Skip to content

Configuring a DNS Provider

In order to be able to interact with supported DNS providers, Kuadrant needs a credential that it can use.

Supported Providers

Kuadrant Supports the following DNS providers currently

  • AWS Route 53 (AWS)
  • Google Cloud DNS (GCP)

AWS Route 53 Provider

Kuadrant expects a Secret with a credential. Below is an example for AWS Route 53. It is important to set the secret type to aws:

kubectl create secret generic my-aws-credentials \
  --namespace=kuadrant-dns-system \ \
  --from-literal=AWS_ACCESS_KEY_ID=XXXX \
  --from-literal=AWS_REGION=eu-west-1 \
Key Example Value Description
AWS_REGION eu-west-1 AWS Region
AWS_ACCESS_KEY_ID XXXX AWS Access Key ID (see note on permissions below)

AWS IAM Permissions Required

We have tested using the available policy AmazonRoute53FullAccess however it should also be possible to restrict the credential down to a particular zone. More info can be found in the AWS docs:

Google Cloud DNS Provider

Kuadant expects a secret with a credential. Below is an example for Google DNS. It is important to set the secret type to gcp:

kubectl create secret generic my-test-gcp-credentials \
  --namespace=kuadrant-dns-system \ \
  --from-literal=PROJECT_ID=xxx \
Env Var Example Value Description
GOOGLE {"client_id": "***","client_secret": "***","refresh_token": "***","type": "authorized_user"} This is the JSON created from either the credential created by the gcloud CLI, or the JSON from the Service account
PROJECT_ID my_project_id ID to the Google project

Google Cloud DNS Access permissions required


Where to create the Secrets

It is recommended that you create the secret in the same namespace as your ManagedZones. In the examples above, we've stored these in a namespace called kuadrant-dns-system.

Now that we have the credential created we have a DNS provider ready to go and can start using it.

Using a Credential

Once a Secret like the one shown above is created, in order for it to be used, it needs to be associated with a ManagedZone.

See ManagedZone