/dns-operator-aws

DNS Operator for AWS - CAPI/CAPA related operator which manages workload cluster DNS zones and DNS delegation in management cluster

Primary LanguageGoApache License 2.0Apache-2.0

dns-operator-aws

The dns-operator-aws manages DNS host zones for workload clusters and takes care of DNS delegation inside the management cluster AWS account for each workload cluster DNS host zone.

The IAM role for workload cluster to create DNS records for workload cluster is fetched by the ARN name of the AWSClusterRoleIdentity which must be provided in the AWSCluster CR. Lastly the DNS zone delagation is done by assuming the management cluster ARN.

ℹ️ Currently dns-operator-aws only supports a public DNS host zone and it can only handle workload clusters within the same AWS account per management cluster. Once PrincipalRef is merged into cluster-api-provider-aws it will be possible to create DNS host zones in different AWS accounts.

How to run it locally

If you want to run dns-operator-aws locally, you need to set some environments. By default you need to set the AWS access key id and secret access key within a specific region where you want to operate the dns-operator-aws. The AWS credentials needs to have permission to assume a role inside the management cluster AWS account and the workload cluster AWS account. By passing the ARN for managment cluster it needs to have permission to manage NS records in a given management-cluster-basedomain. Additionally it needs a provided ARN to manage DNS host zones inside the workload cluster AWS account. The management-cluster-arn has to be provided for DNS zone delegation.

Env vars:

  • AWS_PROFILE
  • AWS_REGION
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY

Flags:

  • --workload-cluster-basedomain
  • --management-cluster-arn
  • --management-cluster-basedomain