Product DocumentationAppearance
Configuring DNS records for GCP
Prerequisites
- GCP
gcloudCLI - Necessary GCP permissions for DNS administration.
You may also choose to use kubectl to find some information in the example below.
Instructions
Step 1: Create a ‘child’ hosted zone for your Yellowbrick environment and retrieve the NS records. This will be the account of your Yellowbrick deployment
bash
gcloud auth login
gcloud config set project $projectId
## Example: gcloud config set project myProject
gcloud config get-value project
childZoneName="${YOUR-CHILD-ZONE-NAME}"
childZoneDnsName="${YOUR-CHILD-ZONE-DNS-NAME}"
## Examples:
# childZoneName="xyz-dev-yellowbrickcloud-com"
# childZoneDnsName="xyz.dev.yellowbrickcloud.com"
gcloud dns managed-zones create $childZoneName \
--dns-name=$childZoneDnsName \
--description=$YOUR-DESCRIPTION \
--visibility=$visibility
## $visibility can be 'public' or 'private,' depending on type of yellowbrick install
## Example:
# gcloud dns managed-zones create xyz-dev-yellowbrickcloud-com \
# --dns-name="xyz.dev.yellowbrickcloud.com" \
# --description="YB DNS Zone" \
# --visibility=public
## Retrieve the ns records for the next step
nsRecords=($(gcloud dns record-sets list --zone=$childZoneName --name=$childZoneDnsName --type=NS --format=json | jq -r '.[].rrdatas[]')) && echo "${nsRecords[@]}"Step 2: In the account of your root DNS zone, delegate and add the NS (nameserver) records of your child hosted zone to your domain. You will need to have access to the account of your root DNS zone.
bash
## Switch your gcloud cli to the proper gcp project of your root dns zone
gcloud config set project $projectId
## Example: gcloudconfig set project myRootDnsZoneProject
gcloud config get-value project
rootZoneDnsName="${YOUR-ROOT-DNS-ZONE-NAME}"
## Example: rootZoneDnsName=dev.yellowbrickcloud.com
rootZoneName="${YOUR-ROOT-DNS-NAME}"
## Example: rootZoneName=dev-yellowbrickcloud-com
## Prepare the transaction.yaml and add the NS records of your child zone to your root zone for delegation
gcloud dns record-sets transaction start --zone=$rootZoneName
## Example gcloud dns record-sets transaction start --zone=dev-yellowbrickcloud-com
echo "${nsRecords[@]}"
## Example output:
# ns-cloud-b1.googledomains.com. ns-cloud-b2.googledomains.com. ns-cloud-b3.googledomains.com. ns-cloud-b4.googledomains.com.
## Change the ns records to reflect your output of the previous command. This command simply updates the transaction.yaml. Ensure the '.' are at the end of each
gcloud dns record-sets transaction add ${nsRecord1}. ${nsRecord2}. ${nsRecord3}. ${nsRecord4}. \
--name="${childZoneDnsName}" \
--ttl=3600 \
--type=NS \
--zone="${rootZoneDnsName}"
## Example:
# gcloud dns record-sets transaction add ns-cloud-b1.googledomains.com. ns-cloud-b2.googledomains.com. ns-cloud-b3.googledomains.com. ns-cloud-b4.googledomains.com. \
# --name=xyz.dev.yellowbrickcloud.com \
# --ttl=3600 \
# --type=NS \
# --zone=dev.yellowbrickcloud.com
## Delegate the zone
gcloud dns record-sets transaction execute --zone=$rootZoneName
## Output: "Executed transaction [transaction.yaml] for managed-zone [dev-yellowbrickcloud-com]."
## Check existence of subdomain's ns records
gcloud dns record-sets list --zone=$rootZoneName --name=$childZoneDnsName --type=NS --format=json
## You should see your child zone's NS records in your root zone. Example output:
# [
# {
# "kind": "dns#resourceRecordSet",
# "name": "xyz.dev.yellowbrickcloud.com.",
# "rrdatas": [
# "ns-cloud-b1.googledomains.com.",
# "ns-cloud-b2.googledomains.com.",
# "ns-cloud-b3.googledomains.com.",
# "ns-cloud-b4.googledomains.com."
# ],
# "ttl": 3600,
# "type": "NS"
# }
# ]
## You can also view this in the GCP console: GCP > {your-project} > Network Services > Cloud DNS > {your-root-zone}. Check for your subdomain/child-zone
rm transaction.yamlStep 3: Test DNS resolution of the child hosted zone with dig or nslookup.
bash
dig -t NS $childZoneDnsName
## EXAMPLE: dig -t NS mysubdomain.dev.mydomain.com
## You should see an ANSWER section
# ;; ANSWER SECTION:
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-1241.awsdns-27.org.
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-1703.awsdns-20.co.uk.
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-490.awsdns-61.com.
# mysubdomain.dev.mydomain.com. 172800 IN NS ns-527.awsdns-01.net.
## Or you can use nslookup
nslookup -type=ns $childZoneDnsNameStep 4: In the account of your Yellowbrick deployment, add the Yellowbrick Manager IP or DNS A record name to your hosted zone. You will need to retrieve the Yellowbrick Manager IP address and update the 'ip' variable. This record can be anything you desire (manager, mgr, yb-manager, etc). We will be creating a simple A record pointing to a name you desire (Example: 142.250.65.110 referencing manager.yellowbrick.com).
bash
## Switch your gcloud cli to the proper gcp project of your child dns zone
gcloud config set project $projectId
## Example: gcloudconfig set project myChildDnsZoneProject
gcloud config get-value project
childZoneName="${YOUR-CHILD-ZONE-NAME}"
childZoneDnsName="${YOUR-CHILD-ZONE-DNS-NAME}"
## Examples:
childZoneName="xyz-dev-yellowbrickcloud-com"
childZoneDnsName="xyz.dev.yellowbrickcloud.com"
## Update the ip to reflect your Yellowbrick Manager IP
ip=""
## Or you can retrieve the same result with kubectl:
## ip=$(kubectl -n $NAMESPACE get service yb-manager-service -o json | jq '.status.loadBalancer.ingress[].ip' | sed 's/"//g')
## Prepare the transaction.yaml and add the A records of the Yellowbrick Manager ip to your child zone
gcloud dns record-sets transaction start --zone=$childZoneName
## Change the 'recordNameYm' to a name you desire. For example if your data warehouse name is 'dw', then you would use dw.
recordNameYm="manager"
gcloud dns record-sets transaction add $ip \
--name="${recordNameYm}.${childZoneDnsName}." \
--ttl=300 \
--type=A \
--zone=$childZoneName
## Example:
# gcloud dns record-sets transaction add $ip \
# --name="manager.xyz.dev.yellowbrickcloud.com." \
# --ttl=300 \
# --type=A \
# --zone=$childZoneName
gcloud dns record-sets transaction execute --zone=$childZoneName
## Check resolution
dig -t A ${recordName}.${childZoneDnsName}
## Example: dig -t A manager.xyz.dev.yellowbrickcloud.comStep 5: Add the Yellowbrick instance IP(s) or DNS name of the NLB to your child hosted zone. You will need to retrieve your IP associated with the instance. This can be found in the Yellowbrick Manager under "instances." For each data warehouse instance, you will need to enter a DNS record by performing this step.
bash
## Retrieve the NLB A record of the data warehouse instance from the Yellowbrick Manager under 'Instances' > 'Host/Port'.
dwInstanceIp=""
## Example: dwInstanceIp=123.456.789.214
## Or you can retrieve the same result with kubectl:
## dwInstanceIp=$(kubectl -n $NAMESPACE ybinst-${instanceName} -o json | jq '.status.loadBalancer.ingress[].ip' | sed 's/"//g')
## Prepare the transaction.yaml and add the A records of the NLB to your child zone
gcloud dns record-sets transaction start --zone=$childZoneName
## Change the recordName to something unique for your data warehouse instance. It can be the data warehouse name you set in the Yellowbrick manager.
recordNameDw="dw"
gcloud dns record-sets transaction add $dwInstanceIp \
--name="${recordNameDw}.${childZoneDnsName}." \
--ttl=300 \
--type=A \
--zone=$childZoneName
## Example with 'dw' as the data warehouse name:
# gcloud dns record-sets transaction add $dwInstanceIp \
# --name="dw.xyz.dev.yellowbrickcloud.com." \
# --ttl=300 \
# --type=A \
# --zone=$childZoneName
gcloud dns record-sets transaction execute --zone=$childZoneNameStep 6: Check DNS resolution
bash
dig -t A ${recordNameDw}.${childZoneDnsName}
## Example: dig -t A dw.xyz.dev.yellowbrickcloud.com