Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 4. External DNS Operator

4.1. External DNS Operator release notes
Link kopieren

The External DNS Operator deploys and manages ExternalDNS to provide name resolution for services and routes. This enables your external DNS provider to resolve hostnames directly to OpenShift Container Platform resources.

Important

The External DNS Operator is only supported on the x86_64 architecture.

These release notes track the development of the External DNS Operator in OpenShift Container Platform.

4.1.1. External DNS Operator 1.3
Link kopieren

The External DNS Operator 1.3 release notes summarize all new features and enhancements, notable technical changes, major corrections from previous versions, and any known bugs upon general availability.

External DNS Operator 1.3.2

The following advisory is available for the External DNS Operator version 1.3.2:

External DNS Operator 1.3.1

The following advisory is available for the External DNS Operator version 1.3.1:

External DNS Operator 1.3.0

The following advisory is available for the External DNS Operator version 1.3.0:

  • RHEA-2024:8550 Product Enhancement Advisory

    This update includes a rebase to the 0.14.2 version of the upstream project.

    Bug fixes:

  • Previously, the ExternalDNS Operator could not deploy operands on HCP clusters. With this release, the Operator deploys operands in a running and ready state. (OCPBUGS-37059)
  • Previously, the ExternalDNS Operator was not using RHEL 9 as its building or base images. With this release, RHEL9 is the base. (OCPBUGS-41683)
  • Previously, the godoc had a broken link for Infoblox provider. With this release, the godoc is revised for accuracy. Some links are removed while some other are replaced with GitHub permalinks. (OCPBUGS-36797)

4.1.2. External DNS Operator 1.2
Link kopieren

The External DNS Operator 1.2 release notes summarize all new features and enhancements, notable technical changes, major corrections from previous versions, and any known bugs upon general availability.

External DNS Operator 1.2.0

The following advisory is available for the External DNS Operator version 1.2.0:

4.1.3. External DNS Operator 1.1
Link kopieren

The External DNS Operator 1.1 release notes summarize all new features and enhancements, notable technical changes, major corrections from previous versions, and any known bugs upon general availability.

External DNS Operator 1.1.1

The following advisory is available for the External DNS Operator version 1.1.1:

External DNS Operator 1.1.0

This release included a rebase of the operand from the upstream project version 0.13.1. The following advisory is available for the External DNS Operator version 1.1.0:

4.1.4. External DNS Operator 1.0
Link kopieren

The External DNS Operator 1.0 release notes summarize all new features and enhancements, notable technical changes, major corrections from previous versions, and any known bugs upon general availability.

External DNS Operator 1.0.1

The following advisory is available for the External DNS Operator version 1.0.1:

External DNS Operator 1.0.0

The following advisory is available for the External DNS Operator version 1.0.0:

4.2. Understanding the External DNS Operator
Link kopieren

To provide name resolution for services and routes from an External DNS provider to OpenShift Container Platform, use the External DNS Operator. This Operator deploys and manages ExternalDNS to synchronize your cluster resources with the external provider.

4.2.1. External DNS Operator domain name limitations
Link kopieren

To prevent configuration errors when deploying the ExternalDNS resource, review the domain name limitations enforced by the External DNS Operator. Understanding these constraints ensures that your requested hostnames and domains are compatible with your underlying DNS provider.

The External DNS Operator uses the TXT registry that adds the prefix for TXT records. This reduces the maximum length of the domain name for TXT records. A DNS record cannot be present without a corresponding TXT record, so the domain name of the DNS record must follow the same limit as the TXT records. For example, a DNS record of <domain_name_from_source> results in a TXT record of external-dns-<record_type>-<domain_name_from_source>.

The domain name of the DNS records generated by the External DNS Operator has the following limitations:

Expand
Record typeNumber of characters

CNAME

44

Wildcard CNAME records on AzureDNS

42

A

48

Wildcard A records on AzureDNS

46

The following error shows in the External DNS Operator logs if the generated domain name exceeds any of the domain name limitations: 

time="2022-09-02T08:53:57Z" level=error msg="Failure in zone test.example.io. [Id: /hostedzone/Z06988883Q0H0RL6UMXXX]"
time="2022-09-02T08:53:57Z" level=error msg="InvalidChangeBatch: [FATAL problem: DomainLabelTooLong (Domain label is too long) encountered with 'external-dns-a-hello-openshift-aaaaaaaaaa-bbbbbbbbbb-ccccccc']\n\tstatus code: 400, request id: e54dfd5a-06c6-47b0-bcb9-a4f7c3a4e0c6"
Copy to Clipboard Toggle word wrap

4.2.2. Deploying the External DNS Operator
Link kopieren

You can deploy the External DNS Operator on-demand from the Software Catalog. Deploying the External DNS Operator creates a Subscription object.

The External DNS Operator implements the External DNS API from the olm.openshift.io API group. The External DNS Operator updates services, routes, and external DNS providers.

Prerequisites

  • You have installed the yq CLI tool.

Procedure

  1. Check the name of an install plan, such as install-zcvlr, by running the following command: 

    $ oc -n external-dns-operator get sub external-dns-operator -o yaml | yq '.status.installplan.name'
    Copy to Clipboard Toggle word wrap

  2. Check if the status of an install plan is Complete by running the following command: 

    $ oc -n external-dns-operator get ip <install_plan_name> -o yaml | yq '.status.phase'
    Copy to Clipboard Toggle word wrap

  3. View the status of the external-dns-operator deployment by running the following command: 

    $ oc get -n external-dns-operator deployment/external-dns-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                    READY     UP-TO-DATE   AVAILABLE   AGE
external-dns-operator   1/1       1            1           23h
    Copy to Clipboard Toggle word wrap

4.2.3. Viewing External DNS Operator logs
Link kopieren

To troubleshoot DNS configuration issues, view the External DNS Operator logs. Use the oc logs command to retrieve diagnostic information directly from the Operator pod.

Procedure

  • View the logs of the External DNS Operator by running the following command: 

    $ oc logs -n external-dns-operator deployment/external-dns-operator -c external-dns-operator
    Copy to Clipboard Toggle word wrap

4.3. Installing the External DNS Operator
Link kopieren

To manage DNS records on your cloud infrastructure, install the External DNS Operator. This Operator supports deployment on major cloud providers, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.

4.3.1. Installing the External DNS Operator with OperatorHub
Link kopieren

You can install the External DNS Operator by using the OpenShift Container Platform OperatorHub. You can then manage the Operator lifecycle directly from the web console.

Procedure

  1. Click Operators OperatorHub in the OpenShift Container Platform web console.
  2. Click External DNS Operator. You can use the Filter by keyword text box or the filter list to search for External DNS Operator from the list of Operators.
  3. Select the external-dns-operator namespace.
  4. On the External DNS Operator page, click Install.

  5. On the Install Operator page, ensure that you selected the following options:

    1. Update the channel as stable-v1.
    2. Installation mode as A specific name on the cluster.
    3. Installed namespace as external-dns-operator. If namespace external-dns-operator does not exist, the Operator gets created during the Operator installation.
    4. Select Approval Strategy as Automatic or Manual. The Approval Strategy defaults to Automatic.

    5. Click Install.

      If you select Automatic updates, the Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without any intervention.

      If you select Manual updates, the OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the Operator updated to the new version.

Verification

  • Verify that the External DNS Operator shows the Status as Succeeded on the Installed Operators dashboard.

4.3.2. Installing the External DNS Operator by using the CLI
Link kopieren

You can use the OpenShift CLI (oc) to install the External DNS Operator. The Operator manages the installation process directly from your terminal without you having to use the web console.

Prerequisites

  • You are logged in to the OpenShift CLI (oc).

Procedure

  1. Create a Namespace object:

    1. Create a YAML file that defines the Namespace object:

      Example namespace.yaml file

      apiVersion: v1
kind: Namespace
metadata:
  name: external-dns-operator
# ...
      Copy to Clipboard Toggle word wrap

    2. Create the Namespace object by running the following command: 

      $ oc apply -f namespace.yaml
      Copy to Clipboard Toggle word wrap

  2. Create an OperatorGroup object:

    1. Create a YAML file that defines the OperatorGroup object:

      Example operatorgroup.yaml file

      apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: external-dns-operator
  namespace: external-dns-operator
spec:
  upgradeStrategy: Default
  targetNamespaces:
  - external-dns-operator
# ...
      Copy to Clipboard Toggle word wrap

    2. Create the OperatorGroup object by running the following command: 

      $ oc apply -f operatorgroup.yaml
      Copy to Clipboard Toggle word wrap

  3. Create a Subscription object:

    1. Create a YAML file that defines the Subscription object:

      Example subscription.yaml file

      apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: external-dns-operator
  namespace: external-dns-operator
spec:
  channel: stable-v1
  installPlanApproval: Automatic
  name: external-dns-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
# ...
      Copy to Clipboard Toggle word wrap

    2. Create the Subscription object by running the following command: 

      $ oc apply -f subscription.yaml
      Copy to Clipboard Toggle word wrap

Verification

  1. Get the name of the install plan from the subscription by running the following command: 

    $ oc -n external-dns-operator \
  get subscription external-dns-operator \
  --template='{{.status.installplan.name}}{{"\n"}}'
    Copy to Clipboard Toggle word wrap

  2. Verify that the status of the install plan is Complete by running the following command: 

    $ oc -n external-dns-operator \
  get ip <install_plan_name> \
  --template='{{.status.phase}}{{"\n"}}'
    Copy to Clipboard Toggle word wrap

  3. Verify that the status of the external-dns-operator pod is Running by running the following command: 

    $ oc -n external-dns-operator get pod
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                                     READY   STATUS    RESTARTS   AGE
external-dns-operator-5584585fd7-5lwqm   2/2     Running   0          11m
    Copy to Clipboard Toggle word wrap

  4. Verify that the catalog source of the subscription is redhat-operators by running the following command: 

    $ oc -n external-dns-operator get subscription
    Copy to Clipboard Toggle word wrap

  5. Check the external-dns-operator version by running the following command: 

    $ oc -n external-dns-operator get csv
    Copy to Clipboard Toggle word wrap

4.4. External DNS Operator configuration parameters
Link kopieren

To customize the behavior of the External DNS Operator, configure the available parameters in the ExternalDNS custom resource (CR). By configuraing parameters, you can control how the Operator synchronizes services and routes with your external DNS provider.

4.4.1. External DNS Operator configuration parameters
Link kopieren

To customize the behavior of the External DNS Operator, configure the available parameters in the ExternalDNS custom resource (CR). By configuring parameters, you can control how the Operator synchronizes services and routes with your external DNS provider.

Expand
ParameterDescription

spec

Enables the type of a cloud provider. 

spec:
  provider:
    type: AWS
    aws:
      credentials:
        name: aws-access-key
Copy to Clipboard Toggle word wrap
  • provider.type: Specifies available options such as AWS, Google Cloud, Azure, and Infoblox.
  • provider.aws.credentials.name: Specifies a secret name for your cloud provider.

zones

Enables you to specify DNS zones by their domains. If you do not specify zones, the ExternalDNS resource discovers all of the zones present in your cloud provider account. 

zones:
- "<zone_id>"
Copy to Clipboard Toggle word wrap
  • <zone_id>: Specifies the name of DNS zones.

domains

Enables you to specify AWS zones by their domains. If you do not specify domains, the ExternalDNS resource discovers all of the zones present in your cloud provider account. 

domains:
- filterType: Include
  matchType: Exact
  name: "myzonedomain1.com"
- filterType: Include
  matchType: Pattern
  pattern: ".*\\.otherzonedomain\\.com"
Copy to Clipboard Toggle word wrap
  • domains.filterType: Specifies that the ExternalDNS resource includes the domain name.
  • domains.matchType: Specifies that the domain matching has to be exact as opposed to regular expression match.
  • domains.name: Specifies the name of the domain.
  • filterType.matchType: Specifies the regex-domain-filter flag in the ExternalDNS resource. You can limit possible domains by using a Regex filter.
  • filterType.pattern: Specifies the regex pattern to be used by the ExternalDNS resource to filter the domains of the target zones.

source

Enables you to specify the source for the DNS records, Service or Route. 

source:
  type: Service
  service:
    serviceType:
      - LoadBalancer
      - ClusterIP
  labelFilter:
    matchLabels:
      external-dns.mydomain.org/publish: "yes"
  hostnameAnnotation: "Allow"
  fqdnTemplate:
  - "{{.Name}}.myzonedomain.com"
Copy to Clipboard Toggle word wrap
  • source: Specifies the settings for the source of DNS records.
  • source.type: Specifies that the ExternalDNS CR uses the Service type as the source for creating DNS records.
  • service.serviceType: Specifies the service-type-filter flag in the ExternalDNS resource. The serviceType contains the following fields: default: LoadBalancer; expected: ClusterIP; NodePort; LoadBalancer; ExternalName.
  • service.labelFilter: Specifies that the controller considers only those resources that match with label filter.
  • hostnameAnnotation: Specifies that the default value for hostnameAnnotation is Ignore which instructs ExternalDNS to generate DNS records by using the templates specified in the field fqdnTemplates. When the value is Allow the DNS records get generated based on the value specified in the external-dns.alpha.kubernetes.io/hostname annotation.
  • fqdnTemplate: Specifies that the External DNS Operator uses a string to generate DNS names from sources that do not define a hostname, or to add a hostname suffix when paired with the fake source. 
source:
  type: OpenShiftRoute
  openshiftRouteOptions:
    routerName: default
    labelFilter:
      matchLabels:
        external-dns.mydomain.org/publish: "yes"
Copy to Clipboard Toggle word wrap
  • source.type: Specifies the creation of DNS records.
  • openshiftRouteOptions.routerName: Specifies if the source type is OpenShiftRoute. If so, you can pass the Ingress Controller name. The ExternalDNS resource uses the canonical name of the Ingress Controller as the target for CNAME records.

4.5. Creating DNS records on AWS
Link kopieren

To create DNS records on AWS and AWS GovCloud, use the External DNS Operator. The Operator manages external name resolution for your cluster services directly through the Operator.

You can create DNS records on a public hosted zone for AWS by using the Red Hat External DNS Operator. You can use the same instructions to create DNS records on a hosted zone for AWS GovCloud.

Procedure

  1. Check the user profile by running the following command. The profile, such as system:admin, must have access to the kube-system namespace. If you do not have the credentials, you can fetch the credentials from the kube-system namespace to use the cloud provider client by running the following command: 

    $ oc whoami
    Copy to Clipboard Toggle word wrap

  2. Fetch the values from the aws-creds secret that exists in the kube-system namespace. 

    $ export AWS_ACCESS_KEY_ID=$(oc get secrets aws-creds -n kube-system  --template={{.data.aws_access_key_id}} | base64 -d)
    Copy to Clipboard Toggle word wrap 
    $ export AWS_SECRET_ACCESS_KEY=$(oc get secrets aws-creds -n kube-system  --template={{.data.aws_secret_access_key}} | base64 -d)
    Copy to Clipboard Toggle word wrap

  3. Get the routes to check the domain: 

    $ oc get routes --all-namespaces | grep console
    Copy to Clipboard Toggle word wrap

    Example output

    openshift-console          console             console-openshift-console.apps.testextdnsoperator.apacshift.support                       console             https   reencrypt/Redirect     None
openshift-console          downloads           downloads-openshift-console.apps.testextdnsoperator.apacshift.support                     downloads           http    edge/Redirect          None
    Copy to Clipboard Toggle word wrap

  4. Get the list of DNS zones and find the DNS zone that corresponds to the domain of the route that you previously queried: 

    $ aws route53 list-hosted-zones | grep testextdnsoperator.apacshift.support
    Copy to Clipboard Toggle word wrap

    Example output

    HOSTEDZONES	terraform	/hostedzone/Z02355203TNN1XXXX1J6O	testextdnsoperator.apacshift.support.	5
    Copy to Clipboard Toggle word wrap

  5. Create the ExternalDNS CR for the route source: 

    $ cat <<EOF | oc create -f -
apiVersion: externaldns.olm.openshift.io/v1beta1
kind: ExternalDNS
metadata:
  name: sample-aws
spec:
  domains:
  - filterType: Include
    matchType: Exact
    name: testextdnsoperator.apacshift.support
  provider:
    type: AWS
  source:
    type: OpenShiftRoute
    openshiftRouteOptions:
      routerName: default
EOF
    Copy to Clipboard Toggle word wrap

    where:

    metadata.name
    Specifies the name of the external DNS resource.
    spec.domains
    By default all hosted zones are selected as potential targets. You can include a hosted zone that you need.
    domains.matchType
    Specifies that the matching of the domain from the target zone has to be exact. Exact as opposed to regular expression match.
    domains.name
    Specifies the exact domain of the zone you want to update. The hostname of the routes must be subdomains of the specified domain.
    provider.type
    Specifies the AWS Route53 DNS provider.
    source
    Specifies the options for the source of DNS records.
    source.type
    Specifies the OpenShiftRoute resource as the source for the DNS records which gets created in the previously specified DNS provider.
    openshiftRouteOptions.routerName
    If the source is OpenShiftRoute, then you can pass the OpenShift Ingress Controller name. External DNS Operator selects the canonical hostname of that router as the target while creating the CNAME record.

  6. Check the records created for OpenShift Container Platform routes by using the following command: 

    $ aws route53 list-resource-record-sets --hosted-zone-id Z02355203TNN1XXXX1J6O --query "ResourceRecordSets[?Type == 'CNAME']" | grep console
    Copy to Clipboard Toggle word wrap

To create DNS records in a different AWS account, configure the ExternalDNS Operator to use a shared Virtual Private Cloud (VPC). Your organization can then use a single Route 53 instance for name resolution across multiple accounts and projects.

Prerequisites

  • You have created two Amazon AWS accounts: one with a VPC and a Route 53 private hosted zone configured (Account A), and another for installing a cluster (Account B).
  • You have created an IAM Policy and IAM Role with the appropriate permissions in Account A for Account B to create DNS records in the Route 53 hosted zone of Account A.
  • You have installed a cluster in Account B into the existing VPC for Account A.
  • You have installed the ExternalDNS Operator in the cluster in Account B.

Procedure

  1. Get the Role ARN of the IAM Role that you created to allow Account B to access Account A’s Route 53 hosted zone by running the following command: 

    $ aws --profile account-a iam get-role --role-name user-rol1 | head -1
    Copy to Clipboard Toggle word wrap

    Example output

    ROLE	arn:aws:iam::1234567890123:role/user-rol1	2023-09-14T17:21:54+00:00	3600	/	AROA3SGB2ZRKRT5NISNJN	user-rol1
    Copy to Clipboard Toggle word wrap

  2. Locate the private hosted zone to use with Account A’s credentials by running the following command: 

    $ aws --profile account-a route53 list-hosted-zones | grep testextdnsoperator.apacshift.support
    Copy to Clipboard Toggle word wrap

    Example output

    HOSTEDZONES	terraform	/hostedzone/Z02355203TNN1XXXX1J6O	testextdnsoperator.apacshift.support. 5
    Copy to Clipboard Toggle word wrap

  3. Create the ExternalDNS object by running the following command: 

    $ cat <<EOF | oc create -f -
apiVersion: externaldns.olm.openshift.io/v1beta1
kind: ExternalDNS
metadata:
  name: sample-aws
spec:
  domains:
  - filterType: Include
    matchType: Exact
    name: testextdnsoperator.apacshift.support
  provider:
    type: AWS
    aws:
      assumeRole:
        arn: arn:aws:iam::12345678901234:role/user-rol1
  source:
    type: OpenShiftRoute
    openshiftRouteOptions:
      routerName: default
EOF
    Copy to Clipboard Toggle word wrap

    where:

    arn
    Specifies the Role ARN to have DNS records created in Account A.

  4. Check the records created for OpenShift Container Platform routes by entering the following command: 

    $ aws --profile account-a route53 list-resource-record-sets --hosted-zone-id Z02355203TNN1XXXX1J6O --query "ResourceRecordSets[?Type == 'CNAME']" | grep console-openshift-console
    Copy to Clipboard Toggle word wrap

4.6. Creating DNS records on Azure
Link kopieren

To create DNS records on Microsoft Azure, use the External DNS Operator. By using this Operator, you can manage external name resolution for your cluster services.

Important

Using the External DNS Operator on a Microsoft Entra Workload ID-enabled cluster or a cluster that runs in Microsoft Azure Government (MAG) regions is not supported.

4.6.1. Creating DNS records on an Azure DNS zone
Link kopieren

To create DNS records on a public or private DNS zone for Azure, use the External DNS Operator. The Operator manages external name resolution for your cluster.

Prerequisites

  • You must have administrator privileges.
  • The admin user must have access to the kube-system namespace.

Procedure

  1. Fetch the credentials from the kube-system namespace to use the cloud provider client by running the following command: 

    $ CLIENT_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_client_id}} | base64 -d)
    Copy to Clipboard Toggle word wrap 
    $ CLIENT_SECRET=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_client_secret}} | base64 -d)
    Copy to Clipboard Toggle word wrap 
    $ RESOURCE_GROUP=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_resourcegroup}} | base64 -d)
    Copy to Clipboard Toggle word wrap 
    $ SUBSCRIPTION_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_subscription_id}} | base64 -d)
    Copy to Clipboard Toggle word wrap 
    $ TENANT_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_tenant_id}} | base64 -d)
    Copy to Clipboard Toggle word wrap

  2. Log in to Azure by running the following command: 

    $ az login --service-principal -u "${CLIENT_ID}" -p "${CLIENT_SECRET}" --tenant "${TENANT_ID}"
    Copy to Clipboard Toggle word wrap

  3. Get a list of routes by running the following command: 

    $ oc get routes --all-namespaces | grep console
    Copy to Clipboard Toggle word wrap

    Example output

    openshift-console          console             console-openshift-console.apps.test.azure.example.com                       console             https   reencrypt/Redirect     None
openshift-console          downloads           downloads-openshift-console.apps.test.azure.example.com                     downloads           http    edge/Redirect          None
    Copy to Clipboard Toggle word wrap

  4. Get a list of DNS zones.

    1. For public DNS zones, enter the following command: 

      $ az network dns zone list --resource-group "${RESOURCE_GROUP}"
      Copy to Clipboard Toggle word wrap

    2. For private DNS zones, enter the following command: 

      $ az network private-dns zone list -g "${RESOURCE_GROUP}"
      Copy to Clipboard Toggle word wrap

  5. Create a YAML file, for example, external-dns-sample-azure.yaml, that defines the ExternalDNS object:

    Example external-dns-sample-azure.yaml file

    apiVersion: externaldns.olm.openshift.io/v1beta1
kind: ExternalDNS
metadata:
  name: sample-azure
spec:
  zones:
  - "/subscriptions/1234567890/resourceGroups/test-azure-xxxxx-rg/providers/Microsoft.Network/dnszones/test.azure.example.com"
  provider:
    type: Azure
  source:
    openshiftRouteOptions:
      routerName: default
    type: OpenShiftRoute
# ...
    Copy to Clipboard Toggle word wrap

    where:

    metadata.name
    Specifies the External DNS name.
    spec.zones
    Specifies the zone ID. For a private DNS zone, change dnszones to privateDnsZones.
    provider.type
    Specifies the provider type.
    source.openshiftRouteOptions
    Specifies the options for the source of DNS records.
    routerName
    If the source type is OpenShiftRoute, you can pass the OpenShift Ingress Controller name. The External DNS Operator selects the canonical hostname of that router as the target while creating the CNAME record.
    source.type
    Specifies the route resource as the source for the Azure DNS records.

Troubleshooting

  1. Check the records created for the routes.

    1. For public DNS zones, enter the following command: 

      $ az network dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" | grep console
      Copy to Clipboard Toggle word wrap

    2. For private DNS zones, enter the following command: 

      $ az network private-dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" | grep console
      Copy to Clipboard Toggle word wrap

4.7. Creating DNS records on Google Cloud Platform
Link kopieren

To create DNS records on Google Cloud, use the External DNS Operator. The DNS Operator manages external name resolution for your cluster services.

Important

Using the External DNS Operator on a cluster with Google Cloud Workload Identity enabled is not supported. For more information about the Google Cloud Workload Identity, see Google Cloud Workload Identity.

4.7.1. Creating DNS records on a public managed zone for Google Cloud
Link kopieren

To create DNS records on Google Cloud, use the External DNS Operator. The DNS Operator manages external name resolution for your cluster services.

Prerequisites

  • You must have administrator privileges.

Procedure

  1. Copy the gcp-credentials secret in the encoded-gcloud.json file by running the following command: 

    $ oc get secret gcp-credentials -n kube-system --template='{{$v := index .data "service_account.json"}}{{$v}}' | base64 -d - > decoded-gcloud.json
    Copy to Clipboard Toggle word wrap

  2. Export your Google credentials by running the following command: 

    $ export GOOGLE_CREDENTIALS=decoded-gcloud.json
    Copy to Clipboard Toggle word wrap

  3. Activate your account by using the following command: 

    $ gcloud auth activate-service-account  <client_email as per decoded-gcloud.json> --key-file=decoded-gcloud.json
    Copy to Clipboard Toggle word wrap

  4. Set your project by running the following command: 

    $ gcloud config set project <project_id as per decoded-gcloud.json>
    Copy to Clipboard Toggle word wrap

  5. Get a list of routes by running the following command: 

    $ oc get routes --all-namespaces | grep console
    Copy to Clipboard Toggle word wrap

    Example output

    openshift-console          console             console-openshift-console.apps.test.gcp.example.com                       console             https   reencrypt/Redirect     None
openshift-console          downloads           downloads-openshift-console.apps.test.gcp.example.com                     downloads           http    edge/Redirect          None
    Copy to Clipboard Toggle word wrap

  6. Get a list of managed zones, such as qe-cvs4g-private-zone test.gcp.example.com, by running the following command: 

    $ gcloud dns managed-zones list | grep test.gcp.example.com
    Copy to Clipboard Toggle word wrap

  7. Create a YAML file, for example, external-dns-sample-gcp.yaml, that defines the ExternalDNS object:

    Example external-dns-sample-gcp.yaml file

    apiVersion: externaldns.olm.openshift.io/v1beta1
kind: ExternalDNS
metadata:
  name: sample-gcp
spec:
  domains:
    - filterType: Include
      matchType: Exact
      name: test.gcp.example.com
  provider:
    type: GCP
  source:
    openshiftRouteOptions:
      routerName: default
    type: OpenShiftRoute
# ...
    Copy to Clipboard Toggle word wrap

    where:

    metadata.name
    Specifies the External DNS name.
    spec.domains.filterType
    By default, all hosted zones are selected as potential targets. You can include your hosted zone.
    spec.domains.matchType
    Specifies the domain of the target that must match the string defined by the name key.
    spec.domains.name
    Specifies the exact domain of the zone you want to update. The hostname of the routes must be subdomains of the specified domain.
    spec.provider.type
    Specifies the provider type.
    source.openshiftRouteOptions
    Specifies options for the source of DNS records.
    openshiftRouteOptions.routerName
    If the source type is OpenShiftRoute, you can pass the OpenShift Ingress Controller name. External DNS selects the canonical hostname of that router as the target while creating a CNAME record.
    type
    Specifies the route resource as the source for Google Cloud DNS records.

  8. Check the DNS records created for OpenShift Container Platform routes by running the following command: 

    $ gcloud dns record-sets list --zone=qe-cvs4g-private-zone | grep console
    Copy to Clipboard Toggle word wrap

4.8. Creating DNS records on Infoblox
Link kopieren

To create DNS records on Infoblox, use the External DNS Operator. The Operator manages external name resolution for your cluster services.

4.8.1. Creating DNS records on a public DNS zone on Infoblox
Link kopieren

To create DNS records on Infoblox, use the External DNS Operator. The Operator manages external name resolution for your cluster services.

Prerequisites

  • You have access to the OpenShift CLI (oc).
  • You have access to the Infoblox UI.

Procedure

  1. Create a secret object with Infoblox credentials by running the following command: 

    $ oc -n external-dns-operator create secret generic infoblox-credentials --from-literal=EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME=<infoblox_username> --from-literal=EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD=<infoblox_password>
    Copy to Clipboard Toggle word wrap

  2. Get a list of routes by running the following command: 

    $ oc get routes --all-namespaces | grep console
    Copy to Clipboard Toggle word wrap

    Example output

    openshift-console          console             console-openshift-console.apps.test.example.com                       console             https   reencrypt/Redirect     None
openshift-console          downloads           downloads-openshift-console.apps.test.example.com                     downloads           http    edge/Redirect          None
    Copy to Clipboard Toggle word wrap

  3. Create a YAML file, for example, external-dns-sample-infoblox.yaml, that defines the ExternalDNS object:

    Example external-dns-sample-infoblox.yaml file

    apiVersion: externaldns.olm.openshift.io/v1beta1
kind: ExternalDNS
metadata:
  name: sample-infoblox
spec:
  provider:
    type: Infoblox
    infoblox:
      credentials:
        name: infoblox-credentials
      gridHost: ${INFOBLOX_GRID_PUBLIC_IP}
      wapiPort: 443
      wapiVersion: "2.3.1"
  domains:
  - filterType: Include
    matchType: Exact
    name: test.example.com
  source:
    type: OpenShiftRoute
    openshiftRouteOptions:
      routerName: default
    Copy to Clipboard Toggle word wrap

    where:

    metadata.name
    Specifies the External DNS name.
    provider.type
    Specifies the provider type.
    source.type
    Specifies options for the source of DNS records.
    routerName
    If the source type is OpenShiftRoute, you can pass the OpenShift Ingress Controller name. External DNS selects the canonical hostname of that router as the target while creating a CNAME record.

  4. Create the ExternalDNS resource on Infoblox by running the following command: 

    $ oc create -f external-dns-sample-infoblox.yaml
    Copy to Clipboard Toggle word wrap

  5. From the Infoblox UI, check the DNS records created for console routes:

    1. Click Data Management DNS Zones.
    2. Select the zone name.

4.9. Configuring the cluster-wide proxy on the External DNS Operator
Link kopieren

To propagate proxy settings to your deployed Operators, configure the cluster-wide proxy. The Operator Lifecycle Manager (OLM) automatically updates these Operators with the new HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables.

4.9.1. Trusting the certificate authority of the cluster-wide proxy
Link kopieren

To enable the External DNS Operator to authenticate with the cluster-wide proxy, configure the Operator to trust the certificate authority (CA) of the proxy. This ensures secure communication when routing DNS traffic through the proxy.

Procedure

  1. Create the config map to contain the CA bundle in the external-dns-operator namespace by running the following command: 

    $ oc -n external-dns-operator create configmap trusted-ca
    Copy to Clipboard Toggle word wrap

  2. To inject the trusted CA bundle into the config map, add the config.openshift.io/inject-trusted-cabundle=true label to the config map by running the following command: 

    $ oc -n external-dns-operator label cm trusted-ca config.openshift.io/inject-trusted-cabundle=true
    Copy to Clipboard Toggle word wrap

  3. Update the subscription of the External DNS Operator by running the following command: 

    $ oc -n external-dns-operator patch subscription external-dns-operator --type='json' -p='[{"op": "add", "path": "/spec/config", "value":{"env":[{"name":"TRUSTED_CA_CONFIGMAP_NAME","value":"trusted-ca"}]}}]'
    Copy to Clipboard Toggle word wrap

Verification

  • After deploying the External DNS Operator, verify that the trusted CA environment variable is added by running the following command. The output must show trusted-ca for the external-dns-operator deployment. 

    $ oc -n external-dns-operator exec deploy/external-dns-operator -c external-dns-operator -- printenv TRUSTED_CA_CONFIGMAP_NAME
    Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2026 Red HatNach oben