Creating DNS records on an public DNS zone for Azure by using Red Hat External DNS Operator

You can create DNS records on a public DNS zone for Azure by using Red Hat External DNS Operator.

Procedure

  1. Check the user. The user must have access to the kube-system namespace. If you don’t have the credentials, as you can fetch the credentials from the kube-system namespace to use the cloud provider client:

    1. $ oc whoami

    Example output

    1. system:admin

  2. Fetch the values from azure-credentials secret present in kube-system namespace.

    1. $ CLIENT_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_client_id}} | base64 -d)
    2. $ CLIENT_SECRET=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_client_secret}} | base64 -d)
    3. $ RESOURCE_GROUP=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_resourcegroup}} | base64 -d)
    4. $ SUBSCRIPTION_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_subscription_id}} | base64 -d)
    5. $ TENANT_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_tenant_id}} | base64 -d)

  3. Login to azure with base64 decoded values:

    1. $ az login --service-principal -u "${CLIENT_ID}" -p "${CLIENT_SECRET}" --tenant "${TENANT_ID}"

  4. Get the routes to check the domain:

    1. $ oc get routes --all-namespaces | grep console

    Example output

    1. openshift-console          console             console-openshift-console.apps.test.azure.example.com                       console             https   reencrypt/Redirect     None
    2. openshift-console          downloads           downloads-openshift-console.apps.test.azure.example.com                     downloads           http    edge/Redirect          None

  5. Get the list of dns zones to find the one which corresponds to the previously found route’s domain:

    1. $ az network dns zone list --resource-group "${RESOURCE_GROUP}"

  6. Create ExternalDNS CR for route source:

    1. apiVersion: externaldns.olm.openshift.io/v1alpha1
    2. kind: ExternalDNS
    3. metadata:
    4.   name: sample-azure (1)
    5. spec:
    6.   zones:
    7.   - "/subscriptions/1234567890/resourceGroups/test-azure-xxxxx-rg/providers/Microsoft.Network/dnszones/test.azure.example.com" (2)
    8.   provider:
    9.     type: Azure (3)
    10.   source:
    11.     openshiftRouteOptions: (4)
    12.       routerName: default (5)
    13.     type: OpenShiftRoute (6)
    1defines the name of External DNS CR.
    2Define the zone ID.
    3defines the Azure DNS provider.
    4You can define options for the source of DNS records.
    5If the source is OpenShiftRoute then you can pass the OpenShift Ingress Controller name. External DNS selects the canonical hostname of that router as the target while creating CNAME record.
    6Defines OpenShift route resource as the source for the DNS records which gets created in the previously specified DNS provider.

  7. Check the records created for OCP routes using the following command:

    1. $ az network dns record-set list -g "${RESOURCE_GROUP}"  -z test.azure.example.com | grep console

To create records on private hosted zones on private Azure dns, you need to specify the private zone under zones which populates the provider type to azure-private-dns in the ExternalDNS container args.