Creating DNS records on an public managed zone for GCP by using Red Hat External DNS Operator

You can create DNS records on a public managed zone for GCP by using Red Hat External DNS Operator.

Procedure

  1. Check the user. The user must have access to the kube-system namespace. If you don’t have the credentials, as you can fetch the credentials from the kube-system namespace to use the cloud provider client:

    1. $ oc whoami

    Example output

    1. system:admin

  2. Copy the value of service_account.json in gcp-credentials secret in a file encoded-gcloud.json by running the following command:

    1. $ oc get secret gcp-credentials -n kube-system --template='{{$v := index .data "service_account.json"}}{{$v}}' | base64 -d - > decoded-gcloud.json

  3. Export Google credentials by running the following command:

    1. $ export GOOGLE_CREDENTIALS=decoded-gcloud.json

  4. Activate your account by using the following command:

    1. $ gcloud auth activate-service-account  <client_email as per decoded-gcloud.json> --key-file=decoded-gcloud.json

  5. Set your project by running the following command:

    1. $ gcloud config set project <project_id as per decoded-gcloud.json>

  6. Get the routes to check the domain by running the following command:

    1. $ oc get routes --all-namespaces | grep console

    Example output

    1. openshift-console          console             console-openshift-console.apps.test.gcp.example.com                       console             https   reencrypt/Redirect     None
    2. openshift-console          downloads           downloads-openshift-console.apps.test.gcp.example.com                     downloads           http    edge/Redirect          None

  7. Get the list of managed zones to find the zone which corresponds to the previously found route’s domain:

    1. $ gcloud dns managed-zones list | grep test.gcp.example.com
    2. qe-cvs4g-private-zone test.gcp.example.com

  8. Create ExternalDNS CR for route source:

    1. apiVersion: externaldns.olm.openshift.io/v1alpha1
    2. kind: ExternalDNS
    3. metadata:
    4.   name: sample-gcp (1)
    5. spec:
    6.   domains:
    7.     - filterType: Include (2)
    8.       matchType: Exact (3)
    9.       name: test.gcp.example.com (4)
    10.   provider:
    11.     type: GCP (5)
    12.   source:
    13.     openshiftRouteOptions: (6)
    14.       routerName: default (7)
    15.     type: OpenShiftRoute (8)
    1Defines the name of External DNS CR.
    2By default all hosted zones are selected as potential targets. You can include a hosted zone that you need.
    3The matching of the target zone’s domain has to be exact (as opposed to regular expression match).
    4Specify the exact domain of the zone you want to update. The hostname of the routes must be subdomains of the specified domain.
    5Defines Google Cloud DNS provider.
    6You can define options for the source of DNS records.
    7If the source is OpenShiftRoute then you can pass the OpenShift Ingress Controller name. External DNS selects the canonical hostname of that router as the target while creating CNAME record.
    8Defines OpenShift route resource as the source for the DNS records which gets created in the previously specified DNS provider.

  9. Check the records created for OCP routes using the following command:

    1. $ gcloud dns record-sets list --zone=qe-cvs4g-private-zone | grep console