{"id":8600,"date":"2020-05-05T13:55:54","date_gmt":"2020-05-05T20:55:54","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=8600"},"modified":"2025-06-13T23:06:15","modified_gmt":"2025-06-14T06:06:15","slug":"public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/","title":{"rendered":"Public Network, External DNS &amp; Couchbase Autonomous Operator"},"content":{"rendered":"<h3>Why expose the Couchbase database on the public network?<\/h3>\r\n<div class=\"paragraph\">\r\n<p>Below are some examples:<\/p>\r\n<\/div>\r\n<div class=\"ulist\">\r\n<ul>\r\n<li>\r\n<p>Cross-Data Center Replication (XDCR) for High Availability and Disaster Recovery<\/p>\r\n<\/li>\r\n<li>\r\n<p>Client SDK access to Couchbase cluster<\/p>\r\n<\/li>\r\n<li>\r\n<p>Database-as-a-Service (DBaaS) platforms<\/p>\r\n<\/li>\r\n<\/ul>\r\n<p>*Note &#8211; All of these use cases share a common goal; they allow clients to access the database instance without having to establish a VPN to a Kubernetes instance. They also require TLS protected secure\u2009 communication that is sometimes difficult to achieve with typical Kubernetes architecture.<\/p>\r\n<h3>How we solved public networking using Kubernetes External DNS?<\/h3>\r\n<\/div>\r\n<div class=\"paragraph\">\r\n<p>When deploying apps on Kubernetes, you usually use Kubernetes resources like Service and Ingress to expose apps outside the Kubernetes cluster at your desired domain. This involves a lot of manual configuration of Kubernetes resources and also the DNS records at your provider, which can be a time consuming and erring process. This can soon become a snag as your application grows in complexity, and also when the external IP changes, it is necessary to update the DNS records accordingly.<\/p>\r\n<p>To address this, the <a href=\"https:\/\/github.com\/kubernetes\/community\/tree\/master\/sig-network\">Kubernetes sig-network team<\/a> created the <a href=\"https:\/\/github.com\/kubernetes-incubator\/external-dns\">External DNS<\/a> solution to manage external DNS records in an autonomous way from within a Kubernetes cluster. Once you deploy the External DNS, it works in the background and requires almost no additional configuration. It creates DNS records at DNS providers external to Kubernetes such that Kubernetes resources are discoverable via the external DNS providers, and allows you to control DNS records dynamically in a DNS provider agnostic way. Whenever it discovers a Service or Ingress being created or updated, the External DNS controller will update the records instantly.<\/p>\r\n<\/div>\r\n<div class=\"paragraph\">\r\n<p>While deploying the Couchbase database using the public networking with External DNS strategy for its network architecture, Couchbase cluster nodes are exposed using load-balancer services that have public IP addresses allocated to them. The External DNS controller will then be responsible for managing dynamic DNS (DDNS) in a cloud-based provider to provide stable addressing and a basis for TLS.<\/p>\r\n<\/div>\r\n\r\n<h3>Now, Let&#8217;s see it in action!<\/h3>\r\n<p>We will now go through the steps to deploy the Couchbase cluster using Autonomous Operator 2.0 in EKS and access the Couchbase cluster through public networking that is managed through External DNS. Below is a quick overview of the architecture of our deployment.<\/p>\r\n<div id=\"attachment_8627\" style=\"width: 3850px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-8627\" class=\"wp-image-8627 size-full\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/04\/External-DNS-Latest-V3.png\" alt=\"Public Networking with Couchbase Autonomous Operator using Kubernetes External DNS\" width=\"3840\" height=\"2160\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3.png 3840w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3-300x169.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3-1024x576.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3-768x432.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3-1536x864.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3-2048x1152.png 2048w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3-20x11.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3-1320x743.png 1320w\" sizes=\"auto, (max-width: 3840px) 100vw, 3840px\" \/><p id=\"caption-attachment-8627\" class=\"wp-caption-text\">Public Networking with Couchbase Autonomous Operator using Kubernetes External DNS<\/p><\/div>\r\n<h3>Prerequisites<\/h3>\r\n<p>Before we begin, there are few important prerequisites below.<\/p>\r\n<ol class=\"wp-block-list\">\r\n<li>Install and setup <a href=\"https:\/\/kubernetes.io\/docs\/tasks\/tools\/install-kubectl\/\">kubectl<\/a> on your local machine &#8211; kubectl is a command-line interface for running commands against Kubernetes clusters.\u00a0<\/li>\r\n<li>Install the latest <a href=\"https:\/\/docs.aws.amazon.com\/cli\/latest\/userguide\/cli-chap-install.html\">AWS CLI<\/a> &#8211; The AWS CLI is a unified tool that enables you to interact with AWS services using commands in your command-line shell. In this case, we will be using AWS CLI to communicate securely with the Kubernetes cluster running on AWS.<\/li>\r\n<li>Deploy the EKS cluster. The <a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/getting-started.html\">EKS cluster<\/a> can be deployed using the <a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/getting-started-console.html\">AWS console<\/a> or <a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/getting-started-eksctl.html\">eksctl<\/a>. In this article, we will be deploying the EKS cluster in the <em>us-east-1<\/em> region with 3 worker nodes\u00a0in three availability zones as mentioned below.<\/li>\r\n<\/ol>\r\n<pre class=\"theme:monokai toolbar:1 lang:sh decode:true\" title=\"Create EKS cluster\">$ eksctl create cluster \\\r\n--name cb-op2-edns \\\r\n--region us-east-1 \\\r\n--zones us-east-1a,us-east-1b,us-east-1c \\\r\n--nodegroup-name eks-workers \\\r\n--node-type m4.xlarge \\\r\n--nodes 3 \\\r\n--nodes-min 3 \\\r\n--nodes-max 6 \\\r\n--node-ami auto<\/pre>\r\n<p>4. You will need a public DNS domain. The domain can be purchased from a registrar such as <a href=\"https:\/\/godaddy.com\/\">GoDaddy<\/a>, <a href=\"https:\/\/console.aws.amazon.com\/route53\/home\">AWS Route 53<\/a>, <a href=\"https:\/\/www.namecheap.com\/\">Namecheap<\/a>, etc. For this article, I\u2019m using my own registered (GoDaddy) domain <em>balajiacloud.guru<\/em> and I\u00a0would suggest getting yours before continuing further.<\/p>\r\n<p>5. Finally, you will need an External DNS provider. During the life cycle of a Couchbase cluster, nodes may be added and removed for cluster scaling, upgrades, or fault recovery. In each instance, new DNS names need to be created for any new Couchbase pods that are created, or DNS names removed from pods that are deleted. The DDNS provider exposes a REST API that allows the External DNS controller in Kubernetes to synchronize what the Couchbase cluster looks like with public DNS.\u00a0<\/p>\r\n<p>Here is the list of all documented and known <a href=\"https:\/\/github.com\/kubernetes-sigs\/external-dns\">External DNS<\/a> solutions for the Kubernetes platform. In this article, we will be using <a href=\"https:\/\/www.cloudflare.com\/dns\/\">Cloudflare<\/a> as our External DNS provider. If you plan to use Cloudflare as your External DNS provider, then you will need to create a Cloudflare account and add the DNS domain to the account.<\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8628 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/04\/cf-account-1024x206.png\" alt=\"Couchbase Autonomous Operator using Kubernetes External DNS\" width=\"900\" height=\"181\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-account-1024x206.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-account-300x60.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-account-768x155.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-account-1536x309.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-account-2048x412.png 2048w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-account-20x4.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-account-1320x266.png 1320w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\r\n<h3>Creating TLS Certificates<\/h3>\r\n<p>The Operator ensures you configure your Couchbase clusters securely. If the Operator detects a cluster is being exposed on the public internet, it will enforce TLS encryption.\u00a0<\/p>\r\n<p>Before we generate TLS certificates we need to determine what DNS domain the Couchbase cluster will be in. We can use our <em>balajiacloud.guru<\/em> directly, but then it can only ever be used by a single Couchbase cluster. Therefore we shall use a subdomain called <em>cbdemo.balajiacloud.guru<\/em> as a unique namespace for our cluster. In general, a wildcard DNS name (*.cbdemo.balajiacloud.guru) will handle all public DNS names generated by the Operator. This needs to be added to the Couchbase cluster certificate.<\/p>\r\n<p>We will use the <em>EasyRSA<\/em> to create the TLS Certificates. EasyRSA by OpenVPN makes operating a public key infrastructure (PKI) relatively simple and is the recommended method to get up and running quickly.<\/p>\r\n<p>1. Let&#8217;s create a directory called <em>tls<\/em>\u00a0and clone the EasyRSA repository.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Clone EasyRSA repository\">$ git clone https:\/\/github.com\/OpenVPN\/easy-rsa\r\nCloning into 'easy-rsa'...\r\nremote: Enumerating objects: 26, done.\r\nremote: Counting objects: 100% (26\/26), done.\r\nremote: Compressing objects: 100% (20\/20), done.\r\nremote: Total 1979 (delta 9), reused 19 (delta 6), pack-reused 1953\r\nReceiving objects: 100% (1979\/1979), 5.75 MiB | 1.92 MiB\/s, done.\r\nResolving deltas: 100% (859\/859), done.<\/pre>\r\n<p>2. Initialize and create the CA certificate\/key. You will be prompted for a private key password and the CA common name (CN), something like <em>Couchbase CA<\/em> is sufficient. The CA certificate will be available as pki\/ca.crt.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ cd easy-rsa\/easyrsa3<\/pre>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ .\/easyrsa init-pki\r\n\r\ninit-pki complete; you may now create a CA or requests.\r\nYour newly created PKI dir is: \/Users\/balajinarayanan\/k8s\/couchbase\/operator\/tls\/easy-rsa\/easyrsa3\/pki\r\n\r\n<\/pre>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Create CA Certificate\">$ .\/easyrsa build-ca\r\nUsing SSL: openssl LibreSSL 2.8.3\r\n\r\nEnter New CA Key Passphrase:\r\nRe-Enter New CA Key Passphrase:\r\nGenerating RSA private key, 2048 bit long modulus\r\n..........................................+++\r\n................................................................+++\r\ne is 65537 (0x10001)\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter '.', the field will be left blank.\r\n-----\r\nCommon Name (eg: your user, host, or server name) [Easy-RSA CA]:Couchbase CA\r\n\r\nCA creation complete and you may now import and sign cert requests.\r\nYour new CA certificate file for publishing is at:\r\n\/Users\/balajinarayanan\/k8s\/couchbase\/operator\/tls\/easy-rsa\/easyrsa3\/pki\/ca.crt<\/pre>\r\n<p>3. Create the Couchbase Cluster Server Certificate.<\/p>\r\n<p>You need to create a server wildcard certificate and a key to be used on Couchbase Server pods. In this article, we will use the below command to generate a certificate for the Couchbase cluster <em>cbopedns<\/em> in the <em>demo<\/em> namespace and using the <em>cbdemo.balajiacloud.guru<\/em> subdomain.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 wrap:true lang:default decode:true\" title=\"Create Couchbase Cluster Server Certificate\">$ .\/easyrsa --subject-alt-name=\"DNS:*.cbopedns,DNS:*.cbopedns.demo,DNS:*.cbopedns.demo.svc,DNS:*.demo.svc,DNS:cbopedns-srv,DNS:cbopedns-srv.demo,DNS:cbopedns-srv.demo.svc,DNS:localhost,DNS:*.cbopedns.cbdemo.balajiacloud.guru,DNS:*.cbdemo.balajiacloud.guru\" build-server-full couchbase-server nopass\r\nUsing SSL: openssl LibreSSL 2.8.3\r\nGenerating a 2048 bit RSA private key\r\n..............................+++\r\n.......................................................+++\r\nwriting new private key to '\/Users\/balajinarayanan\/k8s\/couchbase\/operator\/tls\/easy-rsa\/easyrsa3\/pki\/easy-rsa-10086.2Q0Q2S\/tmp.emWXHL'\r\n-----\r\nUsing configuration from \/Users\/balajinarayanan\/k8s\/couchbase\/operator\/tls\/easy-rsa\/easyrsa3\/pki\/easy-rsa-10086.2Q0Q2S\/tmp.Phz9Az\r\nEnter pass phrase for \/Users\/balajinarayanan\/k8s\/couchbase\/operator\/tls\/easy-rsa\/easyrsa3\/pki\/private\/ca.key:\r\nCheck that the request matches the signature\r\nSignature ok\r\nThe Subject's Distinguished Name is as follows\r\ncommonName            :ASN.1 12:'couchbase-server'\r\nCertificate is to be certified until Aug  5 17:44:19 2022 GMT (825 days)\r\n\r\nWrite out database with 1 new entries\r\nData Base Updated<\/pre>\r\n<p>Note: Password-protected keys are not supported by Couchbase Server or the Operator.<\/p>\r\n<p>The key\/certificate pair can be found in <em>pki\/private\/couchbase-server.key<\/em> and\u00a0<em>pki\/issued\/couchbase-server.crt<\/em> and used as <em>pkey.key<\/em> and <em>chain.pem<\/em>, respectively, in the <a href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/reference-couchbasecluster.html#spec-networking-tls-static-serversecret\">spec.networking.tls.static.serverSecret<\/a>\u00a0cluster parameter.<\/p>\r\n<p>4. Private Key Formatting &#8211; Due to a <a href=\"https:\/\/issues.couchbase.com\/browse\/MB-24404\">limitation<\/a> with Couchbase Server\u2019s private key handling, server keys need to be PKCS#1 formatted.<\/p>\r\n<p>First, let&#8217;s copy the .key and .pem file to the <em>tls<\/em> directory for easy access.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ cp easy-rsa\/easyrsa3\/pki\/private\/couchbase-server.key pkey.key\r\n\r\n$ cp easy-rsa\/easyrsa3\/pki\/issued\/couchbase-server.crt chain.pem\r\n\r\n$ cp easy-rsa\/easyrsa3\/pki\/ca.crt ca.crt<\/pre>\r\n<p>Now, Lets format the server keys.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ openssl rsa -in pkey.key -out pkey.key.der -outform DER\r\nwriting RSA key<\/pre>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ openssl rsa -in pkey.key.der -inform DER -out pkey.key -outform PEM\r\nwriting RSA key<\/pre>\r\n<p>We will use these keys to create the Couchbase cluster server secret.<\/p>\r\n<h3>Deploy Couchbase Autonomous Operator 2.0 (Latest)<\/h3>\r\n<p>The Couchbase Autonomous Operator for Kubernetes enables cloud portability and automates operational best practices for deploying and managing Couchbase.<\/p>\r\n<p>The operator is composed of two components: a per-cluster dynamic admission controller (DAC) and a per-namespace Operator. Refer to the\u00a0<a href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/concept-operator.html\" rel=\"nofollow\">operator architecture<\/a>\u00a0for additional information on what is required and security considerations.<\/p>\r\n<h4>1. Download the Operator package<\/h4>\r\n<p>You can download the latest <a href=\"https:\/\/www.couchbase.com\/downloads?family=couchbase-autonomous-operator-with-kubernetes\" rel=\"nofollow\">Couchbase Autonomous Operator<\/a> package and unzip it to the local machine. The Operator package contains YAML configuration files and command-line tools that you will use to install the Operator.<\/p>\r\n<h4>2. Install the Custom Resource Definition (CRD)<\/h4>\r\n<p>The first step in installing the Operator is to install the custom resource definitions (CRD) that describe the Couchbase resource types. This can be achieved by running the below command from the Operator package directory:<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Install Couchbase Custom Resource Definitions\">$ kubectl create -f crd.yaml\r\n\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbasebuckets.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbaseephemeralbuckets.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbasememcachedbuckets.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbasereplications.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbaseusers.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbasegroups.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbaserolebindings.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbaseclusters.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbasebackups.couchbase.com created\r\ncustomresourcedefinition.apiextensions.k8s.io\/couchbasebackuprestores.couchbase.com created<\/pre>\r\n<h4>3. Install the Dynamic Admission Controller (DAC)<\/h4>\r\n<p>The DAC allows custom resources to be modified and interrogated before a resource is accepted and committed to <em>etcd<\/em>. Running the DAC allows us to add sensible defaults to Couchbase cluster configurations thus minimizing the size of specifications. It also allows us to maintain backward compatibility when new attributes are added and must be populated. This makes the experience of using Couchbase resources similar to that of native resource types.<\/p>\r\n<p>Now, let&#8217;s install the Dynamic Admission Controller.<\/p>\r\n<p>Open a Terminal window and go to the directory where you unpacked the Operator package and <em>cd<\/em> to the bin folder. Run the following command to install the DAC into the <em>default<\/em> namespace.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Install the Admission Controller\">$ .\/cbopcfg --no-operator --namespace default | kubectl create -n default -f -\r\n\r\nserviceaccount\/couchbase-operator-admission created\r\nclusterrole.rbac.authorization.k8s.io\/couchbase-operator-admission created\r\nclusterrolebinding.rbac.authorization.k8s.io\/couchbase-operator-admission created\r\nsecret\/couchbase-operator-admission created\r\ndeployment.apps\/couchbase-operator-admission created\r\nservice\/couchbase-operator-admission created\r\nmutatingwebhookconfiguration.admissionregistration.k8s.io\/couchbase-operator-admission created\r\nvalidatingwebhookconfiguration.admissionregistration.k8s.io\/couchbase-operator-admission created<\/pre>\r\n<p>Confirm the admission controller has deployed successfully.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ kubectl get deployments\r\n\r\nNAME                           READY   UP-TO-DATE   AVAILABLE   AGE\r\ncouchbase-operator-admission   1\/1     1            1           70s<\/pre>\r\n<h4>4. Create a Namespace<\/h4>\r\n<p>Namespaces are a way to allocate cluster resources, plus set network and security policy between multiple applications. We will create a unique namespace called <em>demo<\/em> to deploy the Operator and later will use the demo namespace to deploy the Couchbase cluster.<\/p>\r\n<p>Run the following command to create the namespace.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Create Namespace\">$ kubectl create namespace demo\r\n\r\nnamespace\/demo created<\/pre>\r\n<p>Confirm the Namespace is created successfully.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ kubectl get namespaces\r\n\r\nNAME              STATUS   AGE\r\ndefault           Active   37m\r\ndemo              Active   39s\r\nkube-node-lease   Active   37m\r\nkube-public       Active   37m\r\nkube-system       Active   37m<\/pre>\r\n<h4>5. Configure TLS<\/h4>\r\n<p>Secrets are specified in the CouchbaseCluster resource, and you will notice that in the cluster definition YAML while we deploy the Couchbase cluster.<\/p>\r\n<h5 id=\"server-secret\"><strong>Server Secret<\/strong><\/h5>\r\n<p>Server secrets need to be mounted as a volume within the Couchbase Server pod with specific names. The certificate chain must be named <em>chain.pem<\/em> and the private key as <em>pkey.key<\/em>. Run the below command to create the Couchbase server secret.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Create Couchbase Server Secret\">$ kubectl create secret generic couchbase-server-tls -n demo --from-file tls\/chain.pem --from-file tls\/pkey.key\r\n\r\nsecret\/couchbase-server-tls created<\/pre>\r\n<h5 id=\"operator-secret\"><strong>Operator Secret<\/strong><\/h5>\r\n<p>The Operator client secrets are read directly from the API. It expects only a single value to be present; <em>ca.crt<\/em> is the top-level CA which is used to authenticate all TLS server certificate chains. Run the below command to create the Operator secret.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Create Couchbase Operator Secret\">$ kubectl create secret generic couchbase-operator-tls -n demo --from-file tls\/ca.crt\r\n\r\nsecret\/couchbase-operator-tls created<\/pre>\r\n<h4>6. Install the Couchbase Operator<\/h4>\r\n<p>Now let&#8217;s deploy the Operator in the <em>demo<\/em> namespace by running the following command, from the bin folder in the Operator package directory.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Install the Couchbase Operator\">$ .\/cbopcfg --no-admission --namespace demo | kubectl create -n demo -f -\r\n\r\nserviceaccount\/couchbase-operator created\r\nrole.rbac.authorization.k8s.io\/couchbase-operator created\r\nrolebinding.rbac.authorization.k8s.io\/couchbase-operator created\r\ndeployment.apps\/couchbase-operator created\r\nservice\/couchbase-operator created<\/pre>\r\n<p>Running the above command downloads the Operator Docker image and creates a\u00a0<a href=\"https:\/\/kubernetes.io\/docs\/concepts\/workloads\/controllers\/deployment\/\" rel=\"nofollow\">deployment<\/a>, which manages a single instance of the Operator. The Operator pod is run-as deployment so that Kubernetes can reinitialize upon failure.<\/p>\r\n<p>After you run the <em>kubectl create<\/em> command, it generally takes less than a minute for Kubernetes to deploy the Operator and for the Operator to be ready to run.<\/p>\r\n<h5><strong>Check the status of the Operator Deployment<\/strong><\/h5>\r\n<p>You can use the following command to check on the status of the deployment:<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ kubectl get deployments -n demo\r\n\r\nNAME                 READY   UP-TO-DATE   AVAILABLE   AGE\r\ncouchbase-operator   1\/1     1            1           97s<\/pre>\r\n<p>If you run this command immediately after the Operator is deployed, the output will have the <em>AVAILABLE<\/em> column as 0. However, the AVAILABLE field indicates that the pod is not ready yet since its value is 0 and not 1.<\/p>\r\n<p>Run the following command to verify that the Operator pod has started successfully. If the Operator is up and running, the command returns an output where the <em>READY<\/em>\u00a0field shows\u00a0<strong>1\/1<\/strong>, such as:<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ kubectl get pods -l app=couchbase-operator -n demo\r\n\r\nNAME                                  READY   STATUS    RESTARTS   AGE\r\ncouchbase-operator-7f799565f8-c29ts   1\/1     Running   0          2m47s<\/pre>\r\n<p>You can also check the logs to confirm that the Operator is up and running, by running the below command.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Couchbase Operator logs\">$ kubectl logs -f couchbase-operator-7f799565f8-c29ts -n demo\r\n\r\n{\"level\":\"info\",\"ts\":1588493860.1096337,\"logger\":\"main\",\"msg\":\"couchbase-operator\",\"version\":\"2.0.0 (build 317)\",\"revision\":\"release\"}\r\n{\"level\":\"info\",\"ts\":1588493860.1100397,\"logger\":\"leader\",\"msg\":\"Trying to become the leader.\"}\r\n{\"level\":\"info\",\"ts\":1588493860.1653795,\"logger\":\"leader\",\"msg\":\"No pre-existing lock was found.\"}\r\n{\"level\":\"info\",\"ts\":1588493860.1700613,\"logger\":\"leader\",\"msg\":\"Became the leader.\"}\r\n{\"level\":\"info\",\"ts\":1588493860.2087,\"logger\":\"kubebuilder.controller\",\"msg\":\"Starting EventSource\",\"controller\":\"couchbase-controller\",\"source\":\"kind source: \/, Kind=\"}\r\n{\"level\":\"info\",\"ts\":1588493860.3104734,\"logger\":\"kubebuilder.controller\",\"msg\":\"Starting Controller\",\"controller\":\"couchbase-controller\"}\r\n{\"level\":\"info\",\"ts\":1588493860.4107096,\"logger\":\"kubebuilder.controller\",\"msg\":\"Starting workers\",\"controller\":\"couchbase-controller\",\"worker count\":4}<\/pre>\r\n<h3>Deploy the External DNS<\/h3>\r\n<p>Assuming you have already completed the above steps to deploy the Operator in a namespace; the <em>demo<\/em> namespace, the next thing you need to install is the External DNS controller. This must be installed before the Couchbase cluster as the Operator will wait for DNS propagation before creating in Couchbase Server pods. This is because clients must be able to reach the Couchbase Server pods in order to serve traffic and prevent application errors.<\/p>\r\n<p>1. Create a service account for the External DNS controller in the namespace where you are installing the Operator.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Service Account for the External DNS\">$ kubectl --namespace demo create serviceaccount external-dns\r\n\r\nserviceaccount\/external-dns created<\/pre>\r\n<p>2. The External DNS controller requires a role in order for it to be able to poll for resources and look for DNS records to replicate into the DDNS provider.\u00a0<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Cluster Role for the External DNS\">$ kubectl --namespace demo create -f - &lt;&lt;EOF\r\napiVersion: rbac.authorization.k8s.io\/v1beta1\r\nkind: ClusterRole\r\nmetadata:\r\n  name: external-dns\r\nrules:\r\n- apiGroups: [\"\"]\r\n  resources: [\"services\",\"endpoints\",\"pods\"]\r\n  verbs: [\"get\",\"watch\",\"list\"]\r\n- apiGroups: [\"extensions\"]\r\n  resources: [\"ingresses\"]\r\n  verbs: [\"get\",\"watch\",\"list\"]\r\n- apiGroups: [\"\"]\r\n  resources: [\"nodes\"]\r\n  verbs: [\"get\",\"watch\",\"list\"]\r\nEOF\r\n\r\nclusterrole.rbac.authorization.k8s.io\/external-dns created<\/pre>\r\n<p>3. Now, link the external DNS role to the service account.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Cluster Role Binding for the External DNS\">$ kubectl --namespace demo create -f - &lt;&lt;EOF\r\napiVersion: rbac.authorization.k8s.io\/v1beta1\r\nkind: ClusterRoleBinding\r\nmetadata:\r\n  name: external-dns\r\nroleRef:\r\n  apiGroup: rbac.authorization.k8s.io\r\n  kind: ClusterRole\r\n  name: external-dns\r\nsubjects:\r\n- kind: ServiceAccount\r\n  name: external-dns\r\n  namespace: demo\r\nEOF\r\n\r\nclusterrolebinding.rbac.authorization.k8s.io\/external-dns created<\/pre>\r\n<p>4. The last step is to deploy the External DNS. Don&#8217;t forget to update the below values specific to your deployment.<\/p>\r\n<ul>\r\n<li style=\"list-style-type: none\">\r\n<ul>\r\n<li><span style=\"font-family: 'Helvetica Neue'\">The <strong>spec.template.spec.serviceAccountName <\/strong><\/span><span style=\"font-family: 'Helvetica Neue'\">attribute ensures External DNS pods are running as the service account we set up. This grants the controller permission to poll resources and look for DDNS requests.<\/span><\/li>\r\n<li><span style=\"font-family: 'Helvetica Neue'\">The <strong>&#8211; -domain-filter <\/strong><\/span><span style=\"font-family: 'Helvetica Neue'\">argument tells External DNS to only consider DDNS entries that are associated with DNS entries related to our <em>balajiacloud.guru <\/em><\/span><span style=\"font-family: 'Helvetica Neue'\">domain.<\/span><\/li>\r\n<li><span style=\"font-family: 'Helvetica Neue'\">The <strong>&#8211; -txt-owner-id <\/strong><\/span><span style=\"font-family: 'Helvetica Neue'\">argument tells External DNS to label TXT management records with a string unique to the External DNS instance. External DNS uses TXT records to record metadata\u2009, especially ownership information\u2009 associated with the DNS records it is managing. If the balajiacloud.guru <\/span><span style=\"font-family: 'Helvetica Neue'\">domain is used by multiple instances of External DNS without specifying any ownership, then they would conflict with one another.<\/span><\/li>\r\n<li><span style=\"font-family: 'Helvetica Neue'\">The <strong>CF_API_KEY <\/strong><\/span><span style=\"font-family: 'Helvetica Neue'\">environment variable is used by the Cloudflare provider to authenticate against the Cloudflare API.<\/span><\/li>\r\n<li><span style=\"font-family: 'Helvetica Neue'\">The <strong>CF_API_EMAIL <\/strong><\/span><span style=\"font-family: 'Helvetica Neue'\">environment variable is used by the Cloudflare provider to identify what account to use against the Cloudflare API.<\/span><\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n<p>You can get the CF_API_KEY from the Cloudfare account&#8217;s overview page. Click on &#8220;Get your API token&#8221; link as shown below and view the <em>Global API Key<\/em>.<\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8616 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/04\/cf-overview-1024x522.png\" alt=\"External DNS provider\" width=\"900\" height=\"459\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview-1024x522.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview-300x153.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview-768x391.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview-1536x783.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview-2048x1044.png 2048w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview-20x10.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview-1320x673.png 1320w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-8617\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/04\/cf-overview1-1024x158.png\" alt=\"\" width=\"900\" height=\"139\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview1-1024x158.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview1-300x46.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview1-768x118.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview1-1536x236.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview1-2048x315.png 2048w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview1-20x3.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-overview1-1320x203.png 1320w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\r\n<h5 id=\"operator-secret\"><strong>Deploy the External DNS<\/strong><\/h5>\r\n<p>Finally, install the External DNS deployment by running the below command.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Deploy the External DNS\">$ kubectl --namespace demo create -f - &lt;&lt;EOF\r\napiVersion: apps\/v1\r\nkind: Deployment\r\nmetadata:\r\n  name: external-dns\r\nspec:\r\n  selector:\r\n    matchLabels:\r\n      app: external-dns\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: external-dns\r\n    spec:\r\n      serviceAccountName: external-dns\r\n      containers:\r\n      - name: external-dns\r\n        image: registry.opensource.zalan.do\/teapot\/external-dns:latest\r\n        args:\r\n        - --source=service\r\n        - --domain-filter=balajiacloud.guru\r\n        - --provider=cloudflare\r\n        - --txt-owner-id=cbop-edns-demo\r\n        env:\r\n          - name: CF_API_KEY\r\n            value: YOUR_CF_API_KEY\r\n          - name: CF_API_EMAIL\r\n            value: YOUR_CF_API_EMAIL\r\nEOF\r\n\r\ndeployment.apps\/external-dns created<\/pre>\r\n<h5><strong>Check the status of the External DNS Deployment<\/strong><\/h5>\r\n<p>You can use the following command to check on the status of the deployment:<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ kubectl get deployments -n demo\r\n\r\nNAME                 READY   UP-TO-DATE   AVAILABLE   AGE\r\ncouchbase-operator   1\/1     1            1           10m\r\nexternal-dns         1\/1     1            1           21s<\/pre>\r\n<p>Run the following command to verify that the external-dns has started successfully. If the external-dns is up and running, the command returns an output where the <em>RUNNING<\/em>\u00a0field shows\u00a0<strong>1\/1<\/strong>, such as:<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">$ kubectl get pods -n demo\r\n\r\nNAME                                  READY   STATUS    RESTARTS   AGE\r\ncouchbase-operator-7f799565f8-c29ts   1\/1     Running   0          11m\r\nexternal-dns-6f74575d54-fp2wh         1\/1     Running   0          59s<\/pre>\r\n<p>You can also check the logs to confirm that the external-dns is up and running.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"External DNS logs\">$ kubectl logs -f external-dns-6f74575d54-fp2wh -n demo\r\n\r\ntime=\"2020-05-03T08:27:44Z\" level=info msg=\"config: {Master: KubeConfig: RequestTimeout:30s IstioIngressGatewayServices:[] ContourLoadBalancerService:heptio-contour\/contour SkipperRouteGroupVersion:zalando.org\/v1 Sources:[service] Namespace: AnnotationFilter: FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false Compatibility: PublishInternal:false PublishHostIP:false AlwaysPublishNotReadyAddresses:false ConnectorSourceServer:localhost:8080 Provider:cloudflare GoogleProject: GoogleBatchChangeSize:1000 GoogleBatchChangeInterval:1s DomainFilter:[balajiacloud.guru] ExcludeDomains:[] ZoneIDFilter:[] AlibabaCloudConfigFile:\/etc\/kubernetes\/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType: AWSZoneTagFilter:[] AWSAssumeRole: AWSBatchChangeSize:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AWSPreferCNAME:false AzureConfigFile:\/etc\/kubernetes\/azure.json AzureResourceGroup: AzureSubscriptionID: AzureUserAssignedIdentityClientID: CloudflareProxied:false CloudflareZonesPerPage:50 CoreDNSPrefix:\/skydns\/ RcodezeroTXTEncrypt:false AkamaiServiceConsumerDomain: AkamaiClientToken: AkamaiClientSecret: AkamaiAccessToken: InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true InfobloxView: InfobloxMaxResults:0 DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:\/etc\/kubernetes\/oci.yaml InMemoryZones:[] OVHEndpoint:ovh-eu PDNSServer:https:\/\/localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:sync Registry:txt TXTOwnerID:cbop-edns-demo TXTPrefix: Interval:1m0s Once:false DryRun:false UpdateEvents:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s ExoscaleEndpoint:https:\/\/api.exoscale.ch\/dns ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceAPIVersion:externaldns.k8s.io\/v1alpha1 CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: RFC2136Host: RFC2136Port:0 RFC2136Zone: RFC2136Insecure:false RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false RFC2136MinTTL:0s NS1Endpoint: NS1IgnoreSSL:false TransIPAccountName: TransIPPrivateKeyFile:}\"\r\ntime=\"2020-05-03T08:27:44Z\" level=info msg=\"Instantiating new Kubernetes client\"\r\ntime=\"2020-05-03T08:27:44Z\" level=info msg=\"Using inCluster-config based on serviceaccount-token\"\r\ntime=\"2020-05-03T08:27:44Z\" level=info msg=\"Created Kubernetes client https:\/\/10.100.0.1:443\"<\/pre>\r\n<p>We have now successfully deployed the External DNS.<\/p>\r\n<h3>Deploy the Couchbase Cluster<\/h3>\r\n<p>Now that we have deployed the Couchbase Autonomous Operator and the External DNS in EKS, now let&#8217;s deploy the Couchbase Cluster.<\/p>\r\n<p>We will deploy the Couchbase cluster with 3 data nodes in 3 availability zones with the minimum required configuration parameters. Please refer to the <a href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/howto-public-networking.html\">Configure Public Networking<\/a> for the required configuration options.\u00a0<\/p>\r\n<h4>Create the Secret for Couchbase Admin Console<\/h4>\r\n<p>Let&#8217;s create a secret credential that will be used by the administrative web console during login. When you create the below secret in your Kubernetes cluster, the secret sets the username to <em>Administrator<\/em> and the password to <em>password<\/em>.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Create Secret for Couchbase Web Console \">$ kubectl --namespace demo create -f - &lt;&lt;EOF\r\napiVersion: v1\r\nkind: Secret\r\nmetadata:\r\n  name: cb-example-auth\r\ntype: Opaque\r\ndata:\r\n  username: QWRtaW5pc3RyYXRvcg== # Administrator\r\n  password: cGFzc3dvcmQ=         # password\r\nEOF\r\n\r\nsecret\/cbopedns-auth created<\/pre>\r\n<h4>Deploy the Couchbase cluster definition<\/h4>\r\n<p>We will use the default <em>StorageClass<\/em> that we get with EKS, let&#8217;s check by running the following command. You can create a storage class that meets your requirements.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Check the Storage Class\">$ kubectl get sc\r\n\r\nNAME            PROVISIONER             AGE\r\ngp2 (default)   kubernetes.io\/aws-ebs   67m<\/pre>\r\n<div class=\"paragraph\">\r\n<p>To deploy a Couchbase Server cluster using the Operator, all you have to do is create a Couchbase cluster definition that describes what you want the cluster to look like (e.g. the number of nodes, types of services, system resources, etc), and then push that cluster definition into Kubernetes.\u00a0<\/p>\r\n<\/div>\r\n<div class=\"paragraph\">\r\n<p>The Operator package contains an example CouchbaseCluster definition file (couchbase-cluster.yaml).<\/p>\r\n<\/div>\r\n<p>The below cluster definition will deploy the Couchbase cluster with 3 Data pods across 3 different zones using persistent volumes. Please check the <a href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/reference-couchbasecluster.html\">Couchbase Cluster Resource<\/a> documentation for the complete list of the cluster configuration.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true \" title=\"Couchbase Cluster definition\">$ kubectl --namespace demo create -f - &lt;&lt;EOF\r\napiVersion: couchbase.com\/v2\r\nkind: CouchbaseBucket\r\nmetadata:\r\n  name: default\r\n---\r\napiVersion: couchbase.com\/v2\r\nkind: CouchbaseCluster\r\nmetadata:\r\n  name: cbopedns\r\nspec:\r\n  image: couchbase\/server:6.5.0\r\n  networking:\r\n    tls:\r\n      static:\r\n        serverSecret: couchbase-server-tls\r\n        operatorSecret: couchbase-operator-tls\r\n    exposeAdminConsole: true\r\n    adminConsoleServiceType: LoadBalancer\r\n    exposedFeatures:\r\n      - xdcr\r\n      - client\r\n    exposedFeatureServiceType: LoadBalancer\r\n    dns:\r\n      domain: cbdemo.balajiacloud.guru\r\n  disableBucketManagement: false\r\n  cluster:\r\n    clusterName: cbopedns\r\n    dataServiceMemoryQuota: 2048Mi\r\n  security:\r\n    adminSecret: cbopedns-auth\r\n  servers:\r\n    - name: data-east-1a\r\n      size: 1\r\n      services:\r\n        - data\r\n      serverGroups:\r\n        - us-east-1a\r\n      pod:\r\n        volumeMounts:\r\n          default: pvc-default    # \/opt\/couchbase\/var\/lib\/couchbase\r\n          data: pvc-data    # \/mnt\/data\r\n    - name: data-east-1b\r\n      size: 1\r\n      services:\r\n        - data\r\n      serverGroups:\r\n        - us-east-1b\r\n      pod:\r\n        volumeMounts:\r\n          default: pvc-default\r\n          data: pvc-data\r\n    - name: data-east-1c\r\n      size: 1\r\n      services:\r\n        - data\r\n      serverGroups:\r\n        - us-east-1c\r\n      pod:\r\n        volumeMounts:\r\n          default: pvc-default\r\n          data: pvc-data\r\n  volumeClaimTemplates:\r\n    - metadata:\r\n        name: pvc-default\r\n      spec:\r\n        storageClassName: gp2\r\n        resources:\r\n          requests:\r\n            storage: 1Gi\r\n    - metadata:\r\n        name: pvc-data\r\n      spec:\r\n        storageClassName: gp2\r\n        resources:\r\n          requests:\r\n            storage: 5Gi\r\nEOF\r\n\r\ncouchbasebucket.couchbase.com\/default created\r\ncouchbasecluster.couchbase.com\/cbopedns created<\/pre>\r\n<div class=\"paragraph\">\r\n<p>After receiving the configuration, the Operator automatically begins creating the cluster. The amount of time it takes to create the cluster depends on the configuration. You can track the progress of cluster creation using the\u00a0<a class=\"page\" href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/reference-couchbasecluster-status.html\">cluster status<\/a>.<\/p>\r\n<\/div>\r\n<div class=\"sect2\">\r\n<h3 id=\"verifying-the-deployment\"><strong style=\"font-size: 20px\">Verifying the Deployment<\/strong><\/h3>\r\n<\/div>\r\n<p class=\"\">To check the progress run the below command, which will watch (-w argument) the progress of pods creating. If all goes fine then we will have three Couchbase cluster pods hosting the services as per the Couchbase cluster definition.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\">kubectl get pods --namespace demo -w\r\n\r\ncbopedns-0000                         1\/1     Running   0          9m15s\r\ncbopedns-0001                         1\/1     Running   0          8m34s\r\ncbopedns-0002                         1\/1     Running   0          8m\r\ncouchbase-operator-7f799565f8-c29ts   1\/1     Running   1          36m\r\nexternal-dns-6f74575d54-fp2wh         1\/1     Running   0          26m<\/pre>\r\n<p>If for any reason there is an exception, then you can find the details of exception from the couchbase-operator log file. To display the last 20 lines of the log, copy the name of your Operator pod and run the below command by replacing the Operator pod name with the name in your environment.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"Couchbase Operator logs\">$ kubectl logs couchbase-operator-7f799565f8-c29ts -n demo --tail 20\r\n\r\n{\"level\":\"info\",\"ts\":1588495709.7896624,\"logger\":\"cluster\",\"msg\":\"Watching new cluster\",\"cluster\":\"demo\/cbopedns\"}\r\n{\"level\":\"info\",\"ts\":1588495709.7898946,\"logger\":\"cluster\",\"msg\":\"Janitor starting\",\"cluster\":\"demo\/cbopedns\"}\r\n{\"level\":\"info\",\"ts\":1588495709.7987065,\"logger\":\"cluster\",\"msg\":\"Couchbase client starting\",\"cluster\":\"demo\/cbopedns\"}\r\n{\"level\":\"info\",\"ts\":1588495709.818881,\"logger\":\"cluster\",\"msg\":\"Cluster already exists, the operator will now manage it\",\"cluster\":\"demo\/cbopedns\"}\r\n{\"level\":\"info\",\"ts\":1588495709.8903878,\"logger\":\"cluster\",\"msg\":\"Running\",\"cluster\":\"demo\/cbopedns\"}\r\n{\"level\":\"info\",\"ts\":1588495710.0405645,\"logger\":\"couchbaseutil\",\"msg\":\"Cluster status\",\"cluster\":\"demo\/cbopedns\",\"balance\":\"unbalanced\",\"rebalancing\":false}\r\n{\"level\":\"info\",\"ts\":1588495710.0406282,\"logger\":\"couchbaseutil\",\"msg\":\"Node status\",\"cluster\":\"demo\/cbopedns\",\"name\":\"cbopedns-0000\",\"version\":\"6.5.0\",\"class\":\"data-east-1a\",\"managed\":true,\"status\":\"active\"}\r\n{\"level\":\"info\",\"ts\":1588495710.0406532,\"logger\":\"couchbaseutil\",\"msg\":\"Node status\",\"cluster\":\"demo\/cbopedns\",\"name\":\"cbopedns-0001\",\"version\":\"6.5.0\",\"class\":\"data-east-1b\",\"managed\":true,\"status\":\"pending_add\"}\r\n{\"level\":\"info\",\"ts\":1588495710.040662,\"logger\":\"couchbaseutil\",\"msg\":\"Node status\",\"cluster\":\"demo\/cbopedns\",\"name\":\"cbopedns-0002\",\"version\":\"6.5.0\",\"class\":\"data-east-1c\",\"managed\":true,\"status\":\"pending_add\"}\r\n{\"level\":\"info\",\"ts\":1588495710.0406775,\"logger\":\"scheduler\",\"msg\":\"Scheduler status\",\"cluster\":\"demo\/cbopedns\",\"name\":\"cbopedns-0000\",\"class\":\"data-east-1a\",\"group\":\"us-east-1a\"}\r\n{\"level\":\"info\",\"ts\":1588495710.0406868,\"logger\":\"scheduler\",\"msg\":\"Scheduler status\",\"cluster\":\"demo\/cbopedns\",\"name\":\"cbopedns-0001\",\"class\":\"data-east-1b\",\"group\":\"us-east-1b\"}\r\n{\"level\":\"info\",\"ts\":1588495710.040695,\"logger\":\"scheduler\",\"msg\":\"Scheduler status\",\"cluster\":\"demo\/cbopedns\",\"name\":\"cbopedns-0002\",\"class\":\"data-east-1c\",\"group\":\"us-east-1c\"}\r\n{\"level\":\"info\",\"ts\":1588495755.230221,\"logger\":\"couchbaseutil\",\"msg\":\"Rebalancing\",\"cluster\":\"demo\/cbopedns\",\"progress\":0}\r\n{\"level\":\"info\",\"ts\":1588495759.2380211,\"logger\":\"cluster\",\"msg\":\"Rebalance completed successfully\",\"cluster\":\"demo\/cbopedns\"}\r\n{\"level\":\"info\",\"ts\":1588495759.286947,\"logger\":\"cluster\",\"msg\":\"Reconcile completed\",\"cluster\":\"demo\/cbopedns\"}<\/pre>\r\n<p>Let&#8217;s make sure we check the external-dns logs to see if the DNS records for the Couchbase pods are being created.<\/p>\r\n<pre class=\"theme:monokai toolbar:1 lang:default decode:true\" title=\"External DNS deployment logs\">$ kubectl logs -f external-dns-6f74575d54-fp2wh -n demo\r\n\r\ntime=\"2020-05-03T08:46:46Z\" level=info msg=\"Changing record.\" action=CREATE record=cbopedns-0000.cbdemo.balajiacloud.guru targets=1 ttl=1 type=CNAME zone=c3b835b8ec89e43a2492b62d5d82cc86\r\ntime=\"2020-05-03T08:46:46Z\" level=info msg=\"Changing record.\" action=CREATE record=cbopedns-0002.cbdemo.balajiacloud.guru targets=1 ttl=1 type=CNAME zone=c3b835b8ec89e43a2492b62d5d82cc86\r\ntime=\"2020-05-03T08:46:47Z\" level=info msg=\"Changing record.\" action=CREATE record=cbopedns-0001.cbdemo.balajiacloud.guru targets=1 ttl=1 type=CNAME zone=c3b835b8ec89e43a2492b62d5d82cc86\r\ntime=\"2020-05-03T08:46:47Z\" level=info msg=\"Changing record.\" action=CREATE record=cbopedns-0000.cbdemo.balajiacloud.guru targets=1 ttl=1 type=TXT zone=c3b835b8ec89e43a2492b62d5d82cc86\r\ntime=\"2020-05-03T08:46:47Z\" level=info msg=\"Changing record.\" action=CREATE record=cbopedns-0002.cbdemo.balajiacloud.guru targets=1 ttl=1 type=TXT zone=c3b835b8ec89e43a2492b62d5d82cc86\r\ntime=\"2020-05-03T08:46:47Z\" level=info msg=\"Changing record.\" action=CREATE record=cbopedns-0001.cbdemo.balajiacloud.guru targets=1 ttl=1 type=TXT zone=c3b835b8ec89e43a2492b62d5d82cc86<\/pre>\r\n<p>At this point, you can also check the DNS page by logging to your <em>Cloudfare<\/em> account. You can see the CNAME and TXT records added by your External DNS provider.<\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8618 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/04\/cf-dns-1024x479.png\" alt=\"External DNS provider\" width=\"900\" height=\"421\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-dns-1024x479.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-dns-300x140.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-dns-768x359.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-dns-1536x719.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-dns-2048x958.png 2048w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-dns-20x9.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cf-dns-1320x618.png 1320w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\r\n<p><strong>Accessing the Couchbase Web Console<\/strong><\/p>\r\n<p>Now, you have a publicly addressable cluster that you can start using it. In the EKS environment, the Couchbase web console can be accessed through an exposed LoadBalancer service of a specific pod. You should be able to connect to the Couchbase console using the URL https:\/\/cbopedns-0000.cbdemo.balajiacloud.guru:18091\/ (replace the pod name and the DNS domain based on your environment).<\/p>\r\n<p>Please refer to <a href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/howto-ui.html#dns-based-addressing\">Access the Couchbase Server User Interface<\/a> documentation for more details on how to connect to the Couchbase console. Also, you can check <a href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/howto-client-sdks.html#dns-based-addressing-with-external-dns\">Configure Client SDKs<\/a> for details on how to connect client SDK with the Couchbase cluster while using DNS Based Addressing with External DNS.<\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8619 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/04\/cb-console-1024x474.png\" alt=\"Publicly addressable Couchbase cluster\" width=\"900\" height=\"417\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cb-console-1024x474.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cb-console-300x139.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cb-console-768x355.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cb-console-1536x711.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cb-console-2048x948.png 2048w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cb-console-20x9.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/cb-console-1320x611.png 1320w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\r\n<h3>Conclusion<\/h3>\r\n<p>In this blog, we saw how the Couchbase cluster can be publicly addressable using Couchbase Operator with Kubernetes External DNS. We discussed how the External DNS solution helps to dynamically manage the external DNS records from within a Kubernetes cluster. In this article, we used Amazon EKS as our Kubernetes environment but the same steps would also be applicable if you are using other Kubernetes environments like AKS, GKE, OpenShift, etc.<\/p>\r\n<h3>Resources<\/h3>\r\n<ul>\r\n<li>Try it out: <a href=\"https:\/\/www.couchbase.com\/downloads?family=couchbase-autonomous-operator-with-kubernetes\">Download Couchbase Autonomous Operator 2.0<\/a><\/li>\r\n<li>Share your thoughts on the\u00a0<a href=\"https:\/\/www.couchbase.com\/forums\/c\/couchbase-server\/Kubernetes\/\">Couchbase Forums<\/a><\/li>\r\n<li>Documentation:\u00a0\r\n<ul>\r\n<li style=\"list-style-type: none\">\r\n<ul>\r\n<li><a href=\"https:\/\/docs.couchbase.com\/operator\/2.0\/overview.html\">Couchbase Autonomous Operator 2.0<\/a><\/li>\r\n<li><a href=\"https:\/\/kubernetes.io\/\">Kubernetes Docs<\/a><\/li>\r\n<li><a href=\"https:\/\/github.com\/kubernetes-sigs\/external-dns\">External DNS<\/a><\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n<p>&nbsp;<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>Why expose the Couchbase database on the public network? Below are some examples: Cross-Data Center Replication (XDCR) for High Availability and Disaster Recovery Client SDK access to Couchbase cluster Database-as-a-Service (DBaaS) platforms *Note &#8211; All of these use cases share [&hellip;]<\/p>\n","protected":false},"author":56901,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1821,9284,2225,1816,2322,1813,2389],"tags":[10124,1245,2341,2339,2248,2247,2354,1545,2138,1673,2362,9262],"ppma_author":[9110],"class_list":["post-8600","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-couchbase-architecture","category-couchbase-autonomous-operator","category-cloud","category-couchbase-server","category-kubernetes","category-security","category-solutions","tag-amazon-web-services-aws","tag-cloud","tag-cncf","tag-eks","tag-gke","tag-google-kubernetes-engine","tag-k8","tag-kubernetes","tag-kubernetes-operator","tag-microsoft-azure","tag-openshift-operator","tag-tls-encryption"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.8 (Yoast SEO v25.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Public Network, External DNS &amp; Couchbase Autonomous Operator - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"SOLVED! Public Networking with Couchbase Autonomous Operator using Kubernetes External DNS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Public Network, External DNS &amp; Couchbase Autonomous Operator\" \/>\n<meta property=\"og:description\" content=\"This blog will guide you through the steps to deploy the Couchbase cluster using Autonomous Operator, and access the Couchbase cluster through public networking that is managed through External DNS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-05T20:55:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T06:06:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3840\" \/>\n\t<meta property=\"og:image:height\" content=\"2160\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Balaji Narayanan, Solutions Architect, Couchbase\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"Deploy Couchbase cluster on a public network using Couchbase Autonomous Operator with Kubernetes External DNS.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Balaji Narayanan, Solutions Architect, Couchbase\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"19 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/\"},\"author\":{\"name\":\"Balaji Narayanan, Solutions Architect, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/24150e999d4cd037292b4c022d8e9a71\"},\"headline\":\"Public Network, External DNS &amp; Couchbase Autonomous Operator\",\"datePublished\":\"2020-05-05T20:55:54+00:00\",\"dateModified\":\"2025-06-14T06:06:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/\"},\"wordCount\":2746,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"keywords\":[\"Amazon Web Services (AWS)\",\"cloud\",\"CNCF\",\"EKS\",\"GKE\",\"Google Kubernetes Engine\",\"K8\",\"kubernetes\",\"kubernetes operator\",\"Microsoft Azure\",\"Openshift operator\",\"TLS encryption\"],\"articleSection\":[\"Couchbase Architecture\",\"Couchbase Autonomous Operator\",\"Couchbase Capella\",\"Couchbase Server\",\"Kubernetes\",\"Security\",\"Solutions\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/\",\"name\":\"Public Network, External DNS &amp; Couchbase Autonomous Operator - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2020-05-05T20:55:54+00:00\",\"dateModified\":\"2025-06-14T06:06:15+00:00\",\"description\":\"SOLVED! Public Networking with Couchbase Autonomous Operator using Kubernetes External DNS.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Public Network, External DNS &amp; Couchbase Autonomous Operator\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/24150e999d4cd037292b4c022d8e9a71\",\"name\":\"Balaji Narayanan, Solutions Architect, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/4dcf839b63758771b1a76edca5195f8a\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b879c1d6937f96533739b2e780c0f97fbffdabdae7c9011a8e94109952e8f93a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b879c1d6937f96533739b2e780c0f97fbffdabdae7c9011a8e94109952e8f93a?s=96&d=mm&r=g\",\"caption\":\"Balaji Narayanan, Solutions Architect, Couchbase\"},\"description\":\"Balaji Narayanan is a Solutions Architect in the CoE team at Couchbase. He has deep expertise in Enterprise Application Design, Development, and Implementation using Java\/Java EE technologies and Cloud platforms. He has extensive experience developing solutions architecture and designing solutions to implement Cloud architecture using AWS, Azure, GCP Cloud platforms. He has expertise in designing and evaluating architectural alternatives for private, public, and hybrid cloud models. He is a certified professional in AWS and Kubernetes. Prior to joining Couchbase, Balaji was engaged with Microsoft building IaaS and PaaS platforms for Azure Cloud-native services. He holds a Bachelor's degree in Information Technology from Anna University (India).\",\"sameAs\":[\"www.linkedin.com\/in\/balaji-narayanan-it\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/balaji-narayanan\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Public Network, External DNS &amp; Couchbase Autonomous Operator - The Couchbase Blog","description":"SOLVED! Public Networking with Couchbase Autonomous Operator using Kubernetes External DNS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/","og_locale":"en_US","og_type":"article","og_title":"Public Network, External DNS &amp; Couchbase Autonomous Operator","og_description":"This blog will guide you through the steps to deploy the Couchbase cluster using Autonomous Operator, and access the Couchbase cluster through public networking that is managed through External DNS.","og_url":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/","og_site_name":"The Couchbase Blog","article_published_time":"2020-05-05T20:55:54+00:00","article_modified_time":"2025-06-14T06:06:15+00:00","og_image":[{"width":3840,"height":2160,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/04\/External-DNS-Latest-V3.png","type":"image\/png"}],"author":"Balaji Narayanan, Solutions Architect, Couchbase","twitter_card":"summary_large_image","twitter_description":"Deploy Couchbase cluster on a public network using Couchbase Autonomous Operator with Kubernetes External DNS.","twitter_misc":{"Written by":"Balaji Narayanan, Solutions Architect, Couchbase","Est. reading time":"19 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/"},"author":{"name":"Balaji Narayanan, Solutions Architect, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/24150e999d4cd037292b4c022d8e9a71"},"headline":"Public Network, External DNS &amp; Couchbase Autonomous Operator","datePublished":"2020-05-05T20:55:54+00:00","dateModified":"2025-06-14T06:06:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/"},"wordCount":2746,"commentCount":1,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","keywords":["Amazon Web Services (AWS)","cloud","CNCF","EKS","GKE","Google Kubernetes Engine","K8","kubernetes","kubernetes operator","Microsoft Azure","Openshift operator","TLS encryption"],"articleSection":["Couchbase Architecture","Couchbase Autonomous Operator","Couchbase Capella","Couchbase Server","Kubernetes","Security","Solutions"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/","url":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/","name":"Public Network, External DNS &amp; Couchbase Autonomous Operator - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2020-05-05T20:55:54+00:00","dateModified":"2025-06-14T06:06:15+00:00","description":"SOLVED! Public Networking with Couchbase Autonomous Operator using Kubernetes External DNS.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/public-networking-with-couchbase-autonomous-operator-using-kubernetes-external-dns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Public Network, External DNS &amp; Couchbase Autonomous Operator"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/24150e999d4cd037292b4c022d8e9a71","name":"Balaji Narayanan, Solutions Architect, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/4dcf839b63758771b1a76edca5195f8a","url":"https:\/\/secure.gravatar.com\/avatar\/b879c1d6937f96533739b2e780c0f97fbffdabdae7c9011a8e94109952e8f93a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b879c1d6937f96533739b2e780c0f97fbffdabdae7c9011a8e94109952e8f93a?s=96&d=mm&r=g","caption":"Balaji Narayanan, Solutions Architect, Couchbase"},"description":"Balaji Narayanan is a Solutions Architect in the CoE team at Couchbase. He has deep expertise in Enterprise Application Design, Development, and Implementation using Java\/Java EE technologies and Cloud platforms. He has extensive experience developing solutions architecture and designing solutions to implement Cloud architecture using AWS, Azure, GCP Cloud platforms. He has expertise in designing and evaluating architectural alternatives for private, public, and hybrid cloud models. He is a certified professional in AWS and Kubernetes. Prior to joining Couchbase, Balaji was engaged with Microsoft building IaaS and PaaS platforms for Azure Cloud-native services. He holds a Bachelor's degree in Information Technology from Anna University (India).","sameAs":["www.linkedin.com\/in\/balaji-narayanan-it"],"url":"https:\/\/www.couchbase.com\/blog\/author\/balaji-narayanan\/"}]}},"authors":[{"term_id":9110,"user_id":56901,"is_guest":0,"slug":"balaji-narayanan","display_name":"Balaji Narayanan, Solutions Architect, Couchbase","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/b879c1d6937f96533739b2e780c0f97fbffdabdae7c9011a8e94109952e8f93a?s=96&d=mm&r=g","author_category":"","last_name":"Narayanan, Solutions Architect, Couchbase","first_name":"Balaji","job_title":"","user_url":"","description":"Balaji Narayanan is a Solutions Architect in the CoE team at Couchbase. He has deep expertise in Enterprise Application Design, Development, and Implementation using Java\/Java EE technologies and Cloud platforms. He has extensive experience developing solutions architecture and designing solutions to implement Cloud architecture using AWS, Azure, GCP Cloud platforms. He has expertise in designing and evaluating architectural alternatives for private, public, and hybrid cloud models. He is a certified professional in AWS and Kubernetes. Prior to joining Couchbase, Balaji was engaged with Microsoft building IaaS and PaaS platforms for Azure Cloud-native services. He holds a Bachelor's degree in Information Technology from Anna University (India)."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/8600","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/56901"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=8600"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/8600\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=8600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=8600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=8600"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=8600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}