CODEWITHSUNDEEP
amazon-web-serviceskubernetesamazon-ekstraefikexternal-dns
WOOSANGHAN
WOOSANGHAN

Reputation: 1

Ingress is not recognized when trying to use traefik and external-dns on aws eks

When I open nginx service to hello world without using traefik, external-dns recognizes it normally and updates the record of route53, but after adding traefik, external-dns does not detect traefik-ingress.

I have searched all the versions to solve this problem and I am working on it. Corrected code so far is as follows.

**external-dns.yml **

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: external-dns
rules:
- apiGroups: [""]
  resources: ["services", "endpoints", "pods"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: default

---
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      serviceAccountName: external-dns
      securityContext:
        fsGroupChangePolicy: "OnRootMismatch"
        fsGroup: 65534
      containers:
      - name: external-dns
        image: bitnami/external-dns:0.14.1
        args:
        - --source=ingress
        - --domain-filter=mydomain.tld
        - --provider=aws
        - --aws-zone-type=public
        - --registry=txt
        - --txt-owner-id=mystackid

Records in that hosting area can be loaded, erased, and written as normal; it doesn't seem to be a permissions issue.

**traefik.yml **

# Traefik
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: default

---  
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: traefik-ingress-controller
rules:
- apiGroups: 
  - ""
  resources:
  - services
  - endpoints
  - secrets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  - ingresses
  verbs:
  - get
  - list
  - watch

---
apiVersion: rbac.authorization.k8s.io/v1  
kind: ClusterRoleBinding
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: default
    
---
apiVersion: apps/v1
kind: Deployment  
metadata:
  name: traefik
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
      - name: traefik
        image: traefik:v2.5
        args:
        - --api.insecure
        - --providers.kubernetesingress
        - --providers.kubernetesingress.ingressclass=traefik
        - --entrypoints.web.address=:8000
        ports:
        - name: web
          containerPort: 8000

---  
apiVersion: v1
kind: Service
metadata:
  name: traefik
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:myarn
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
spec:
  type: LoadBalancer
  selector:
    app: traefik
  ports:
  - port: 80
    name: web
    targetPort: 8000
  - port: 443
    name: websecure
    targetPort: 8000
---  
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: traefik
spec:
  controller: traefik.io/ingress-controller

---
# Application
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-world
spec:
  replicas: 2
  selector:
    matchLabels:
      app: hello-world
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nginx-config
          mountPath: /etc/nginx/conf.d
      volumes:
      - name: nginx-config
        configMap:
          name: hello-world-config

---
apiVersion: v1
kind: Service
metadata:
  name: hello-world
spec:
  selector:
    app: hello-world
  ports:
  - port: 80
    targetPort: 80

---
apiVersion: v1  
kind: ConfigMap
metadata:
  name: hello-world-config
data:
  default.conf: |
    server {
      listen 80;
      server_name sub.mydomain.tld;
      location / {
        root /usr/share/nginx/html;
        index index.html;
      }
    }
  index.html: |
    <html>
    <head>
      <title>Hello, World!</title>
    </head>
    <body>
      <h1>Hello, World!</h1>
    </body>
    </html>
        
---
apiVersion: networking.k8s.io/v1
kind: Ingress  
metadata:
  name: hello-world-ingress
  annotations:
    external-dns.alpha.kubernetes.io/hostname: sub.mydomain.tld
spec:
  ingressClassName: traefik
  rules:
  - host: sub.mydomain.tld
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: hello-world
            port:
              number: 80

I added settings to detect trafik ingress in all parts, but I did not detect external-dns. If I connect route53 to nlb ip by myself, the domain works.

Please help us solve the problem. Good luck!

And an additional problem: I logged on to sub.mydomin.tld, and instead of showing 'hello world', it shows 'welcome to nginx.'

Upvotes: 0

Views: 121

Answers (0)

Related Questions