· 6 years ago · Mar 20, 2020, 08:52 PM
1usage: external-dns --source=source --provider=provider [<flags>]
2
3ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS
4providers.
5
6Note that all flags may be replaced with env vars - `--flag` ->
7`EXTERNAL_DNS_FLAG=1` or `--flag value` -> `EXTERNAL_DNS_FLAG=value`
8
9Flags:
10 --help Show context-sensitive help (also try
11 --help-long and --help-man).
12 --version Show application version.
13 --master="" The Kubernetes API server to connect to
14 (default: auto-detect)
15 --kubeconfig="" Retrieve target cluster configuration from a
16 Kubernetes configuration file (default:
17 auto-detect)
18 --request-timeout=30s Request timeout when calling Kubernetes APIs. 0s
19 means no timeout
20 --cf-api-endpoint="" The fully-qualified domain name of the cloud
21 foundry instance you are targeting
22 --cf-username="" The username to log into the cloud foundry API
23 --cf-password="" The password to log into the cloud foundry API
24 --contour-load-balancer="heptio-contour/contour"
25 The fully-qualified name of the Contour load
26 balancer service. (default:
27 heptio-contour/contour)
28 --skipper-routegroup-groupversion="zalando.org/v1"
29 The resource version for skipper routegroup
30 --source=source ... The resource types that are queried for
31 endpoints; specify multiple times for multiple
32 sources (required, options: service, ingress,
33 node, fake, connector, istio-gateway,
34 cloudfoundry, contour-ingressroute, crd, empty,
35 skipper-routegroup)
36 --namespace="" Limit sources of endpoints to a specific
37 namespace (default: all namespaces)
38 --annotation-filter="" Filter sources managed by external-dns via
39 annotation using label selector semantics
40 (default: all sources)
41 --fqdn-template="" A templated string that's used to generate DNS
42 names from sources that don't define a hostname
43 themselves, or to add a hostname suffix when
44 paired with the fake source (optional). Accepts
45 comma separated list for multiple global FQDN.
46 --combine-fqdn-annotation Combine FQDN template and Annotations instead of
47 overwriting
48 --ignore-hostname-annotation Ignore hostname annotation when generating DNS
49 names, valid only when using fqdn-template is
50 set (optional, default: false)
51 --compatibility= Process annotation semantics from legacy
52 implementations (optional, options: mate,
53 molecule)
54 --publish-internal-services Allow external-dns to publish DNS records for
55 ClusterIP services (optional)
56 --publish-host-ip Allow external-dns to publish host-ip for
57 headless services (optional)
58 --always-publish-not-ready-addresses
59 Always publish also not ready addresses for
60 headless services (optional)
61 --connector-source-server="localhost:8080"
62 The server to connect for connector source,
63 valid only when using connector source
64 --crd-source-apiversion="externaldns.k8s.io/v1alpha1"
65 API version of the CRD for crd source, e.g.
66 `externaldns.k8s.io/v1alpha1`, valid only when
67 using crd source
68 --crd-source-kind="DNSEndpoint"
69 Kind of the CRD for the crd source in API group
70 and version specified by crd-source-apiversion
71 --service-type-filter=SERVICE-TYPE-FILTER ...
72 The service types to take care about (default:
73 all, expected: ClusterIP, NodePort, LoadBalancer
74 or ExternalName)
75 --provider=provider The DNS provider where the DNS records will be
76 created (required, options: aws, aws-sd, google,
77 azure, azure-dns, azure-private-dns, cloudflare,
78 rcodezero, digitalocean, dnsimple, akamai,
79 infoblox, dyn, designate, coredns, skydns,
80 inmemory, pdns, oci, exoscale, linode, rfc2136,
81 ns1, transip, vinyldns, rdns)
82 --domain-filter= ... Limit possible target zones by a domain suffix;
83 specify multiple times for multiple domains
84 (optional)
85 --exclude-domains= ... Exclude subdomains (optional)
86 --zone-id-filter= ... Filter target zones by hosted zone id; specify
87 multiple times for multiple zones (optional)
88 --google-project="" When using the Google provider, current project
89 is auto-detected, when running on GCP. Specify
90 other project with this. Must be specified when
91 running outside GCP.
92 --google-batch-change-size=1000
93 When using the Google provider, set the maximum
94 number of changes that will be applied in each
95 batch.
96 --google-batch-change-interval=1s
97 When using the Google provider, set the interval
98 between batch changes.
99 --alibaba-cloud-config-file="/etc/kubernetes/alibaba-cloud.json"
100 When using the Alibaba Cloud provider, specify
101 the Alibaba Cloud configuration file (required
102 when --provider=alibabacloud
103 --alibaba-cloud-zone-type= When using the Alibaba Cloud provider, filter
104 for zones of this type (optional, options:
105 public, private)
106 --aws-zone-type= When using the AWS provider, filter for zones of
107 this type (optional, options: public, private)
108 --aws-zone-tags= ... When using the AWS provider, filter for zones
109 with these tags
110 --aws-assume-role="" When using the AWS provider, assume this IAM
111 role. Useful for hosted zones in another AWS
112 account. Specify the full ARN, e.g.
113 `arn:aws:iam::123455567:role/external-dns`
114 (optional)
115 --aws-batch-change-size=1000 When using the AWS provider, set the maximum
116 number of changes that will be applied in each
117 batch.
118 --aws-batch-change-interval=1s
119 When using the AWS provider, set the interval
120 between batch changes.
121 --aws-evaluate-target-health When using the AWS provider, set whether to
122 evaluate the health of a DNS target (default:
123 enabled, disable with
124 --no-aws-evaluate-target-health)
125 --aws-api-retries=3 When using the AWS provider, set the maximum
126 number of retries for API calls before giving
127 up.
128 --aws-prefer-cname When using the AWS provider, prefer using CNAME
129 instead of ALIAS (default: disabled)
130 --azure-config-file="/etc/kubernetes/azure.json"
131 When using the Azure provider, specify the Azure
132 configuration file (required when
133 --provider=azure
134 --azure-resource-group="" When using the Azure provider, override the
135 Azure resource group to use (required when
136 --provider=azure-private-dns)
137 --azure-subscription-id="" When using the Azure provider, specify the Azure
138 configuration file (required when
139 --provider=azure-private-dns)
140 --azure-user-assigned-identity-client-id=""
141 When using the Azure provider, override the
142 client id of user assigned identity in config
143 file (optional)
144 --cloudflare-proxied When using the Cloudflare provider, specify if
145 the proxy mode must be enabled (default:
146 disabled)
147 --cloudflare-zones-per-page=50
148 When using the Cloudflare provider, specify how
149 many zones per page listed, max. possible 50
150 (default: 50)
151 --coredns-prefix="/skydns/" When using the CoreDNS provider, specify the
152 prefix name
153 --akamai-serviceconsumerdomain=""
154 When using the Akamai provider, specify the base
155 URL (required when --provider=akamai)
156 --akamai-client-token="" When using the Akamai provider, specify the
157 client token (required when --provider=akamai)
158 --akamai-client-secret="" When using the Akamai provider, specify the
159 client secret (required when --provider=akamai)
160 --akamai-access-token="" When using the Akamai provider, specify the
161 access token (required when --provider=akamai)
162 --infoblox-grid-host="" When using the Infoblox provider, specify the
163 Grid Manager host (required when
164 --provider=infoblox)
165 --infoblox-wapi-port=443 When using the Infoblox provider, specify the
166 WAPI port (default: 443)
167 --infoblox-wapi-username="admin"
168 When using the Infoblox provider, specify the
169 WAPI username (default: admin)
170 --infoblox-wapi-password="" When using the Infoblox provider, specify the
171 WAPI password (required when
172 --provider=infoblox)
173 --infoblox-wapi-version="2.3.1"
174 When using the Infoblox provider, specify the
175 WAPI version (default: 2.3.1)
176 --infoblox-ssl-verify When using the Infoblox provider, specify
177 whether to verify the SSL certificate (default:
178 true, disable with --no-infoblox-ssl-verify)
179 --infoblox-view="" DNS view (default: "")
180 --infoblox-max-results=0 Add _max_results as query parameter to the URL
181 on all API requests. The default is 0 which
182 means _max_results is not set and the default of
183 the server is used.
184 --dyn-customer-name="" When using the Dyn provider, specify the
185 Customer Name
186 --dyn-username="" When using the Dyn provider, specify the
187 Username
188 --dyn-password="" When using the Dyn provider, specify the pasword
189 --dyn-min-ttl=DYN-MIN-TTL Minimal TTL (in seconds) for records. This value
190 will be used if the provided TTL for a
191 service/ingress is lower than this.
192 --oci-config-file="/etc/kubernetes/oci.yaml"
193 When using the OCI provider, specify the OCI
194 configuration file (required when --provider=oci
195 --rcodezero-txt-encrypt When using the Rcodezero provider with txt
196 registry option, set if TXT rrs are encrypted
197 (default: false)
198 --inmemory-zone= ... Provide a list of pre-configured zones for the
199 inmemory provider; specify multiple times for
200 multiple zones (optional)
201 --pdns-server="http://localhost:8081"
202 When using the PowerDNS/PDNS provider, specify
203 the URL to the pdns server (required when
204 --provider=pdns)
205 --pdns-api-key="" When using the PowerDNS/PDNS provider, specify
206 the API key to use to authorize requests
207 (required when --provider=pdns)
208 --pdns-tls-enabled When using the PowerDNS/PDNS provider, specify
209 whether to use TLS (default: false, requires
210 --tls-ca, optionally specify --tls-client-cert
211 and --tls-client-cert-key)
212 --ns1-endpoint="" When using the NS1 provider, specify the URL of
213 the API endpoint to target (default:
214 https://api.nsone.net/v1/)
215 --ns1-ignoressl When using the NS1 provider, specify whether to
216 verify the SSL certificate (default: false)
217 --tls-ca="" When using TLS communication, the path to the
218 certificate authority to verify server
219 communications (optionally specify
220 --tls-client-cert for two-way TLS)
221 --tls-client-cert="" When using TLS communication, the path to the
222 certificate to present as a client (not required
223 for TLS)
224 --tls-client-cert-key="" When using TLS communication, the path to the
225 certificate key to use with the client
226 certificate (not required for TLS)
227 --exoscale-endpoint="https://api.exoscale.ch/dns"
228 Provide the endpoint for the Exoscale provider
229 --exoscale-apikey="" Provide your API Key for the Exoscale provider
230 --exoscale-apisecret="" Provide your API Secret for the Exoscale
231 provider
232 --rfc2136-host="" When using the RFC2136 provider, specify the
233 host of the DNS server
234 --rfc2136-port=0 When using the RFC2136 provider, specify the
235 port of the DNS server
236 --rfc2136-zone="" When using the RFC2136 provider, specify the
237 zone entry of the DNS server to use
238 --rfc2136-insecure When using the RFC2136 provider, specify whether
239 to attach TSIG or not (default: false, requires
240 --rfc2136-tsig-keyname and rfc2136-tsig-secret)
241 --rfc2136-tsig-keyname="" When using the RFC2136 provider, specify the
242 TSIG key to attached to DNS messages (required
243 when --rfc2136-insecure=false)
244 --rfc2136-tsig-secret="" When using the RFC2136 provider, specify the
245 TSIG (base64) value to attached to DNS messages
246 (required when --rfc2136-insecure=false)
247 --rfc2136-tsig-secret-alg="" When using the RFC2136 provider, specify the
248 TSIG (base64) value to attached to DNS messages
249 (required when --rfc2136-insecure=false)
250 --rfc2136-tsig-axfr When using the RFC2136 provider, specify the
251 TSIG (base64) value to attached to DNS messages
252 (required when --rfc2136-insecure=false)
253 --rfc2136-min-ttl=0s When using the RFC2136 provider, specify minimal
254 TTL (in duration format) for records. This value
255 will be used if the provided TTL for a
256 service/ingress is lower than this
257 --transip-account="" When using the TransIP provider, specify the
258 account name (required when --provider=transip)
259 --transip-keyfile="" When using the TransIP provider, specify the
260 path to the private key file (required when
261 --provider=transip)
262 --policy=sync Modify how DNS records are synchronized between
263 sources and providers (default: sync, options:
264 sync, upsert-only, create-only)
265 --registry=txt The registry implementation to use to keep track
266 of DNS record ownership (default: txt, options:
267 txt, noop, aws-sd)
268 --txt-owner-id="default" When using the TXT registry, a name that
269 identifies this instance of ExternalDNS
270 (default: default)
271 --txt-prefix="" When using the TXT registry, a custom string
272 that's prefixed to each ownership DNS record
273 (optional)
274 --txt-cache-interval=0s The interval between cache synchronizations in
275 duration format (default: disabled)
276 --interval=1m0s The interval between two consecutive
277 synchronizations in duration format (default:
278 1m)
279 --once When enabled, exits the synchronization loop
280 after the first iteration (default: disabled)
281 --dry-run When enabled, prints DNS record changes rather
282 than actually performing them (default:
283 disabled)
284 --events When enabled, in addition to running every
285 interval, the reconciliation loop will get
286 triggered when supported sources change
287 (default: disabled)
288 --log-format=text The format in which log messages are printed
289 (default: text, options: text, json)
290 --metrics-address=":7979" Specify where to serve the metrics and health
291 check endpoint (default: :7979)
292 --log-level=info Set the level of logging. (default: info,
293 options: panic, debug, info, warning, error,
294 fatal