external-dns

ingress์— ๋งŒ๋“ค์–ด๋‘” hostname์„ ์ž๋™์œผ๋กœ route53์— ์ถ”๊ฐ€ํ•ด์ค€๋‹ค.

namespace๋Š” default๋กœ ๊ฐ€์ •ํ•˜๊ณ  ์ง„ํ–‰ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋‹ค๋ฅธ๊ณณ์„ ์‚ฌ์šฉํ•˜๋ ค๋ฉด ์„ค์ •ํ•ด์ฃผ์‹œ๋ฉด๋ฉ๋‹ˆ๋‹ค.

create policy

AllowExternalDNSUpdates
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["route53:ChangeResourceRecordSets"],
      "Resource": ["arn:aws:route53:::hostedzone/*"]
    },
    {
      "Effect": "Allow",
      "Action": ["route53:ListHostedZones", "route53:ListResourceRecordSets"],
      "Resource": ["*"]
    }
  ]
}

Create IAM Role, k8s Service Account & Associate IAM Policy

k8s Service Account named external-dns

install external-dns

ServiceAccount ๋ถ€๋ถ„์€ ์ง€์šฐ๊ณ  (๋ฒŒ์จ ๋งŒ๋“ค์—‡๊ธฐ๋•Œ๋ฌธ)

๊ฐ€์ง€๊ณ  ์žˆ๋Š” ๋ชจ๋“  ๋„๋ฉ”์ธ์„ ์‚ฌ์šฉํ•˜๋ ค๋ฉด ์ฃผ์„์ฒ˜๋ฆฌํ•˜๊ณ  ํŠน์ •ํ•œ๊ฑธ๋กœ ๋ฐ”๊พธ๋ ค๋ฉด ์œ„์ฒ˜๋Ÿผ ๋„๋ฉ”์ธ์„ ๋„ฃ์–ด์ค€๋‹ค.

my-identifier๋Š” route53์—์„œ hostid๋ฅผ ๊ฐ€์ ธ๋‹ค ๋„ฃ์œผ๋ฉด ๋œ๋‹ค.

๋‹ค ์ •๋ฆฌํ•˜๋ฉด

์ ˆ๋Œ€ ๋ฒ„์ „์„ 0.7.1์—์„œ ๋ฐ”๊พธ์ง€ ๋ง์ž. ๋ฐ”๊พธ๋ ค๋ฉด ์—…๋ฐ์ดํŠธ๋œ ๋‚ด์šฉ์„ ํ™•์ธํ•ด์„œ policy๊ฐ€ ๋ฐ”๋€Œ์–ด์•ผํ•จ.

์ ์šฉ

kubectl apply -f external-dns.yaml

pod์˜ ๋กœ๊ทธ๋ฅผ ๋ณด์ž.

uptodate๊ฐ€ ๋œ๋‹ค. ์ด๋Ÿฌ๋ฉด ์„ฑ๊ณต

์ด์ œ ingress์—์„œ host name์„ ๋ณ€๊ฒฝํ•˜๋ฉด route53์— ์ƒ์„ฑ๋˜๋Š”๊ฒƒ์„ ๋ณผ์ˆ˜ ์žˆ๋‹ค.

policy๋Š” ๋”ฐ๋กœ ๋ณด๊ธฐ๋ฐ”๋žŒ. ๊ธฐ๋ณธ๊ฐ’์€ sync,

upsert๋Š” ์ƒˆ๋กœ์šด๊ฑด ๋„ฃ๊ณ  ๊ธฐ์กด๊ฑด ์—…๋ฐ์ดํŠธ delete๋Š” ์•ˆ๋จ.

issue

aws / idc์—์„œ ๋™์‹œ์— ์•„์ดํ”ผ๋ฅผ ์—…๋ฐ์ดํŠธํ•˜๋ฉด ์—๋Ÿฌ๊ฐ€ ๋œ๋‹ค.

์ธ๊ทธ๋ ˆ์Šค ๋ณ„๋กœ ์‚ฌ์šฉ์„ ๋ง‰์œผ๋ ค๊ณ  ํ•ด๋ดฃ๋Š”๋ฐ ์ž˜ ์•ˆ๋œ๋‹ค.

external-dns.alpha.kubernetes.io/exclude: 'true'

์ด๊ฑธ๋กœ ๊ฒ€์ƒ‰ํ•˜๋ฉด ๋‚˜์˜ค๋Š”๋ฐ ๋™์ž‘์ด ์•ˆ๋œ๋‹ค.

์•„์ดํ”ผ๋ฅผ ๋‘๊ฐœ๋ฅผ ๋„ฃ๋Š”๊ฒƒ๋„ ์ž˜ ์•ˆ๋œ๋‹ค. ํด๋ผ์šฐ๋“œ ํ”Œ๋ ˆ์–ด๋Š” 2๊ฐœ์˜ raw๋ฅผ ๋„ฃ์–ด ๋ผ์šด๋“œ๋กœ๋นˆ์„ ํ•จ.

ํŠน์ • ์•„์ดํ”ผ๋ฅผ ๋„ฃ์„๋ ค๊ณ  ํ•˜๋ฉด ์ธ๊ทธ๋ ˆ์Šค์— ๋‹ค์Œ์„ ์‚ฌ์šฉํ•œ๋‹ค.

PreviousALB ControllerNextfargate

Last updated

Was this helpful?