Prepare a DNS back end for ExternalDNS

Prepare a DNS back end for ExternalDNS

Depending on your DNS back-end provider, prepare your back end and the metadata model of your MCP cluster before setting up ExternalDNS. If you do not have an active DNS back-end provider yet, you can use CoreDNS that functions as an on-premises open-source alternative to cloud DNS services.

To prepare a DNS back end

Select from the following options depending on your DNS back end:

  • For AWS Route 53:

    1. Log in to your AWS Route 53 console.

    2. Navigate to the AWS Services page.

    3. In the search field, type “Route 53” to find the corresponding service page.

    4. On the Route 53 page, find the DNS management icon and click Get started now.

    5. On the DNS management page, click Create hosted zone.

    6. On the right side of the Create hosted zone window:

      1. Add <your_mcp_domain.>.local name.

      2. Select the Public Hosted Zone type.

      3. Click Create.

      You will be redirected to the previous page with two records of NS and SOA type. Keep the link of this page for verification after the ExernalDNS deployment.

    7. Click Back to Hosted zones.

    8. Locate and copy the Hosted Zone ID in the corresponding column of your recently created hosted zone.

    9. Add this ID to the following template:

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "route53:ChangeResourceRecordSets",
                      "route53:ListResourceRecordSets",
                      "route53:GetHostedZone
                  ],
                  "Resource": [
                      "arn:aws:route53:::hostedzone/<YOUR_ZONE_ID>"
                  ]
              },
              {
                  "Effect" : "Allow",
                  "Action" : [
                      "route53:GetChange"
                  ],
                  "Resource" : [
                      "arn:aws:route53:::change/*"
                  ]
              },
              {
                  "Effect" : "Allow",
                  "Action" " [
                      "route53:ListHostedZones"
                  ],
                  "Resource" : [
                      "*"
                  ]
               }
          ]
      }
      
    10. Navigate to Services > IAM > Customer Managed Policies.

    11. Click Create Policy > Create your own policy.

    12. Fill in the required fields:

      • Policy Name field: externaldns

      • Policy Document field: use the JSON template provided in step 9

    13. Click Validate Policy.

    14. Click Create Policy. You will be redirected to the policy view page.

    15. Navigate to Users.

    16. Click Add user:

      1. Add a user name: extenaldns.

      2. Select the Programmatic access check box.

      3. Click Next: Permissions.

      4. Select the Attach existing policy directly option.

      5. Select the Customer managed policy type in the Filter drop-down menu.

      6. Select the externaldns check box.

      7. Click Next: Review.

      8. Click Create user.

      9. Copy the Access key ID and Secret access key.


  • For Google CloudDNS:

    1. Log in to your Google Cloud Platform web console.

    2. Navigate to IAM & Admin > Service accounts > Create service account.

    3. In the Create service account window, configure your new ExernalDNS service account:

      1. Add a service account name.

      2. Assign the DNS Administrator role to the account.

      3. Select the Furnish a new private key check box and the JSON key type radio button.

        The private key is automatically saved on your computer.

    4. Navigate to NETWORKING > Network services > Cloud DNS.

    5. Click CREATE ZONE to create a DNS zone that will be managed by ExternalDNS.

    6. In the Create a DNS zone window, fill in the following fields:

      • Zone name

      • DNS name that must contain your MCP domain address in the <your_mcp_domain>.local format.

    7. Click Create.

      You will be redirected to the Zone details page with two DNS names of the NS and SOA type. Keep this page for verification after the ExernalDNS deployment.


  • For Designate:

    1. Log in to the Horizon web UI of your OpenStack environment with Designate.

    2. Create a project with the required admin role as well as generate the access credentials for the project.

    3. Create a hosted DNS zone in this project.


Now, proceed to Configure cluster model for ExternalDNS.