External DNS

TISTORYExternalDNS로 Route53에 cname레코드 등록 방법

External DNS 생성

ENV

export CLUSTER_NAME=<Cluster Name>
export REGION_CODE=$(aws configure get region)
export vpc_id=$(aws ec2 describe-vpcs --query "Vpcs[].VpcId[]" --output text)
Shell
복사

IAM 정책 생성

cat <<EOF> external-dns-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "route53:ChangeResourceRecordSets"
      ],
      "Resource": [
        "arn:aws:route53:::hostedzone/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "route53:ListHostedZones",
        "route53:ListResourceRecordSets",
        "route53:ListTagsForResource"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
EOF
Shell
복사

aws iam create-policy --policy-name "AllowExternalDNSUpdates" --policy-document file://./external-dns-policy.json
Shell
복사

SA 생성

eksctl create iamserviceaccount \
    --cluster $CLUSTER_NAME \
    --name "external-dns" \
    --namespace default \
    --attach-policy-arn arn:aws:iam::250328188836:policy/AllowExternalDNSUpdates \
    --approve
Shell
복사

Route53 호스팅 영역 생성

aws route53 create-hosted-zone \
    --name "infra.local." \
    --caller-reference "external-dns-test-$(date +%s)" \
    --vpc "VPCREGION_CODE=$REGION_CODE,VPCId=$vpc_id" \
    --hosted-zone-config PrivateZone=true
Shell
복사

•

external-dns.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: external-dns
  labels:
    app.kubernetes.io/name: external-dns
rules:
  - apiGroups: [""]
    resources: ["services","endpoints","pods","nodes"]
    verbs: ["get","watch","list"]
  - apiGroups: ["extensions","networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["get","watch","list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
  labels:
    app.kubernetes.io/name: external-dns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
  - kind: ServiceAccount
    name: external-dns
    namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
  labels:
    app.kubernetes.io/name: external-dns
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: external-dns
  template:
    metadata:
      labels:
        app.kubernetes.io/name: external-dns
    spec:
      serviceAccountName: external-dns
      containers:
        - name: external-dns
          image: registry.k8s.io/external-dns/external-dns:v0.13.5
          args:
            - --source=service
            - --source=ingress
            - --domain-filter=infra.local
            - --provider=aws
            - --policy=upsert-only
            - --aws-zone-type=private 
            - --registry=txt
            - --txt-owner-id=external-dns
            # - --namespace=skills #해당 secsion 추가 시 해당 namespace에서만 external-dns를 사용할 수 있음
          env:
            - name: AWS_DEFAULT_REGION_CODE
              value: ap-northeast-2
YAML
복사

kubectl apply -f external-dns.yaml
Shell
복사

•

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: skills-deployment
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: skills-app
  template:
    metadata:
      labels:
        app: skills-app
    spec:
      containers:
      - name: skills-app
        image: 362708816803.dkr.ecr.ap-northeast-2.amazonaws.com/skills-app
        ports:
        - containerPort: 8080
YAML
복사

kubectl apply -f deployment.yaml
Shell
복사

•

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: skills-svc
  namespace: default
spec:
  selector:
    app: skills-app
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 8080
YAML
복사

kubectl apply -f service.yaml
Shell
복사

•

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: skills-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/load-balancer-name: skills-alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/subnets: subnet-03401e2bc425a9e2b, subnet-044e5e624d4522f75
    alb.ingress.kubernetes.io/healthcheck-path: /healthz
    external-dns.alpha.kubernetes.io/hostname: web.infra.local #생성 할 Rout53 HostName을 정의합니다.
    # external-dns.alpha.kubernetes.io/target: app.company.com # CNAME 설정
    external-dns.alpha.kubernetes.io/aws-weight: "100"
    external-dns.alpha.kubernetes.io/set-identifier: "3"
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /healthz
            pathType: Prefix
            backend:
              service:
                name: skills-svc
                port:
                  number: 8080
          - path: /v1/dummy
            pathType: Prefix
            backend:
              service:
                name: skills-svc
                port:
                  number: 8080
YAML
복사

kubectl apply -f ingress.yaml
Shell
복사

호스팅 영역 ID 조회

ZONE_ID=$(aws route53 list-hosted-zones-by-name --output json --dns-name "infra.local." --query HostedZones[0].Id --out text)
Shell
복사

호스팅 영역 NS 레코드 조회

aws route53 list-resource-record-sets --output text --hosted-zone-id $ZONE_ID --query "ResourceRecordSets[?Type == 'NS'].ResourceRecords[*].Value | []" | tr '\\t' '\\n'
Shell
복사

호스팅 영역 A 레코드 조회

aws route53 list-resource-record-sets --output json --hosted-zone-id $ZONE_ID   --query "ResourceRecordSets[?Name == 'web.infra.local.']|[?Type == 'A']"
Shell
복사

DNS 레코드 조회

# dig: DNS 쿼리를 수행하는 명령어
dig +short web.infra.local
Shell
복사

응답 테스트

curl web.infra.local/healthz
curl web.infra.local/v1/dummy
Shell
복사