$ oc whoami
You can create dns records on AWS and AWS GovCloud by using External dns Operator.
You can create dns records on a public hosted zone for AWS by using the Red Hat External dns Operator. You can use the same instructions to create dns records on a hosted zone for AWS GovCloud.
Check the user. The user must have access to the kube-system
namespace. If you don’t have the credentials, as you can fetch the credentials from the kube-system
namespace to use the cloud provider client:
$ oc whoami
system:admin
Fetch the values from aws-creds secret present in kube-system
namespace.
$ export AWS_ACCESS_KEY_ID=$(oc get secrets aws-creds -n kube-system --template={{.data.aws_access_key_id}} | base64 -d)
$ export AWS_SECRET_ACCESS_KEY=$(oc get secrets aws-creds -n kube-system --template={{.data.aws_secret_access_key}} | base64 -d)
Get the routes to check the domain:
$ oc get routes --all-namespaces | grep console
openshift-console console console-openshift-console.apps.testextdnsoperator.apacshift.support console https reencrypt/Redirect None
openshift-console downloads downloads-openshift-console.apps.testextdnsoperator.apacshift.support downloads http edge/Redirect None
Get the list of dns zones to find the one which corresponds to the previously found route’s domain:
$ aws route53 list-hosted-zones | grep testextdnsoperator.apacshift.support
HOSTEDZONES terraform /hostedzone/Z02355203TNN1XXXX1J6O testextdnsoperator.apacshift.support. 5
Create Externaldns
resource for route
source:
$ cat <<EOF | oc create -f -
apiVersion: externaldns.olm.openshift.io/v1alpha1
kind: Externaldns
metadata:
name: sample-aws (1)
spec:
domains:
- filterType: Include (2)
matchType: Exact (3)
name: testextdnsoperator.apacshift.support (4)
provider:
type: AWS (5)
source: (6)
type: OpenShiftRoute (7)
openshiftRouteOptions:
routerName: default (8)
EOF
1 | Defines the name of external dns resource. |
2 | By default all hosted zones are selected as potential targets. You can include a hosted zone that you need. |
3 | The matching of the target zone’s domain has to be exact (as opposed to regular expression match). |
4 | Specify the exact domain of the zone you want to update. The hostname of the routes must be subdomains of the specified domain. |
5 | Defines the AWS Route53 dns provider. |
6 | Defines options for the source of dns records. |
7 | Defines OpenShift route resource as the source for the dns records which gets created in the previously specified dns provider. |
8 | If the source is OpenShiftRoute , then you can pass the OpenShift Ingress Controller name. External dns Operator selects the canonical hostname of that router as the target while creating CNAME record. |
Check the records created for OCP routes using the following command:
$ aws route53 list-resource-record-sets --hosted-zone-id Z02355203TNN1XXXX1J6O --query "ResourceRecordSets[?Type == 'CNAME']" | grep console