Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 5. Configuring DNS provider credentials
If you want to configure DNS policies in Connectivity Link, you must configure credentials for at least one of the following supported cloud-based DNS providers:
- Amazon Route 53
- Google Cloud DNS
Microsoft Azure DNS
NoteYou must perform the steps for your chosen DNS provider on each OpenShift cluster that you want to use Connectivity Link on. You must configure the secret for the DNS provider in the same namespace that will include your Gateway.
Prerequisites
- See Chapter 1, Connectivity Link prerequisites and permissions.
You have access to the namespace in which your Gateway will be created, for example,
api-gateway.NoteThis guide uses environment variables for convenience only. If you know the environment variable values, you can set up the required
.yamlfiles in a way that suits your needs.
5.1. Configuring Amazon DNS provider credentials
Procedure
Set up your environment variables as follows:
export AWS_ACCESS_KEY_ID=xxxxxxx export AWS_SECRET_ACCESS_KEY=xxxxxxx export AWS_REGION=your-aws-region
export AWS_ACCESS_KEY_ID=xxxxxxx export AWS_SECRET_ACCESS_KEY=xxxxxxx export AWS_REGION=your-aws-regionCopy to Clipboard Copied! Toggle word wrap Toggle overflow These variable values are described as follows:
-
AWS_ACCESS_KEY_ID: Key ID from AWS with Route 53 access. -
AWS_SECRET_ACCESS_KEY: Key from AWS with Route 53 access. -
AWS_REGION: Your AWS region, for example,us-east-2oreu-west-1.
-
Create a
Secretresource for your credentials as follows:Copy to Clipboard Copied! Toggle word wrap Toggle overflow In this case, you must set the secret
typetoaws.
Additional resources
5.2. Configuring Google DNS provider credentials
Procedure
Set up your environment variables as follows:
export GOOGLE=xxxxxxx export PROJECT_ID=xxxxxxx
export GOOGLE=xxxxxxx export PROJECT_ID=xxxxxxxCopy to Clipboard Copied! Toggle word wrap Toggle overflow These variable values are described as follows:
-
GOOGLE: Google credentials JSON file. PROJECT_ID: Google project ID.The
GOOGLEvariable specifies the JSON credentials generated by thegcloudCLI or by the service account. For example,$HOME/.config/gcloud/application_default_credentials.json, which contains the following:{"client_id": "***","client_secret": "***","refresh_token": "***","type": "authorized_user"}{"client_id": "***","client_secret": "***","refresh_token": "***","type": "authorized_user"}Copy to Clipboard Copied! Toggle word wrap Toggle overflow
-
Create a
Secretresource for your credentials as follows:kubectl create secret generic test-gcp-credentials \ --namespace=api-gateway \ --type=kuadrant.io/gcp \ --from-literal=PROJECT_ID=$PROJECT_ID \ --from-file=GOOGLE=$GOOGLE
kubectl create secret generic test-gcp-credentials \ --namespace=api-gateway \ --type=kuadrant.io/gcp \ --from-literal=PROJECT_ID=$PROJECT_ID \ --from-file=GOOGLE=$GOOGLECopy to Clipboard Copied! Toggle word wrap Toggle overflow In this case, you must set the secret
typetogcp.
Additional resources
5.3. Configuring Azure DNS provider credentials
Procedure
Create a new Azure service principal for managing DNS as follows:
DNS_NEW_SP_NAME=kuadrantDnsPrincipal DNS_SP=$(az ad sp create-for-rbac --name $DNS_NEW_SP_NAME) DNS_SP_APP_ID=$(echo $DNS_SP | jq -r '.appId') DNS_SP_PASSWORD=$(echo $DNS_SP | jq -r '.password')
DNS_NEW_SP_NAME=kuadrantDnsPrincipal DNS_SP=$(az ad sp create-for-rbac --name $DNS_NEW_SP_NAME) DNS_SP_APP_ID=$(echo $DNS_SP | jq -r '.appId') DNS_SP_PASSWORD=$(echo $DNS_SP | jq -r '.password')Copy to Clipboard Copied! Toggle word wrap Toggle overflow For more details on service principals, see the Microsoft Azure documentation.
To grant read and contributor access to the zones that you want managed for the service principal you are using, perform the following steps:
Fetch the DNS ID used to grant access to the service principal as follows:
DNS_ID=$(az network dns zone show --name example.com \ --resource-group ExampleDNSResourceGroup --query "id" --output tsv) # Get your resource group ID RESOURCE_GROUP_ID=az group show --resource-group ExampleDNSResourceGroup | jq ".id" -r
DNS_ID=$(az network dns zone show --name example.com \ --resource-group ExampleDNSResourceGroup --query "id" --output tsv) # Get your resource group ID RESOURCE_GROUP_ID=az group show --resource-group ExampleDNSResourceGroup | jq ".id" -rCopy to Clipboard Copied! Toggle word wrap Toggle overflow Provide reader access to the resource group as follows:
az role assignment create --role "Reader" --assignee $DNS_SP_APP_ID --scope $DNS_ID
az role assignment create --role "Reader" --assignee $DNS_SP_APP_ID --scope $DNS_IDCopy to Clipboard Copied! Toggle word wrap Toggle overflow Provide contributor access to the DNS zone as follows:
az role assignment create --role "Contributor" --assignee $DNS_SP_APP_ID --scope $DNS_ID
az role assignment create --role "Contributor" --assignee $DNS_SP_APP_ID --scope $DNS_IDCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Because you are setting up advanced traffic rules for geographic and weighted responses, you must also grant traffic manager and DNS zone access as follows:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a
Secretresource for your credentials as follows:kubectl create secret generic test-azure-credentials \ --namespace=api-gateway \ --type=kuadrant.io/azure \ --from-file=azure.json=/local/path/to/azure.json
kubectl create secret generic test-azure-credentials \ --namespace=api-gateway \ --type=kuadrant.io/azure \ --from-file=azure.json=/local/path/to/azure.jsonCopy to Clipboard Copied! Toggle word wrap Toggle overflow In this case, you must set the secret
typetoazure.
Additional resources
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}