Install DTC
This topic describes installing the Dynamic Traffic Controller (DTC) on a
supported Kubernetes cluster. This document assumes you have already installed
ExternalDNS and configured it for your DNS provider (likely NS1). For details on
installing ExternalDNS, see ExternalDNS.
Dynamic Traffic Controller Configuration Parameters
The following parameters are used to configure the DTC as described in the DTC YAML file.
DTC Parameters with the ServiceAccount Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| apiVersion | String | The RBAC API version. The value must be rbac.authorization.k8s.io/v1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be ServiceAccount. | Mandatory |
| metadata | Object | The metadata describes the parameters (names and types) and attributes that have been applied. | Mandatory |
DTC Metadata Parameters with the ServiceAccount Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| name | String | The name of the Service Account that you define. | Mandatory |
DTC Parameters with the ClusterRole Object Schema
The following parameters are used to configure the Dynamic Traffic Controller (DTC) ClusterRole object as described in
the DTC YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| apiVersion | String | The RBAC API version. The value must be rbac.authorization.k8s.io/v1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be ClusterRole. | Mandatory |
| metadata | Object | The metadata describes the parameters (names and types) and attributes that have been applied. | Mandatory |
| rules | Object | This parameter holds information that describes a policy rule. It does not contain information about who the rule applies to or which namespace the rule applies to. | Mandatory |
DTC Metadata Parameters with the ClusterRole Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| name | String | The name of the role that you define. | Mandatory |
DTC Rules Parameters with the ClusterRole Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| apiGroups | String Array | The name of the API group that contains the resources. If multiple API groups are specified, an action requested against one of the resources in any API group is allowed. You must not add an asterisk * to represent all API groups. An empty apiGroup represents the core API group. | Mandatory |
| resources | String Array | This contains an array of optional list of names that the rule applies to. An empty set means that all resources are allowed. | Mandatory |
| verbs | String Array | A list of verbs that apply to all the resource types contained in this rule. * represents all verbs that apply to the resource types. | Mandatory |
DTC Parameters with the ClusterRoleBinding Object Schema
The following parameters are used to configure the Dynamic Traffic Controller (DTC) ClusterRoleBinding object as described in
the DTC YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| apiVersion | String | The RBAC API version. The value must be rbac.authorization.k8s.io/v1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be ClusterRole. | Mandatory |
| metadata | Object | The metadata describes the parameters (names and types) and attributes that have been applied. | Mandatory |
| roleRefs | Object | This a reference to the role being granted. | Mandatory |
| subjects | Object | The name of the resource and schema to which the role is applied. For each namespace, the subjects must be added separately in an array. | Mandatory |
DTC Metadata Parameters with the ClusterRoleBinding Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| name | String | The name of the role that you define. | Mandatory |
DTC Role Reference Parameters with the ClusterRoleBinding Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be rbac.authorization.k8s.io/v1 for Kubernetes (K8s) roles. | Mandatory |
| kind | String | The kind of the role that is being referenced. The value must be ClusterRole for a Kubernetes (K8s) role. | Mandatory |
| name | String | The name of the role that you assign to the slice and namespaces onboarded onto that slice. | Mandatory |
DTC Subjects Parameters with the ClusterRoleBinding Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| kind | String | The type of the resource for which you assign the role. For example, the kind is a User, ServiceAccount, or a Group. | Mandatory |
| name | String | The name of the resource to which the role is applied. | Mandatory |
| namespace | String | The namespace that contains the resource to which the role is applied | Mandatory |
DTC Parameters with the Deployment Object Schema
The following parameters are used to configure the Dynamic Traffic Controller (DTC) Deployment object as described in
the DTC YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| apiVersion | String | The RBAC API version. The value must be rbac.authorization.k8s.io/v1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be ClusterRole. | Mandatory |
| metadata | Object | The metadata describes the parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
DTC Metadata Parameters with the Deployment Object Schema
| Parameter | Parameter Type | Description | Required | |
|---|---|---|---|---|
| labels | Object | A key value pair to use with the matchLabels selector. | Mandatory | labels |
| name | String | The name of the application that you deploy. | Mandatory | |
| namespace | String | The namespace on which you deploy the application. | Mandatory |
DTC Metadata Labels Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| k8s-app | String | A selector to match deployment pods to the deployment. | Mandatory |
DTC Spec Parameters with the Deployment Object Schema
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| replicas | String | The number of dns-controller pods to be created. | Mandatory |
| selector | Object | The label which identifies DTC pods. | Mandatory |
| template | Object | The pod definition for the DTC deployment. | Mandatory |
DTC Spec Selector Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| matchLabels | Object | Specifies the labels to match when associating pods with a deployment. | Mandatory |
DTC Spec Selector Match Labels Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| k8s-app | String | The key value selector pair for the deployment. | Mandatory |
DTC Spec Template Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| metadata | Object | The metadata of the deployment such as it's name and namespace. | Mandatory |
| spec | The deployment specifications such as the number of replicas and template. | Object | Mandatory |
DTC Template Metadata Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| labels | Object | A key value pair label which will be used by selectors to target the DTC deployment and pods. | Mandatory |
| name | String | The name of the DTC pod. | Mandatory |
DTC Template Metadata Labels Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| k8s-app | String | A selector tvo match deployment pods to the deployment. | Mandatory |
DTC Template Spec Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| serviceAccountName | String | The name of the service account. | Mandatory |
| containers | Object | Mandatory |
DTC Template Spec Container Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| name | String | The name of the container within the pod. | Mandatory |
| image | String | The latest image for the DTC. | Mandatory |
| imagePullPolicy | String | Image pull policy determines when a new image should be pulled from a Docker repository. | Mandatory |
| resources | Object | This contains an array of optional list of names that the rule applies to. An empty set means that all resources are allowed. | Mandatory |
| serviceAccountName | String | The name of the service account. | Mandatory |
DTC Container Resources Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| limits | Object | The section contains the limit object that sets limits for CPU, memory, and pod count. | Mandatory |
| requests | Object | The section contains the requests object that sets scheduling requirements for CPU, memory, and pod count. | Mandatory |
DTC Resource Limits Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| cpu | String | The maximum allowable CPU usage by the pod. | Mandatory |
| memory | String | The maximum allowable memory usage by the pod. | Mandatory |
DTC Resource Requests Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| cpu | String | The minimum amount of CPU which must be available to schedule a pod on a node. | Mandatory |
| memory | String | The minimum amount of memory which must be available to schedule a pod on a node. | Mandatory |
Create a Dynamic Traffic Controller YAML File
info
The following manifest file contains default resource requests which should be sufficient for most users. Be sure to watch your resource utilization as you add services to the Dynamic Traffic Controller and make adjustments as required.
Copy the following configuration into a new descriptively named YAML file, such as
gcp-dynamic-traffic-controller.yaml.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dns-controller-sa
namespace: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dns-controller-clusterrole
namespace: external-dns
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["extensions", "networking.k8s.io/v1"]
resources: ["ingress"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dns-controller-clusterrolebinding
namespace: external-dns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dns-controller-clusterrole
subjects:
- kind: ServiceAccount
name: dns-controller-sa
namespace: external-dns
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: dns-controller
name: dns-controller
namespace: external-dns
spec:
replicas: 1
selector:
matchLabels:
k8s-app: dns-controller
template:
metadata:
labels:
k8s-app: dns-controller
spec:
containers:
- name: dns-controller
image: "aveshasystems/dynamic_traffic_controller:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 35m
memory: 50Mi
limits:
cpu: 75m
memory: 100Mi
serviceAccountName: dns-controller-sa
Apply the Dynamic Traffic Controller YAML File
Use the following kubectl command to install all required components of the Dynamic Traffic Controller.
kubectl apply -f gcp-dynamic-traffic-controller.yaml -n external-dns
Expected Output:
serviceaccount/dns-controller-sa created
clusterrole.rbac.authorization.k8s.io/dns-controller-clusterrole created
clusterrolebinding.rbac.authorization.k8s.io/dns-controller-clusterrolebinding created
deployment.apps/dns-controller created
Wait a few moments to a minute, and then run the following command to verify the Dynamic Traffic Controller's pod is running without error.
kubectl get pods -n external-dns