dyn.md

# Setting up ExternalDNS for Dyn

## Creating a Dyn Configuration Secret

For ExternalDNS to access the Dyn API, create a Kubernetes secret.

To create the secret:

```
$ kubectl create secret generic external-dns \
      --from-literal=EXTERNAL_DNS_DYN_CUSTOMER_NAME=${DYN_CUSTOMER_NAME} \
      --from-literal=EXTERNAL_DNS_DYN_USERNAME=${DYN_USERNAME} \
      --from-literal=EXTERNAL_DNS_DYN_PASSWORD=${DYN_PASSWORD}
```

The credentials are the same ones created during account registration. As best practise, you are advised to
create an API-only user that is entitled to only the zones intended to be changed by ExternalDNS

## Deploy ExternalDNS
The rest of this tutorial assumes you own `example.com` domain and your DNS provider is Dyn. Change `example.com`
with a domain/zone that you really own.

In case of the dyn provider, the flag `--zone-id-filter` is mandatory as it specifies which zones to scan for records. Without it


Create a deployment file called `externaldns.yaml` with the following contents:

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:v0.7.6
        args:
        - --source=ingress
        - --txt-prefix=_d
        - --namespace=example
        - --zone-id-filter=example.com
        - --domain-filter=example.com
        - --provider=dyn
        env:
        - name: EXTERNAL_DNS_DYN_CUSTOMER_NAME
          valueFrom:
            secretKeyRef:
              name: external-dns
              key: EXTERNAL_DNS_DYN_CUSTOMER_NAME
        - name: EXTERNAL_DNS_DYN_USERNAME
          valueFrom:
            secretKeyRef:
              name: external-dns
              key: EXTERNAL_DNS_DYN_USERNAME
        - name: EXTERNAL_DNS_DYN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: external-dns
              key: EXTERNAL_DNS_DYN_PASSWORD
EOF
```

As we'll be creating an Ingress resource, you need `--txt-prefix=_d` as a CNAME cannot coexist with a TXT record. You can change the prefix to
any valid start of a FQDN.

Create the deployment for ExternalDNS:

```
$ kubectl create -f externaldns.yaml
```

## Running a locally build version
If you just want to test ExternalDNS in dry-run mode locally without doing the above deployment you can also do it.
Make sure your kubectl is configured correctly . Assuming you have the sources, build and run it like so:

```bash
make 
# output skipped

./build/external-dns \
    --provider=dyn \
    --dyn-customer-name=${DYN_CUSTOMER_NAME} \
    --dyn-username=${DYN_USERNAME} \
    --dyn-password=${DYN_PASSWORD} \
    --domain-filter=example.com \
    --zone-id-filter=example.com \
    --namespace=example \
    --log-level=debug \
    --txt-prefix=_ \
    --dry-run=true
INFO[0000] running in dry-run mode. No changes to DNS records will be made. 
INFO[0000] Connected to cluster at https://some-k8s-cluster.example.com 
INFO[0001] Zones: [example.com]
# output skipped
```

Having `--dry-run=true` and `--log-level=debug` is a great way to see _exactly_ what DynamicDNS is doing or is about to do.

## Deploying an Ingress Resource

Create a file called 'test-ingress.yaml' with the following contents:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:  
  name: test-ingress
  namespace: example
spec:
  rules:
  - host: test-ingress.example.com
    http:
      paths:
      - backend:
          serviceName: my-awesome-service
          servicePort: 8080

```

As the DNS name `test-ingress.example.com` matches the filter, external-dns will create two records:
a CNAME for test-ingress.example.com and TXT for _dtest-ingress.example.com. 

Create the Ingress:

```
$ kubectl create -f test-ingress.yaml
```

By default external-dns scans for changes every minute so give it some time to catch up with the 
## Verifying Dyn DNS records

Login to the console at https://portal.dynect.net/login/ and verify records are created

## Clean up

Login to the console at https://portal.dynect.net/login/ and delete the records created. Alternatively, just delete the sample
Ingress resources and external-dns will delete the records.