Resource Definitions
Driver
Capability
Flavor
Resource Type
External Dns Cert Manager
This section contains example Resource Definitions for using External DNS and Cert Manager by setting annotations in the Ingress
dns.yaml
generates a DNS subdomain that can then be used by External DNS to create the DNS record.ingress.yaml
creates a Kubernetes Ingress resource with the following annotations:cert-manager.io/cluster-issuer
- set to the cluster issuer already defined in the cluster. (Cert Manager Ingress Annotations )external-dns.alpha.kubernetes.io/hostname
- set to a resource reference to the DNS that the ingress is for. (External DNS Ingress Annotation Hostname )
Before using the above examples, ensure that:
- External DNS and Cert Manager operators are installed and configured in the cluster,
- matching criteria in both resource definitions are updated,
- the Cluster Issuer Annotation in the Ingress resource is updated and
- the super domain in the dns resource definition.
Resource Definitions #
dns.yaml
(view on GitHub )
:
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: external-dns-cert-manager-dns
entity:
driver_type: humanitec/dns-wildcard
driver_inputs:
values:
# Update to your DNS superdomain
domain: staging.hosted-domain.com
# Update to your preferred template for the subdomain
template: "${context.env.id}-${context.app.id}"
name: external-dns-cert-manager-dns
type: dns
provision:
ingress: {}
criteria:
# Change to match the name of the app you want this to apply to
- app_id: external-dns-cert-manager-example-app
ingress.yaml
(view on GitHub )
:
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: external-dns-cert-manager-ingress
entity:
driver_type: humanitec/ingress
driver_inputs:
values:
annotations:
# Replace with your Cert Manager Cluster Issuer
cert-manager.io/cluster-issuer: my-cluster-certificate-issue
external-dns.alpha.kubernetes.io/hostname: ${resources.dns.outputs.host}
class: nginx
# Use the Globally Unique RESource ID of the DNS resource in order to
# have a secret name that is unique to the DNS. Cert Manager will create
# a secret with this name.
tls_secret_name: tls-cert-${resources.dns.guresid}
name: external-dns-cert-manager-ingress
type: ingress
criteria:
# Change to match the name of the app you want this to apply to
- app_id: external-dns-cert-manager-example-app
dns.tf
(view on GitHub )
:
resource "humanitec_resource_definition" "external-dns-cert-manager-dns" {
driver_type = "humanitec/dns-wildcard"
id = "external-dns-cert-manager-dns"
name = "external-dns-cert-manager-dns"
type = "dns"
driver_inputs = {
values_string = jsonencode({
"domain" = "staging.hosted-domain.com"
"template" = "$${context.env.id}-$${context.app.id}"
})
}
provision = {
"ingress" = {
}
}
}
resource "humanitec_resource_definition_criteria" "external-dns-cert-manager-dns_criteria_0" {
resource_definition_id = resource.humanitec_resource_definition.external-dns-cert-manager-dns.id
app_id = "external-dns-cert-manager-example-app"
}
ingress.tf
(view on GitHub )
:
resource "humanitec_resource_definition" "external-dns-cert-manager-ingress" {
driver_type = "humanitec/ingress"
id = "external-dns-cert-manager-ingress"
name = "external-dns-cert-manager-ingress"
type = "ingress"
driver_inputs = {
values_string = jsonencode({
"annotations" = {
"cert-manager.io/cluster-issuer" = "my-cluster-certificate-issue"
"external-dns.alpha.kubernetes.io/hostname" = "$${resources.dns.outputs.host}"
}
"class" = "nginx"
"tls_secret_name" = "tls-cert-$${resources.dns.guresid}"
})
}
}
resource "humanitec_resource_definition_criteria" "external-dns-cert-manager-ingress_criteria_0" {
resource_definition_id = resource.humanitec_resource_definition.external-dns-cert-manager-ingress.id
app_id = "external-dns-cert-manager-example-app"
}