external-dns-test.my-org.com&quot;,</span>
<a id="__codelineno-8-15" name="__codelineno-8-15" href="#__codelineno-8-15"></a><span class="go"> &quot;TTL&quot;: 300,</span>
<a id="__codelineno-8-16" name="__codelineno-8-16" href="#__codelineno-8-16"></a><span class="go"> &quot;ResourceRecords&quot;: [</span>
<a id="__codelineno-8-17" name="__codelineno-8-17" href="#__codelineno-8-17"></a><span class="go"> {</span>
<a id="__codelineno-8-18" name="__codelineno-8-18" href="#__codelineno-8-18"></a><span class="go"> &quot;Value&quot;: &quot;\&quot;heritage=external-dns,external-dns/owner=my-hostedzone-identifier\&quot;&quot;</span>
<a id="__codelineno-8-19" name="__codelineno-8-19" href="#__codelineno-8-19"></a><span class="go"> }</span>
<a id="__codelineno-8-20" name="__codelineno-8-20" href="#__codelineno-8-20"></a><span class="go"> ],</span>
<a id="__codelineno-8-21" name="__codelineno-8-21" href="#__codelineno-8-21"></a><span class="go"> &quot;Type&quot;: &quot;TXT&quot;</span>
<a id="__codelineno-8-22" name="__codelineno-8-22" href="#__codelineno-8-22"></a><span class="go"> }</span>
<a id="__codelineno-8-23" name="__codelineno-8-23" href="#__codelineno-8-23"></a><span class="go">]</span>
</code></pre></div>
<p>Note created TXT record alongside ALIAS record. TXT record signifies that the corresponding ALIAS record is managed by ExternalDNS. This makes ExternalDNS safe for running in environments where there are other records managed via other means.</p>
<p>Let&rsquo;s check that we can resolve this DNS name. We&rsquo;ll ask the nameservers assigned to your zone first.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-9-1" name="__codelineno-9-1" href="#__codelineno-9-1"></a><span class="gp">$ </span>dig +short @ns-5514.awsdns-53.org. nginx.external-dns-test.my-org.com.
<a id="__codelineno-9-2" name="__codelineno-9-2" href="#__codelineno-9-2"></a><span class="go">ae11c2360188411e7951602725593fd1-1224345803.eu-central-1.elb.amazonaws.com.</span>
</code></pre></div>
<p>If you hooked up your DNS zone with its parent zone correctly you can use <code>curl</code> to access your site.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-10-1" name="__codelineno-10-1" href="#__codelineno-10-1"></a><span class="gp">$ </span>curl nginx.external-dns-test.my-org.com.
<a id="__codelineno-10-2" name="__codelineno-10-2" href="#__codelineno-10-2"></a><span class="go">&lt;!DOCTYPE html&gt;</span>
<a id="__codelineno-10-3" name="__codelineno-10-3" href="#__codelineno-10-3"></a><span class="go">&lt;html&gt;</span>
<a id="__codelineno-10-4" name="__codelineno-10-4" href="#__codelineno-10-4"></a><span class="go">&lt;head&gt;</span>
<a id="__codelineno-10-5" name="__codelineno-10-5" href="#__codelineno-10-5"></a><span class="go">&lt;title&gt;Welcome to nginx!&lt;/title&gt;</span>
<a id="__codelineno-10-6" name="__codelineno-10-6" href="#__codelineno-10-6"></a><span class="go">...</span>
<a id="__codelineno-10-7" name="__codelineno-10-7" href="#__codelineno-10-7"></a><span class="go">&lt;/head&gt;</span>
<a id="__codelineno-10-8" name="__codelineno-10-8" href="#__codelineno-10-8"></a><span class="go">&lt;body&gt;</span>
<a id="__codelineno-10-9" name="__codelineno-10-9" href="#__codelineno-10-9"></a><span class="go">...</span>
<a id="__codelineno-10-10" name="__codelineno-10-10" href="#__codelineno-10-10"></a><span class="go">&lt;/body&gt;</span>
<a id="__codelineno-10-11" name="__codelineno-10-11" href="#__codelineno-10-11"></a><span class="go">&lt;/html&gt;</span>
</code></pre></div>
<p>Ingress objects on AWS require a separately deployed Ingress controller which we&rsquo;ll describe in another tutorial.</p>
<h2 id="custom-ttl">Custom TTL<a class="headerlink" href="#custom-ttl" title="Permanent link">&para;</a></h2>
<p>The default DNS record TTL (Time-To-Live) is 300 seconds. You can customize this value by setting the annotation <code>external-dns.alpha.kubernetes.io/ttl</code>.<br />
e.g., modify the service manifest YAML file above:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-11-1" name="__codelineno-11-1" href="#__codelineno-11-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
<a id="__codelineno-11-2" name="__codelineno-11-2" href="#__codelineno-11-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Service</span><span class="w"></span>
<a id="__codelineno-11-3" name="__codelineno-11-3" href="#__codelineno-11-3"></a><span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-11-4" name="__codelineno-11-4" href="#__codelineno-11-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span><span class="w"></span>
<a id="__codelineno-11-5" name="__codelineno-11-5" href="#__codelineno-11-5"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-11-6" name="__codelineno-11-6" href="#__codelineno-11-6"></a><span class="w"> </span><span class="nt">external-dns.alpha.kubernetes.io/hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx.external-dns-test.my-org.com</span><span class="w"></span>
<a id="__codelineno-11-7" name="__codelineno-11-7" href="#__codelineno-11-7"></a><span class="w"> </span><span class="nt">external-dns.alpha.kubernetes.io/ttl</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;60&quot;</span><span class="w"></span>
<a id="__codelineno-11-8" name="__codelineno-11-8" href="#__codelineno-11-8"></a><span class="nt">spec</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-11-9" name="__codelineno-11-9" href="#__codelineno-11-9"></a><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span><span class="w"></span>
</code></pre></div>
<p>This will set the DNS record&rsquo;s TTL to 60 seconds.</p>
<h2 id="routing-policies">Routing policies<a class="headerlink" href="#routing-policies" title="Permanent link">&para;</a></h2>
<p>Route53 offers <a href="https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html">different routing policies</a>. The routing policy for a record can be controlled with the following annotations:</p>
<ul>
<li><code>external-dns.alpha.kubernetes.io/set-identifier</code>: this <strong>needs</strong> to be set to use any of the following routing policies</li>
</ul>
<p>For any given DNS name, only <strong>one</strong> of the following routing policies can be used:</p>
<ul>
<li>Weighted records: <code>external-dns.alpha.kubernetes.io/aws-weight</code></li>
<li>Latency-based routing: <code>external-dns.alpha.kubernetes.io/aws-region</code></li>
<li>Failover:<code>external-dns.alpha.kubernetes.io/aws-failover</code></li>
<li>Geolocation-based routing:</li>
<li><code>external-dns.alpha.kubernetes.io/aws-geolocation-continent-code</code></li>
<li><code>external-dns.alpha.kubernetes.io/aws-geolocation-country-code</code></li>
<li><code>external-dns.alpha.kubernetes.io/aws-geolocation-subdivision-code</code></li>
<li>Multi-value answer:<code>external-dns.alpha.kubernetes.io/aws-multi-value-answer</code></li>
</ul>
<h2 id="associating-dns-records-with-healthchecks">Associating DNS records with healthchecks<a class="headerlink" href="#associating-dns-records-with-healthchecks" title="Permanent link">&para;</a></h2>
<p>You can configure Route53 to associate DNS records with healthchecks for automated DNS failover using <br />
<code>external-dns.alpha.kubernetes.io/aws-health-check-id: &lt;health-check-id&gt;</code> annotation.</p>
<p>Note: ExternalDNS does not support creating healthchecks, and assumes that <code>&lt;health-check-id&gt;</code> already exists.</p>
<h2 id="govcloud-caveats">Govcloud caveats<a class="headerlink" href="#govcloud-caveats" title="Permanent link">&para;</a></h2>
<p>Due to the special nature with how Route53 runs in Govcloud, there are a few tweaks in the deployment settings.</p>
<ul>
<li>An Environment variable with name of AWS_REGION set to either us-gov-west-1 or us-gov-east-1 is required. Otherwise it tries to lookup a region that does not exist in Govcloud and it errors out.</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-12-1" name="__codelineno-12-1" href="#__codelineno-12-1"></a><span class="nt">env</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-12-2" name="__codelineno-12-2" href="#__codelineno-12-2"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AWS_REGION</span><span class="w"></span>
<a id="__codelineno-12-3" name="__codelineno-12-3" href="#__codelineno-12-3"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">us-gov-west-1</span><span class="w"></span>
</code></pre></div>
<ul>
<li>Route53 in Govcloud does not allow aliases. Therefore, container args must be set so that it uses CNAMES and a txt-prefix must be set to something. Otherwise, it will try to create a TXT record with the same value than the CNAME itself, which is not allowed.</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-13-1" name="__codelineno-13-1" href="#__codelineno-13-1"></a><span class="nt">args</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-13-2" name="__codelineno-13-2" href="#__codelineno-13-2"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--aws-prefer-cname</span><span class="w"></span>
<a id="__codelineno-13-3" name="__codelineno-13-3" href="#__codelineno-13-3"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--txt-prefix={{ YOUR_PREFIX }}</span><span class="w"></span>
</code></pre></div>
<ul>
<li>The first two changes are needed if you use Route53 in Govcloud, which only supports private zones. There are also no cross account IAM whatsoever between Govcloud and commerical AWS accounts. If services and ingresses need to make Route 53 entries to an public zone in a commerical account, you will have set env variables of AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with a key and secret to the commerical account that has the sufficient rights.</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-14-1" name="__codelineno-14-1" href="#__codelineno-14-1"></a><span class="nt">env</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-14-2" name="__codelineno-14-2" href="#__codelineno-14-2"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AWS_ACCESS_KEY_ID</span><span class="w"></span>
<a id="__codelineno-14-3" name="__codelineno-14-3" href="#__codelineno-14-3"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">XXXXXXXXX</span><span class="w"></span>
<a id="__codelineno-14-4" name="__codelineno-14-4" href="#__codelineno-14-4"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AWS_SECRET_ACCESS_KEY</span><span class="w"></span>
<a id="__codelineno-14-5" name="__codelineno-14-5" href="#__codelineno-14-5"></a><span class="w"> </span><span class="nt">valueFrom</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-14-6" name="__codelineno-14-6" href="#__codelineno-14-6"></a><span class="w"> </span><span class="nt">secretKeyRef</span><span class="p">:</span><span class="w"></span>
<a id="__codelineno-14-7" name="__codelineno-14-7" href="#__codelineno-14-7"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">YOUR_SECRET_NAME</span><span class="w"> </span><span class="p p-Indicator">}}</span><span class="w"></span>
<a id="__codelineno-14-8" name="__codelineno-14-8" href="#__codelineno-14-8"></a><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">YOUR_SECRET_KEY</span><span class="w"> </span><span class="p p-Indicator">}}</span><span class="w"></span>
</code></pre></div>
<h2 id="clean-up">Clean up<a class="headerlink" href="#clean-up" title="Permanent link">&para;</a></h2>
<p>Make sure to delete all Service objects before terminating the cluster so all load balancers get cleaned up correctly.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-15-1" name="__codelineno-15-1" href="#__codelineno-15-1"></a><span class="gp">$ </span>kubectl delete service nginx
</code></pre></div>
<p>Give ExternalDNS some time to clean up the DNS records for you. Then delete the hosted zone if you created one for the testing purpose.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-16-1" name="__codelineno-16-1" href="#__codelineno-16-1"></a><span class="gp">$ </span>aws route53 delete-hosted-zone --id /hostedzone/ZEWFWZ4R16P7IB
</code></pre></div>
<h2 id="throttling">Throttling<a class="headerlink" href="#throttling" title="Permanent link">&para;</a></h2>
<p>Route53 has a <a href="https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests-route-53">5 API requests per second per account hard quota</a>.<br />
Running several fast polling ExternalDNS instances in a given account can easily hit that limit. Some ways to reduce the request rate include:<br />
* Reduce the polling loop&rsquo;s synchronization interval at the possible cost of slower change propagation (but see <code>--events</code> below to reduce the impact).<br />
* <code>--interval=5m</code> (default <code>1m</code>)<br />
* Trigger the polling loop on changes to K8s objects, rather than only at <code>interval</code>, to have responsive updates with long poll intervals<br />
* <code>--events</code><br />
* Limit the <a href="https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L364">sources watched</a> when the <code>--events</code> flag is specified to specific types, namespaces, labels, or annotations<br />
* <code>--source=ingress --source=service</code> - specify multiple times for multiple sources<br />
* <code>--namespace=my-app</code><br />
* <code>--label-filter=app in (my-app)</code><br />
* <code>--annotation-filter=kubernetes.io/ingress.class in (nginx-external)</code> - note that this filter would apply to services too..<br />
* Limit services watched by type (not applicable to ingress or other types)<br />
* <code>--service-type-filter=LoadBalancer</code> default <code>all</code><br />
* Limit the hosted zones considered<br />
* <code>--zone-id-filter=ABCDEF12345678</code> - specify multiple times if needed<br />
* <code>--domain-filter=example.com</code> by domain suffix - specify multiple times if needed<br />
* <code>--regex-domain-filter=example*</code> by domain suffix but as a regex - overrides domain-filter<br />
* <code>--exclude-domains=ignore.this.example.com</code> to exclude a domain or subdomain<br />
* <code>--regex-domain-exclusion=ignore*</code> subtracts it&rsquo;s matches from <code>regex-domain-filter</code>&lsquo;s matches<br />
* <code>--aws-zone-type=public</code> only sync zones of this type <code>[public|private]</code><br />
* <code>--aws-zone-tags=owner=k8s</code> only sync zones with this tag<br />
* If the list of zones managed by ExternalDNS doesn&rsquo;t change frequently, cache it by setting a TTL.<br />
* <code>--aws-zones-cache-duration=3h</code> (default <code>0</code> - disabled)<br />
* Increase the number of changes applied to Route53 in each batch<br />
* <code>--aws-batch-change-size=4000</code> (default <code>1000</code>)<br />
* Increase the interval between changes<br />
* <code>--aws-batch-change-interval=10s</code> (default <code>1s</code>)<br />
* Introducing some jitter to the pod initialization, so that when multiple instances of ExternalDNS are updated at the same time they do not make their requests on the same second.</p>
<p>A simple way to implement randomised startup is with an init container:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-17-1" name="__codelineno-17-1" href="#__codelineno-17-1"></a>...
<a id="__codelineno-17-2" name="__codelineno-17-2" href="#__codelineno-17-2"></a> spec:
<a id="__codelineno-17-3" name="__codelineno-17-3" href="#__codelineno-17-3"></a> initContainers:
<a id="__codelineno-17-4" name="__codelineno-17-4" href="#__codelineno-17-4"></a> - name: init-jitter
<a id="__codelineno-17-5" name="__codelineno-17-5" href="#__codelineno-17-5"></a> image: k8s.gcr.io/external-dns/external-dns:v0.7.6
<a id="__codelineno-17-6" name="__codelineno-17-6" href="#__codelineno-17-6"></a> command:
<a id="__codelineno-17-7" name="__codelineno-17-7" href="#__codelineno-17-7"></a> - /bin/sh
<a id="__codelineno-17-8" name="__codelineno-17-8" href="#__codelineno-17-8"></a> - -c
<a id="__codelineno-17-9" name="__codelineno-17-9" href="#__codelineno-17-9"></a> - &#39;FOR=$((RANDOM % 10))s;echo &quot;Sleeping for $FOR&quot;;sleep $FOR&#39;
<a id="__codelineno-17-10" name="__codelineno-17-10" href="#__codelineno-17-10"></a> containers:
<a id="__codelineno-17-11" name="__codelineno-17-11" href="#__codelineno-17-11"></a>...
</code></pre></div>
<h3 id="eks">EKS<a class="headerlink" href="#eks" title="Permanent link">&para;</a></h3>
<p>An effective starting point for EKS with an ingress controller might look like:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-18-1" name="__codelineno-18-1" href="#__codelineno-18-1"></a>--interval<span class="o">=</span>5m
<a id="__codelineno-18-2" name="__codelineno-18-2" href="#__codelineno-18-2"></a>--events
<a id="__codelineno-18-3" name="__codelineno-18-3" href="#__codelineno-18-3"></a>--source<span class="o">=</span>ingress
<a id="__codelineno-18-4" name="__codelineno-18-4" href="#__codelineno-18-4"></a>--domain-filter<span class="o">=</span>example.com
<a id="__codelineno-18-5" name="__codelineno-18-5" href="#__codelineno-18-5"></a>--aws-zones-cache-duration<span class="o">=</span>1h
</code></pre></div>
<hr>
<div class="md-source-file">
<small>
Last update:
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 11, 2022</span>
</small>
</div>
</article>
</div>
</div>
<a href="#" class="md-top md-icon" data-md-component="top" data-md-state="hidden">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"/></svg>
Back to top
</a>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer">
<a href="../aws-sd/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Setting up ExternalDNS using AWS Cloud Map API" rel="prev">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Previous
</span>
Setting up ExternalDNS using AWS Cloud Map API
</div>
</div>
</a>
<a href="../azure-private-dns/" class="md-footer__link md-footer__link--next" aria-label="Next: Set up ExternalDNS for Azure Private DNS" rel="next">
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Next
</span>
Set up ExternalDNS for Azure Private DNS
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": ["content.code.annotate", "navigation.top", "navigation.tracking", "navigation.indexes", "navigation.instant", "navigation.tabs", "navigation.tabs.sticky"], "search": "../../assets/javascripts/workers/search.5e67fbfe.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../../assets/javascripts/bundle.c44cc438.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink