Infrastructure as Code (IaC) is a great process to manage the creation of your infrastructure. In an earlier post, I have created such a pipeline using Azure CLI to create all my resources in Azure. This pipeline creates an AKS cluster and all necessary services like a database server, Azure Function, and Azure Service Bus Queue.
The only part missing was an update to my DNS service to point my domain to the newly created AKS cluster.
This post is part of “Microservice Series - From Zero to Hero”.
Prepare Azure DevOps to update DNS Settings
You can find the code of the demo on GitHub.
If you are using an Azure DNS Zone, you usually don’t have to prepare anything in your Azure DevOps environment. I am using a lock on my DNS Zone though. A lock can be used to prevent changes or deletion. Since the DNS Zone manages my DNS entries for my website, mail server, and demos, it is important to not change and especially delete them.
The problem with the lock is that the Azure DevOps service principal that runs the Azure DevOps pipeline, has the Contributor role. This role is not allowed to create or delete locks. Therefore, I have created a new custom role and added this role to the service principal. You can read about it in my last post, Create Custom Roles for Azure DevOps in Azure.
Update DNS Records in the Azure DevOps Pipeline
As always, I start by defining some variables at the top of the pipeline.
These variables contain the information about my DNS Zone and also a list of records that I want to update.
The first step of my pipeline is to remove the lock on the DNS Zone. You can skip this step if you do not have a lock. The code gets the id of the name with the provided name and then uses this id to delete the lock.
Next, you have to query the name of the public IP address of your AKS cluster. This name then can be used to get the IP address of the Nginx ingress controller running inside the Kubernetes cluster. The resource group of the aks cluster is automatically generated by Azure using the MC_prefix and then adding your resource group name in which your AKS cluster resides, the AKS cluster name, and the location of the cluster. Write-Host can be used to make the variable accessible outside of the task.
Unfortunately, at this time it is not possible to update DNS records in Azure using Azure CLI. Therefore, you have to delete the existing records first and then add new ones. To delete all outdated DNS records, iterate over the previously created list of DNS records. Additionally, you have to get the IP address of each DNS record to be able to delete it. If the IP address is empty or null, nothing will happen.
After all outdated DNS records are deleted, iterate over your DNS records list again and add them to the DNS Zone. The used IP address is the one published using Write-Host in a previous task.
Optionally, create a new CanNotDelete lock for the Azure DNS Zone to protect it from deletion.
Testing the IaC Pipeline
Start the pipeline and it should run successfully.
After the pipeline is finished, check if your DNS records were updated. First, go to your AKS cluster in the Azure portal and select the Service and Ingress pane. There you can see the external URL of the Nginx controller.
Go to your Azure DNS Zone and you should see that the URLs of your records are the same as the Nginx controller external IP.
Conclusion
Updating DNS records in an Azure DevOps pipeline is a simple and fast way to react to changes in your infrastructure. Unfortunately, it is not possible to update existing records but this post showed how to delete and re-create your DNS records.
You can find the code of the demo on GitHub.
This post is part of “Microservice Series - From Zero to Hero”.
Comments powered by Disqus.