Creating DNS records on an public hosted zone for AWS by using Red Hat External DNS Operator

You can create DNS records on a public hosted zone for AWS by using the Red Hat External DNS Operator.

Procedure

1. Check the user. The user must have access to the kube-system namespace. If you don’t have the credentials, as you can fetch the credentials from the kube-system namespace to use the cloud provider client:

   $ oc whoami

   Example output

   system:admin

2. Fetch the values from aws-creds secret present in kube-system namespace.

   $ export AWS_ACCESS_KEY_ID=$(oc get secrets aws-creds -n kube-system  --template={{.data.aws_access_key_id}} | base64 -d)
   $ export AWS_SECRET_ACCESS_KEY=$(oc get secrets aws-creds -n kube-system  --template={{.data.aws_secret_access_key}} | base64 -d)

3. Get the routes to check the domain:

   $ oc get routes --all-namespaces | grep console

   Example output

   openshift-console          console             console-openshift-console.apps.testextdnsoperator.apacshift.support                       console             https   reencrypt/Redirect     None
   openshift-console          downloads           downloads-openshift-console.apps.testextdnsoperator.apacshift.support                     downloads           http    edge/Redirect          None

4. Get the list of dns zones to find the one which corresponds to the previously found route’s domain:

   $ aws route53 list-hosted-zones | grep testextdnsoperator.apacshift.support

   Example output

   HOSTEDZONES    terraform    /hostedzone/Z02355203TNN1XXXX1J6O    testextdnsoperator.apacshift.support.    5

5. Create ExternalDNS CR for route source:

   apiVersion: externaldns.olm.openshift.io/v1alpha1
   kind: ExternalDNS
   metadata:
     name: sample-aws (1)
   spec:
     domains:
     - filterType: Include   (2)
       matchType: Exact   (3)
       name: testextdnsoperator.apacshift.support (4)
       provider:
         type: AWS (5)
       source:  (6)
         type: OpenShiftRoute (7)
         openshiftRouteOptions:
           routerName: default (8)

   1	Defines the name of external DNS CR.
   2	By default all hosted zones are selected as potential targets. You can include a hosted zone that you need.
   3	The matching of the target zone’s domain has to be exact (as opposed to regular expression match).
   4	Specify the exact domain of the zone you want to update. The hostname of the routes must be subdomains of the specified domain.
   5	Defines the AWS Route53 DNS provider.
   6	Defines options for the source of DNS records.
   7	Defines OpenShift route resource as the source for the DNS records which gets created in the previously specified DNS provider.
   8	If the source is OpenShiftRoute, then you can pass the OpenShift Ingress Controller name. External DNS Operator selects the canonical hostname of that router as the target while creating CNAME record.

6. Check the records created for OCP routes using the following command:

   $ aws route53 list-resource-record-sets --hosted-zone-id Z02355203TNN1XXXX1J6O --query "ResourceRecordSets[?Type == 'CNAME']" | grep console