Hello I am trying to create a CNAME record in Route 53 using Pulumi Community #aws

Hello, I am trying to create a CNAME record in Rou...

adamant-terabyte-3965

08/23/2022, 8:02 PM

Hello, I am trying to create a CNAME record in Route 53 using Pulumi with the

Value/Route traffic to

field populated with the DNS name of an ALB that is auto-created by an

aws-load-balancer-controller

upon detecting the ingress of my application. This breaks down into 2 questions: 1. Is there a way to get the DNS name of the ALB when its created? I know of

aws.alb.getLoadBalancer

but that requires the name and ARN of the ALB, so I would need a way to get those. 2. How do I put the DNS name of the ALB into the CNAME record? Looking at the Pulumi docs here https://www.pulumi.com/registry/packages/aws/api-docs/route53/record/ it doesn't seem as though there is a

Value

field to populate (though I could be wrong) and the

records

field used in the example doesn't actually have any explanation. Thank you!

stocky-restaurant-98004

08/23/2022, 8:19 PM

dnsName

is a Pulumi Output of the

LoadBlancer

resource. Set the Input of the

Record

to the Output of the

LoadBalancer

(using caps because these are proper Pulumi terms). This example uses an ELB, but it's basically the same: https://www.pulumi.com/registry/packages/aws/api-docs/route53/record/#alias-record

adamant-terabyte-3965

08/23/2022, 8:26 PM

Okay, I see that and it makes sense but I do not manually create a

LoadBalancer

resource, my

aws-load-balancer-controller

that is on my EKS cluster does after it detects an ingress from my application. so if I don't create that

LoadBalancer

manually, is there a way to capture the DNS name?

adamant-terabyte-3965

08/23/2022, 8:28 PM

This is how I create the

aws-load-balancer-controller

, via helm Release.

Copy code

//Declare ALB Ingress Controller with helm
const albController = new k8s.helm.v3.Release(
    "alb-controller",
    {
        chart: "aws-load-balancer-controller",
        repositoryOpts: {
            repo: "<https://aws.github.io/eks-charts>",
        },
        namespace: "kube-system",
        values: {
            autoDiscoverAwsRegion: "true",
            serviceAccount: {
                name: lbSaName,
                create: false
            },
            vpcId: vpcId,
            clusterName: clusterName,
            podLabels: {
                app: "kube-system"
            },
            transformations: [remove_status],
        },
    }, { provider: k8sProvider });

stocky-restaurant-98004

08/23/2022, 8:38 PM

Got it - it's a K8s-managed LB. I would recommend that you have K8s create the Route53 record since its what knows about the lifecycle of the ALB.

stocky-restaurant-98004

08/23/2022, 8:39 PM

And therefore K8s will know to tear down the record if you remove the chart.

stocky-restaurant-98004

08/23/2022, 8:41 PM

My knowledge may be out of date here, but this is what I used to solve this problem when I last set up K8s on AWS: https://github.com/kubernetes-sigs/external-dns

adamant-terabyte-3965

08/24/2022, 7:54 PM

Thank you for your help thus far, I don't think I'm going to be able to swing K8s creating the Route53 record as a lot of my deployment automation depends on using Pulumi. That being said, I have found that the ALB DNS Name can be exported from the ingress with

<ingressName>.status.loadBalancer.ingress[0].hostname

. Which allows me to easily create a Route 53 CNAME record manually, but doing it through Pulumi I'm still not sure on my second question. Do I just put the DNS Name in the

records:

field with the

type:

field specified as CNAME?

stocky-restaurant-98004

08/24/2022, 7:57 PM

Have you tried using externalDNS at all?

stocky-restaurant-98004

08/24/2022, 8:01 PM

You'd still be using Pulumi in an idiomatic way by having K8s create the DNS entry, since its the one creating the ALB. Make sure you're creating an Alias record regardless: https://www.pulumi.com/registry/packages/aws/api-docs/route53/record/#alias-record

adamant-terabyte-3965

08/24/2022, 8:07 PM

No, mainly because after reading through the documentation I don't think it works well with my use case? Which is to create a Route53 CNAME record temporarily for ephemeral test environments, and then have it deleted with the rest of the test environment resources. None of this is managed manually, and thus far I've had success with using Pulumi to manage those resources on a Github Actions runner. Sorry if it seems like I'm ignoring that advice (and I'm almost certainly not fully understanding how to ExternalDNS works and is set up), I'm not, I mainly just want to see if I can do this in pattern with the rest of my system the way I'm envisioning it before looking to other solutions.

stocky-restaurant-98004

08/24/2022, 8:49 PM

No worries - no offense taken! ExternalDNS does what

aws-load-balancer-controller

does, except it manages Route53 entries for services deployed on the cluster. Once a public-facing K8s service is torn down, ExternalDNS will remove its Route53 entry. ExternalDNS itself is also deployed as a K8s service (or it was when I last checked a few years ago). My worry is that your resources are gonna get out of sync because you have 2 separate things managing the lifecycle of the infra. I would suggest that once you cross over to resources that are managed by K8s (that is, after the Helm chart is deployed), you don't go back to having dependent resources (the Route 53 entry depends on the ALB created by K8s) managed by Pulumi because they aren't visible to Pulumi (because Pulumi didn't create them). This might not be as big of a deal if you can the attribute back from the chart as you describe.

5 Views

Open in Slack

Previous Next