Creating and using a ManagedZone resource.
What is a ManagedZone
A ManagedZone is a reference to a DNS zone. By creating a ManagedZone we are instructing the MGC about a domain or subdomain that can be used as a host by any gateways in the same namespace. These gateways can use a subdomain of the ManagedZone.
If a gateway attempts to a use a domain as a host, and there is no matching ManagedZone for that host, then that host on that gateway will fail to function.
A gateway's host will be matched to any ManagedZone that the host is a subdomain of, i.e.
test.api.hcpapps.net will be matched by any ManagedZone (in the same namespace) of:
When MGC wants to create the DNS Records for a host, it will create them in the most exactly matching ManagedZone.
e.g. given the zones
api.hcpapps.net the DNS Records for the host
test.api.hcpapps.net will be created in the
Delegation allows you to give control of a subdomain of a root domain to MGC while the root domain has it's DNS zone elsewhere.
In the scenario where a root domain has a zone outside Route53, e.g.
external.com, and a ManagedZone for
delegated.external.com is required, the following steps can be taken:
- Create the ManagedZone for
delegated.external.com and wait until the status is updated with an array of nameservers (e.g.
- Copy these nameservers to your root zone for
external.com, you can create a NS record for each nameserver against the
Now, when MGC creates a DNS record in it's Route53 zone for
delegated.external.com, it will be resolved correctly.
Creating a ManagedZone
To create a
ManagedZone, you will first need to create a DNS provider Secret. To create one, see our DNS Provider setup guide, and make note of your provider's secret name.
To create a bew
ManagedZone with AWS Route, with a DNS Provider secret named
This will create a new Zone in AWS, for
mydomain.example.com, using the DNS Provider credentials in the
If you'd like to create a
ManagedZone for an existing zone in AWS, note its Zone ID and run:
This is a reference to secret containing the credentials and other configuration for accessing your dns provider dnsProvider
Note: the Secret referenced in the
dnsProviderSecretRef field must be in the same namespace as the ManagedZone.
Note: as an
id was specified, the Managed Gateway Controller will not re-create this zone, nor will it delete it if this
ManagedZone is deleted.
At the moment the MGC is given credentials to connect to the DNS provider at startup using environment variables, because of that, MGC is limited to one provider type (Route53), and all zones must be in the same Route53 account.
There are plans to make this more customizable and dynamic in the future, work tracked here.
Spec of a ManagedZone
The ManagedZone is a simple resource with an uncomplicated API, see a sample here.