mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-06 17:46:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
b9f9cde0ed
external-dns/docs/sources/traefik-proxy.md
Michel Loiseleur 8cc73bd1e4
feat(traefik)!: disable legacy listeners on traefik.containo.us API Group (#5565) 
* feat(traefik)!: disable legacy listeners on traefik.containo.us API Group

* update docs accordingly

* update test accordingly

* type argument is infered

* fix rebase
2025-07-03 09:15:27 -07:00

3.1 KiB
Raw Blame History

Traefik Proxy Source

This tutorial describes how to configure ExternalDNS to use the Traefik Proxy source. It is meant to supplement the other provider-specific setup tutorials.

Manifest (for clusters without RBAC enabled)

[[% include 'traefik-proxy/without-rbac.yaml' %]]

Manifest (for clusters with RBAC enabled)

[[% include 'traefik-proxy/with-cluster-rbac.yaml' %]]

Deploying a Traefik IngressRoute

Create an IngressRoute file called 'ingress-route-default' with the following contents:

[[% include 'traefik-proxy/ingress-route-default.yaml' %]]

Note the annotation on the IngressRoute (external-dns.alpha.kubernetes.io/target); use the same hostname as the traefik DNS.

ExternalDNS uses this annotation to determine what services should be registered with DNS.

Create the IngressRoute:

kubectl create -f docs/snippets/traefik-proxy/ingress-route-default.yaml

Depending where you run your IngressRoute it can take a little while for ExternalDNS synchronize the DNS record.

Support private and public routing

To create a more robust and manageable Kubernetes environment, leverage separate Ingress classes to finely control public and private routing's security, performance, and operational policies. Similar approach could work in multi-tenant environments.

For this we are going to need two instances of traefik (public and private) as well as two instances of external-dns.

The traefik configuration should contain (for more detailed configured validate with the vendor)

[[% include 'traefik-proxy/traefik-public-private-config.yaml' %]]

Create a IngressRoutes files with the following contents:

[[% include 'traefik-proxy/ingress-route-public-private.yaml' %]]

And the arguments for external-dns instances should looks like

---
args:
  - --source=traefik-proxy
  - --annotation-filter="kubernetes.io/ingress.class=traefik-public"
---
args:
  - --source=traefik-proxy
  - --annotation-filter="kubernetes.io/ingress.class=traefik-private"

Cleanup

Now that we have verified that ExternalDNS will automatically manage Traefik DNS records, we can delete the tutorial's example:

kubectl delete -f docs/snippets/traefik-proxy/ingress-route-default.yaml
kubectl delete -f externaldns.yaml

Additional Flags

Flag Description
--traefik-enable-legacy Enable listeners on Resources under traefik.containo.us
--traefik-disable-new Disable listeners on Resources under traefik.io

Resource Listeners

Traefik has deprecated the legacy API group, traefik.containo.us, in favor of traefik.io. By default the traefik-proxy source listen for resources under traefik.io API groups.

If needed, you can enable legacy listener with --traefik-enable-legacy and also disable new listener with --traefik-disable-new.