k8gb
k8gb copied to clipboard
k8gb-io
[WIP] Support for Azure DNS on AKS
Work in progress - just opening for transparency already
This PR adds support for Azure DNS when running on AKS.
For now it only supports using the kubelet identity to authenticate against the Azure DNS zone with external-dns. One could add support for service principals as well, but that requires to store the client secret which I wanted to avoid for now. Once workload identities become available on AKS (successor of pod identity), that should be added, since using kubelet identity means, that all pods running on AKS will have access to that DNS zone. So it is not ideal but it is a first working version.
Working/implemented:
- [x] Helm chart updates to deploy. This mostly is about providing the required properties to external-dns
Missing/WIP
- [ ] NS support for Azure DNS in external-dns. I managed this with a custom build of external-dns. https://github.com/kubernetes-sigs/external-dns/pull/2835
- [ ] Documentation and samples
- [x] Requires https://github.com/k8gb-io/k8gb/pull/911 to be merged and made available in k8gb
Closes https://github.com/k8gb-io/k8gb/issues/642
@sebader how does it look with this work? Do you need any help? We really want Azure support :)
@sebader Sebastian Bader FTE how does it look with this work? Do you need any help? We really want Azure support :)
I didnt have time in the last few weeks to keep working further on this. However, I do have a working prototype running. Biggest blocker at the moment is my open PR on external-dns which adds NS support for Azure DNS. Any help to get that moving forward is much appreciated.
Apart from that it will be mostly documentation that needs to be written - and possibly end-to-end tests. I don't have any understanding so far how your test suite for k8gb works.
@sebader we can temporarily fork external-dns and run the custom build to unblock ( it's not the first time we will do it).
Ok. Let me try to find some time soon to continue here and build out the terraform templates to get the infrastructure set up for Azure.
I'll obviously start with the public load balancing setup. But the original reason why I actually started all this work was to get to an internal global load balancer. I have that setup working, too. So as a later step I'll try to add the required setup for that as well.
Hi @sebader, we just switched to our own fork of external-dns here https://github.com/k8gb-io/k8gb/pull/1134 . The fork incorporates the support of NS record implementation for Azure. Do you want to revive the work on this PR? Please let me know if you need any help. It will be great to finalize your great work here 👍 Thanks a lot!
this is great to hear @ytsarev! I'll see if I can grab some time (and refresh my memory first :D) I would also make the switch to Workload Identity if possible, now that this is (almost) GA on Azure
Deploy Preview for k8gb-preview ready!
| Name | Link |
|---|---|
| Latest commit | 9c2bcfd7cdd7300d1caab3ae10382b0d70f216c1 |
| Latest deploy log | https://app.netlify.com/sites/k8gb-preview/deploys/6437b3b86831050008af0e43 |
| Deploy Preview | https://deploy-preview-912--k8gb-preview.netlify.app/ |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site settings.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}