1. 技术文章
  2. How to publish kubernetes LoadBalancer Ingress URL to aws route53

How to publish kubernetes LoadBalancer Ingress URL to aws route53

久未见 提交于 2019-12-21 17:38:47

问题


Today when I launch an app using kubernetes over aws it exposes a publicly visible LoadBalancer Ingress URL, however to link that to my domain to make the app accessible to the public, I need to manually go into the aws route53 console in a browser on every launch. Can I update the aws route53 Resource Type A to match the latest Kubernetes LoadBalancer Ingress URL from the command line ?

Kubernetes over gcloud shares this challenge of having to either predefine a Static IP which is used in launch config or manually do a browser based domain linkage post launch. On aws I was hoping I could use something similar to this from the command line 

aws route53domains update-domain-nameservers   ???

__ OR __ can I predefine an aws kubernetes LoadBalancer Ingress similar to doing a predefined Static IP when over gcloud ?

to show the deployed app's LoadBalancer Ingress URL issue

kubectl describe svc

... output

Name:           aaa-deployment-407
Namespace:      ruptureofthemundaneplane
Labels:         app=bbb
            pod-template-hash=4076262206
Selector:       app=bbb,pod-template-hash=4076262206
Type:           LoadBalancer
IP:         10.0.51.82
LoadBalancer Ingress:   a244bodhisattva79c17cf7-61619.us-east-1.elb.amazonaws.com
Port:           port-1  80/TCP
NodePort:       port-1  32547/TCP
Endpoints:      10.201.0.3:80
Port:           port-2  443/TCP
NodePort:       port-2  31248/TCP
Endpoints:      10.201.0.3:443
Session Affinity:   None
No events.

UPDATE:

Getting error trying new command line technique (hat tip to @error2007s comment) ... issue this

aws route53 list-hosted-zones

... outputs

{
    "HostedZones": [
        {
            "ResourceRecordSetCount": 6, 
            "CallerReference": "2D58A764-1FAC-DEB4-8AC7-AD37E74B94E6", 
            "Config": {
                "PrivateZone": false
            }, 
            "Id": "/hostedzone/Z3II3949ZDMDXV", 
            "Name": "chainsawhaircut.com."
        }
    ]
}

Important bit used below : hostedzone Z3II3949ZDMDXV

now I craft following using this Doc (and this Doc as well) as file /change-resource-record-sets.json (NOTE I can successfully change Type A using a similar cli call ... however I need to change Type A with an Alias Target of LoadBalancer Ingress URL)

{
    "Comment": "Update record to reflect new IP address of fresh deploy",
    "Changes": [{
        "Action": "UPSERT",
        "ResourceRecordSet": {
            "Name": "chainsawhaircut.com.",
            "Type": "A",
            "TTL": 60,
            "AliasTarget": {
                "HostedZoneId": "Z3II3949ZDMDXV",
                "DNSName": "a244bodhisattva79c17cf7-61619.us-east-1.elb.amazonaws.com",
                "EvaluateTargetHealth": false
            }
        }
    }]
}

on command line I then issue

aws route53 change-resource-record-sets --hosted-zone-id Z3II3949ZDMDXV --change-batch file:///change-resource-record-sets.json

which give this error message

An error occurred (InvalidInput) when calling the ChangeResourceRecordSets operation: Invalid request

Any insights ?


回答1:


Here is the logic needed to update aws route53 Resource Record Type A with value from freshly minted kubernetes LoadBalancer Ingress URL

step 1 - identify your hostedzone Id by issuing

aws route53 list-hosted-zones

... from output here is clip for my domain

"Id": "/hostedzone/Z3II3949ZDMDXV",

... importantly never populate json with hostedzone Z3II3949ZDMDXV its only used as a cli parm ... there is a second similarly named token HostedZoneId which is entirely different

step 2 - see current value of your route53 domain record ... issue :

aws route53 list-resource-record-sets --hosted-zone-id Z3II3949ZDMDXV --query "ResourceRecordSets[?Name == 'scottstensland.com.']"

... output

[
    {
        "AliasTarget": {
            "HostedZoneId": "Z35SXDOTRQ7X7K", 
            "EvaluateTargetHealth": false, 
            "DNSName": "dualstack.asomepriorvalue39e7db-1867261689.us-east-1.elb.amazonaws.com."
        }, 
        "Type": "A", 
        "Name": "scottstensland.com."
    }, 
    {
        "ResourceRecords": [
            {
                "Value": "ns-1238.awsdns-26.org."
            }, 
            {
                "Value": "ns-201.awsdns-25.com."
            }, 
            {
                "Value": "ns-969.awsdns-57.net."
            }, 
            {
                "Value": "ns-1823.awsdns-35.co.uk."
            }
        ], 
        "Type": "NS", 
        "Name": "scottstensland.com.", 
        "TTL": 172800
    }, 
    {
        "ResourceRecords": [
            {
                "Value": "ns-1238.awsdns-26.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
            }
        ], 
        "Type": "SOA", 
        "Name": "scottstensland.com.", 
        "TTL": 900
    }
]

... in above notice value of 

"HostedZoneId": "Z35SXDOTRQ7X7K",

which is the second similarly name token Do NOT use wrong Hosted Zone ID

step 3 - put below into your change file aws_route53_type_A.json (for syntax Doc see link mentioned in comment above)

{
  "Comment": "Update record to reflect new DNSName of fresh deploy",
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "AliasTarget": {
            "HostedZoneId": "Z35SXDOTRQ7X7K", 
            "EvaluateTargetHealth": false, 
            "DNSName": "dualstack.a0b82c81f47d011e6b98a0a28439e7db-1867261689.us-east-1.elb.amazonaws.com."
        }, 
        "Type": "A", 
        "Name": "scottstensland.com."
      }
    }
  ]
}

To identify value for above field "DNSName" ... after the kubernetes app deploy on aws it responds with a LoadBalancer Ingress as shown in output of cli command :

kubectl describe svc --namespace=ruptureofthemundaneplane

... as in 

LoadBalancer Ingress:   a0b82c81f47d011e6b98a0a28439e7db-1867261689.us-east-1.elb.amazonaws.com

... even though my goal is to execute a command line call I can do this manually by getting into the aws console browser ... pull up my domain on route53 ...

... In this browser picklist editable text box (circled in green) I noticed the URL gets magically prepended with : dualstack. Previously I was missing that magic string ... so json key "DNSName" wants this 

dualstack.a0b82c81f47d011e6b98a0a28439e7db-1867261689.us-east-1.elb.amazonaws.com.

finally execute the change request

aws route53 change-resource-record-sets --hosted-zone-id Z3II3949ZDMDXV --change-batch file://./aws_route53_type_A.json

... output

{
    "ChangeInfo": {
        "Status": "PENDING", 
        "Comment": "Update record to reflect new DNSName of fresh deploy", 
        "SubmittedAt": "2016-07-13T14:53:02.789Z", 
        "Id": "/change/CFUX5R9XKGE1C"
    }
}

.... now to confirm change is live run this to show record

aws route53  list-resource-record-sets  --hosted-zone-id Z3II3949ZDMDXV



回答2:


You can also use external-dns project.

AWS specific setup can be found here

After installation it can be used with an annotation e.g.: external-dns.alpha.kubernetes.io/hostname: nginx.external-dns-test.my-org.com.

Note the IAM permissions needs to be set properly.



来源:https://stackoverflow.com/questions/38275179/how-to-publish-kubernetes-loadbalancer-ingress-url-to-aws-route53

标签
amazon-web-services
Kubernetes
amazon-route53
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!