gke and auto created domain for enabling http routing

Question

I need to use a domain for GKE cluster to access ingress into the cluster and applications, similar like azure AKS http add-on which gives a generic-created domain(not a custom domain) https://learn.microsoft.com/en-us/azure/aks/http-application-routing Is there any solution on Google cloud as well?

Our GKE creating/deleting process is a part of IaC tooling and we are automating cluster and our app deployment for dev/test/staging. And the generic domain creation and binding managed dns zone to the cluster resources gives us great flexibility. Otherwise we have to create custom domain and managed dns zone which will be static and bring unnecessary complexity to the provisioning tooling.

Answer 1

There is not generic domain options in gke so I have to purchase a domain and update NS according to created managed dns zone NS and they will be automated sync when I update ingress in gke by external-dns

I can say I solve this problem with this steps,

1- Create a managed zone which has domain name belongs own and be sure it has permission to access domain from dns zones which you create. Mean is giving access the google project which your dns zone exist

Note: when you create the cluster be sure giving scopes for readwrite perm for managed dns zone

gcloud container clusters create “external-dns” \
    —num-nodes 1 \
    —scopes “https://www.googleapis.com/auth/ndev.clouddns.readwrite

Create a DNS zone which will contain the managed DNS records.

$ gcloud dns managed-zones create “xxx.test-dev” \
    —dns-name “xxx.test.dev.” \
    —description “Automatically managed zone by kubernetes.io/external-dns test.dev domain name”

2- Please deploy the resources to gke which name is external-dns

https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/gke.md#deploy-externaldns

And check the logs with

kubectl logs $(kubectl get pods --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | grep dns)

Or

kubectl logs $(kubectl get pods --no-headers -o custom-columns=":metadata.name" | grep dns)

And if you see something like everything is going smoothly

time="2021-01-20T11:37:46Z" level=info msg="Add records: xxx.test.dev. A [34.89.xx.xx] 300"
time="2021-01-20T11:37:46Z" level=info msg="Add records: xxx.test.dev. TXT [\"heritage=external-dns,external-dns/owner=my-identifier,external-dns/resource=ingress/default/ingress-test\"] 300"
time="2021-01-20T11:38:47Z" level=info msg="All records are already up to date"

Note created TXT record alongside A record. TXT record signifies that the corresponding A record is managed by ExternalDNS. This makes ExternalDNS safe for running in environments where there are other records managed via other means. Let’s check that we can resolve this DNS name. We’ll ask the nameservers assigned to your zone first.

$ dig +short @ns-cloud-e1.googledomains.com. xxx.test.dev.
104.155.xx.xx

And you can check the ip of the domain is correct or has a problem

host https://xxx.test.dev/        
Host https://xxx.test.dev/ not found: 3(NXDOMAIN)

It can be complained bed domain for a while but then you will get the correct response

host xxx.test.dev
xxx.test.dev has address 35.197.xx.xx

Answer 2

GCP has not implemented resources like that, however this operation could be automated using one of the available Cloud DNS APIs 1, as for example the ResourceRecordSets 2 to configure A records to the ManagedZone you want to assign the host, scripting this configuration after the Ingress controller creation.

Example, retrieving the IP address allocated to the ingress controller issuing the command like kubectl describe ing <ingress-name> |grep “Address:” |awk ‘{print $2}’ than using the IP information to construct the API body request 3.