The dns-operator-aws
manages DNS host zones for workload clusters and takes care of DNS delegation inside the management cluster AWS account for each workload cluster DNS host zone.
The IAM role for workload cluster to create DNS records for workload cluster is fetched by the ARN name of the AWSClusterRoleIdentity
which must be provided in the AWSCluster
CR. Lastly the DNS zone delagation is done by assuming the management cluster ARN.
ℹ️ Currently
dns-operator-aws
only supports a public DNS host zone and it can only handle workload clusters within the same AWS account per management cluster. OncePrincipalRef
is merged intocluster-api-provider-aws
it will be possible to create DNS host zones in different AWS accounts.
If you want to run dns-operator-aws
locally, you need to set some environments. By default you need to set the AWS access key id and secret access key within a specific region where you want to operate the dns-operator-aws
. The AWS credentials needs to have permission to assume a role inside the management cluster AWS account and the workload cluster AWS account. By passing the ARN
for managment cluster it needs to have permission to manage NS
records in a given management-cluster-basedomain
. Additionally it needs a provided ARN
to manage DNS host zones inside the workload cluster AWS account. The management-cluster-arn
has to be provided for DNS zone delegation.
Env vars:
- AWS_PROFILE
- AWS_REGION
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
Flags:
- --workload-cluster-basedomain
- --management-cluster-arn
- --management-cluster-basedomain