Skip to content

Configuring a DNS Provider

In order to be able to interact with supported DNS providers, Kuadrant needs a credential that it can use.

Supported Providers

Kuadrant Supports the following DNS providers currently

  • AWS Route 53 (AWS)
  • Google Cloud DNS (GCP)

AWS Route 53 Provider

Kuadrant expects a Secret with a credential. Below is an example for AWS Route 53. It is important to set the secret type to aws:

kubectl create secret generic my-aws-credentials \
  --namespace=kuadrant-dns-system \
  --type=kuadrant.io/aws \
  --from-literal=AWS_ACCESS_KEY_ID=XXXX \
  --from-literal=AWS_REGION=eu-west-1 \
  --from-literal=AWS_SECRET_ACCESS_KEY=XXX
Key Example Value Description
AWS_REGION eu-west-1 AWS Region
AWS_ACCESS_KEY_ID XXXX AWS Access Key ID (see note on permissions below)
AWS_SECRET_ACCESS_KEY XXXX AWS Secret Access Key

AWS IAM Permissions Required

We have tested using the available policy AmazonRoute53FullAccess however it should also be possible to restrict the credential down to a particular zone. More info can be found in the AWS docs:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-managing-permissions.html

Google Cloud DNS Provider

Kuadant expects a secret with a credential. Below is an example for Google DNS. It is important to set the secret type to gcp:

kubectl create secret generic my-test-gcp-credentials \
  --namespace=kuadrant-dns-system \
  --type=kuadrant.io/gcp \
  --from-literal=PROJECT_ID=xxx \
  --from-file=GOOGLE=$HOME/.config/gcloud/application_default_credentials.json
Env Var Example Value Description
GOOGLE {"client_id": "***","client_secret": "***","refresh_token": "***","type": "authorized_user"} This is the JSON created from either the credential created by the gcloud CLI, or the JSON from the Service account
PROJECT_ID my_project_id ID to the Google project

Google Cloud DNS Access permissions required

See: https://cloud.google.com/dns/docs/access-control#dns.admin

Where to create the Secrets

It is recommended that you create the secret in the same namespace as your ManagedZones. In the examples above, we've stored these in a namespace called kuadrant-dns-system.

Now that we have the credential created we have a DNS provider ready to go and can start using it.

Using a Credential

Once a Secret like the one shown above is created, in order for it to be used, it needs to be associated with a ManagedZone.

See ManagedZone