Open in app

Sign in

Write

Sign in

Changing Load Balancer shape in Oracle Container Engine (OKE) and updating DNS with ExternalDNS

Ali Mukadam
Oracle Developers
Published in
4 min readApr 15, 2019

In the previous post, we did the following:

  1. Deployed an application
  2. Deployed a LoadBalancer service which gives you a public IP address
  3. Created an ingress with host-based rules

To make this service publicly resolvable by DNS, we also manually created a DNS Zone, along with a DNS ‘A’ record and pointing it to the public IP address of the Load Balancer. By default, the shape of the OCI Load Balancer that is created is ‘100 Mbps’.

Clean up

First do a little clean up from the previous post:

  1. In the OCI Console, navigate to Edge Services, DNS Zone Management and click on your DNS zone name
  2. Select your DNS ‘A’ record from by checking the checkbox next to it and select Actions > Delete. Then, click on Publish Changes to make the change effective.
  3. Delete the Load Balancer Service:
kubectl delete svc nginx-ingress-controller

Changing the shape of the Load Balancer

Say, your application is handling increased load and you want to change the shape of your Load Balancer.

You can do this by adding an annotation. You can review the available annotations here.

Download the hello-ingresscontroller.yaml:

curl -o hello-ingresscontroller.yaml https://raw.githubusercontent.com/hyder/okesamples/master/loadbalancer/hello-ingresscontroller.yaml

Add the following annotations to hello-ingresscontroller.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-controller
  namespace: default
  labels:
    app: nginx-ingress-controller
  annotations:
    service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
spec:
  type: LoadBalancer
  ports:
  - port: 80
    nodePort: 30021
    name: http
  - port: 443
    nodePort: 30022
    name: https
  selector:
    app: nginx-ingress-controller

If you wish to specify the 2 required subnets of the Load Balancer, you can also do that. If not, they will be automatically selected for you.

Apply the changes:

kubectl apply -f hello-ingresscontroller.yaml

Verify that the shape of the Load Balancer is now changed to 400Mbps:

In order for your FQDN to resolve to the new IP address, you would need to edit the DNS ‘A’ Record you created previously and update the IP Address.

All this changing and updating can be tedious to do manually. Wouldn’t it be nice if we could update this automatically? Step forward External DNS.

External DNS

ExternalDNS handles this last bit for you by synchronizing your DNS records with the expected entry points, particularly when you use Ingresses based on request host.

An ExternalDNS makes Kubernetes resources such as Services and Ingresses discoverable using public DNS servers. It configures public DNS servers and updates the required DNS records so you do not have to do it manually.

First, create the following yaml and save it to oci.yaml:

auth:
  region: us-phoenix-1
  tenancy: ocid1.tenancy.oc1...
  user: ocid1.user.oc1...
  key: |
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
  fingerprint: af:81:71:8e...
compartment: ocid1.compartment.oc1...

The key must match your api private key. If you have created your OKE cluster using terraform-oci-oke, you will have these already. If not, follow the instructions to create the key and uploading it to OCI.

You can now create a secret:

kubectl create secret generic external-dns-config --from-file=oci.yaml

Next, create a ServiceAccount, a ClusterRoleBinding and a Deployment for ExternalDNS:

kubectl apply -f   https://raw.githubusercontent.com/hyder/okesamples/master/loadbalancer/externaldns-rbac.yaml

Edit Update your annotations for the loadbalancer:

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-controller
  namespace: default
  labels:
    app: nginx-ingress-controller
  annotations:
    service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
    external-dns.alpha.kubernetes.io/hostname: www.example.org
spec:
  type: LoadBalancer
  ports:
  - port: 80
    nodePort: 30021
    name: http
  - port: 443
    nodePort: 30022
    name: https
  selector:
    app: nginx-ingress-controller

And apply it again:

kubectl apply -f hello-ingresscontroller.yaml

Verify the following:

  1. a DNS ‘A’ record has been created with the IP Address of the Load Balancer
  2. You can publicly resolve your FQDN using either nslookup or in the case of this application, your browser — you might need to give it a few minutes before the change is updated.

For more information on ExternalDNS with OCI, you can check this tutorial on GitHub.

If you are using Oracle Dyn, you can refer to this tutorial instead.

Kubernetes
DNS
Oracle
DevOps
Oracle Cloud

--

--

Ali Mukadam
Oracle Developers

Written by Ali Mukadam

480 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams