External DNS with FreeIPA (RFC2136)¶
Sadly the External DNS Operator do not support RFC2136. Let's use the upstream one.
Thanks to astrid for the starting point.
Prepare IPA DNS Zone¶
Generate a TSIG key and register it¶
Configure the key at ipa server and all replicas¶
Allow DNS updates and zone transfer for the key¶
Select the zone you want to manage, in my example .disco.local
:
- Enable
Dynamic update
- Add
grant openshift-external-dns subdomain disco.local ANY ;
to BIND update policy Details about the policy configuration you can here
-
Configure
Allow transfer
is not possible via WebUI. Becauseldap search example
At the ipa server
Deploy External DNS¶
based on Configuring RFC2136 provider
Deployment
Create a secret with the tsig key c3LyD11u....xX6WA==
Check the logs of the external-dns pod
Example deployment¶
- Required MetalLB or support of service type LoadBalancer.