Managing DNS Zones
Wayfinder automatically installs and configures the ExternalDNS application in each managed Kubernetes cluster. ExternalDNS automatically creates DNS records in managed DNS zones when a domain is configured on Kubernetes Ingress objects. With ExternalDNS, Wayfinder can control DNS records dynamically via Kubernetes resources in a DNS provider-agnostic way. For more information, see the kubernetes-sigs/external-dns GitHub project.
This topic gives instructions for Wayfinder administrators to create managed DNS zones. These can be allocated to workspaces, and can be configured to automatically create child DNS zones for clusters in specified stages. For example, you can allocate a DNS zone to a workspace, and configure it to automatically create a child DNS zone for each cluster created in the non-prod stage in that workspace.
Clouds and DNS providers
| Cloud | DNS Provider | Status |
|---|---|---|
| AWS | AWS Route 53 | Supported |
| Azure | AzureDNS | Supported |
| GCP | Google Cloud DNS | Supported |
About managed DNS zones
The main purpose of these managed DNS zones is convenience. Particularly in non-production environments, it can be beneficial to have readily available DNS zones to be used for application endpoints.
Wayfinder administrators can create DNS zones and make them available to workspaces, as well as automatically create child zones for applicable clusters.
Workspace members can create additional custom DNS zones for their clusters, and can use the DNS zones created by the Wayfinder admin as parent zones if desired. DNS zones created in the workspace can be configured to automatically create child DNS zones for applicable clusters, or can be made directly available to one or more specific clusters.
For each DNS zone, Wayfinder can automatically create a child DNS zone for each applicable cluster, using the following naming convention:
WORKSPACE-CLUSTER.DNS-ZONE-NAME
Example
If you have:
- A workspace:
myworkspace - A cluster:
devcreated for a non-prod stage - A DNS zone:
staging.mycompany.comallocated to (or created in) this workspace and enabled to auto-provision child zones for non-prod clusters
Then:
- Wayfinder automatically creates a DNS zone called
myworkspace-dev.staging.mycompany.com. - ExternalDNS can automatically use this DNS zone to create subdomains with the required CNAME or A records.
Tenants in a multi-tenant cluster cannot create DNS zones.
Create a managed DNS zone
This procedure is for Wayfinder administrators.
To create a managed DNS zone in Wayfinder Settings:
In the UI, click Wayfinder Settings, and then navigate to Developer Self-Service > DNS zones.
Click Create DNS Zone and fill out the form:
- Domain - Enter the domain you want Wayfinder to manage.
- DNS Provider - Select a DNS provider.
- Cloud Account/Project - Select a cloud account (depends on DNS Provider).
- Allocate to workspaces - Select to allocate this DNS zone to all or selected workspaces, or none. You may want to select Do not allocate if this is the first DNS zone, and it will serve as the parent for your other DNS zones.
- Child zone provisioning - Select this if you want to allow workspace members with access to this DNS zone to create child DNS zones manually.
- Cluster stages - If you selected Make available in clusters, then select the cluster stage(s) this applies to. The effect of this is that when a cluster is created in the stages selected, in the allocated workspace(s), a child DNS zone is automatically created for that cluster.
When done, click Save.
The new zone is listed on the DNS Zones page.
An Action Required label appears next to the zone if you did not select a parent zone. In this case, you must provide NS records manually to the DNS provider before Wayfinder can use this DNS zone (see next step).
If you need to provide NS records to your DNS provider, click Edit for the DNS zone, and scroll down to Delegation to copy the NS records that must be provided.