The MongoDB Enterprise Kubernetes Operator is deprecated. The new MongoDB Controllers for Kubernetes Operator replaces the MongoDB Enterprise Kubernetes Operator. The first version of the Controllers for Kubernetes Operator is functionally equivalent to v1.33 of the Enterprise Kubernetes Operator. For more information about this change, and guidance on migrating to the new Operator, see the release notes for the first new version. There will be no future releases of the MongoDB Enterprise Kubernetes Operator. Each version will reach end of life according to the existing one year support policy. Please migrate to the Controllers for Kubernetes Operator for continued support.
This page walks you through the process of deploying and validating external DNS for your Kubernetes Operator components deployed across multiple Kubernetes clusters without a service mesh.
Prerequisites
Before you begin, perform the following tasks:
Install
kubectl.Update as needed and set the environment variables defined in the following
env_variables.shfile.1 # This script builds on top of the environment configured in the setup guides. 2 # It depends (uses) the following env variables defined there to work correctly. 3 # If you don't use the setup guide to bootstrap the environment, then define them here. 4 # ${K8S_CLUSTER_0} 5 # ${K8S_CLUSTER_1} 6 # ${K8S_CLUSTER_2} 7 # ${K8S_CLUSTER_0_ZONE} 8 # ${K8S_CLUSTER_1_ZONE} 9 # ${K8S_CLUSTER_2_ZONE} 10 # ${K8S_CLUSTER_0_CONTEXT_NAME} 11 # ${K8S_CLUSTER_1_CONTEXT_NAME} 12 # ${K8S_CLUSTER_2_CONTEXT_NAME} 13 # ${MDB_GKE_PROJECT} 14 15 export DNS_SA_NAME="external-dns-sa" 16 export DNS_SA_EMAIL="${DNS_SA_NAME}@${MDB_GKE_PROJECT}.iam.gserviceaccount.com" 17 18 export CUSTOM_DOMAIN="mongodb.custom" 19 export DNS_ZONE="mongodb"
Source Code
You can find all included source code in the MongoDB Kubernetes Operator repository.
Procedure
1
2
3
4
5
Create a Kubernetes Secret containing the service account key.
create secret with service account key kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json
6
Install ExternalDNS.
ExternalDNS makes Kubernetes resources discoverable via public DNS servers.
Deploy the eternal-dns Kubernetes deployment and related permissions objects
to the namespace you just created.
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: external-dns labels: app.kubernetes.io/name: external-dns apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-dns labels: app.kubernetes.io/name: external-dns rules: - apiGroups: [""] resources: ["services","endpoints","pods","nodes"] verbs: ["get","watch","list"] - apiGroups: ["extensions","networking.k8s.io"] resources: ["ingresses"] verbs: ["get","watch","list"] apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: external-dns-viewer labels: app.kubernetes.io/name: external-dns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: external-dns subjects: - kind: ServiceAccount name: external-dns namespace: external-dns apiVersion: apps/v1 kind: Deployment metadata: name: external-dns labels: app.kubernetes.io/name: external-dns spec: strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: external-dns template: metadata: labels: app.kubernetes.io/name: external-dns spec: serviceAccountName: external-dns containers: - name: external-dns image: registry.k8s.io/external-dns/external-dns:v0.16.1 args: - --source=service - --source=ingress - --provider=google - --log-format=json # google cloud logs parses severity of the "text" log format incorrectly - --interval=10s - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --registry=txt # # uncomment below if static credentials are used env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /etc/secrets/service-account/credentials.json volumeMounts: - name: google-service-account mountPath: /etc/secrets/service-account/ volumes: - name: google-service-account secret: secretName: external-dns-sa-secret
7
Set up the DNS zone.
This example includes a private DNS zone. This means that you can only access the resources deployed in the DNS zone from the GKE clusters we created. If you are planning to access your resources from outside your GKE clusters, use a public DNS zone. To do so, you must have a registered domain.
FQ_CLUSTER_0="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_0_ZONE}/clusters/${K8S_CLUSTER_0}" FQ_CLUSTER_1="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_1_ZONE}/clusters/${K8S_CLUSTER_1}" FQ_CLUSTER_2="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_2_ZONE}/clusters/${K8S_CLUSTER_2}" gcloud dns managed-zones create "${DNS_ZONE}" \ --description="" \ --dns-name="${CUSTOM_DOMAIN}" \ --visibility="private" \ --gkeclusters="${FQ_CLUSTER_0}","${FQ_CLUSTER_1}","${FQ_CLUSTER_2}"