DNS
Use ExternalDNS with Unifi provider to make kubernetes services discoverable.
NOTE: Chech this page how to handle external-dns and traefik ingress routes.
Instruction
- Update external dns helm deployment
# From helm files
# add source=traefik-proxy
#disable traefik-legacy to avoid ext dns dies not finding old paths...
# not sure if this is needed, but added crd to sources array
extraArgs:
- --ignore-ingress-tls-spec
- --traefik-disable-legacy
- --source=traefik-proxy
policy: sync
sources: ["service","ingress", "crd"]
- ClusterRole need to be edit
# should have entries for traefik.io...
- apiGroups: ["traefik.containo.us","traefik.io"]
resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"]
verbs: ["get","watch","list"]
- Annotate all ingress routes i.e. target shall point to traefik service
annotations:
external-dns.alpha.kubernetes.io/target: traefikqqq.${SECRET_CLUSTER_LOCAL_DOMAIN}
- Traefik hemlm release, deployment need to annotated
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: traefikqqq.${SECRET_CLUSTER_LOCAL_DOMAIN}
external-dns.alpha.kubernetes.io/owner-id: main
lbipam.cilium.io/ips: 172.16.32.99
- Traefik hostname and ip was pre configured in router SEEMS NOT NEEDED, EXTERNAL-DNS CREATES TRAEFIK ENTRY.
Fault finding
# List external-dns
k -n network get all
# Chech external-dns log
k -n network logs -f pods/external-dns-unifi-85678f4b86-cq7x7
# Check/Edit cluster role
k edit clusterroles.rbac.authorization.k8s.io external-dns-unifi