Kubernetes @ bareMetal: how to deal with DNS?

I am using a bare-metal kubernetes cluster. Using metalLB loadbalancer in front of ingress-nginx.

I have no background in DNS services. I know we have some DNS-server running in the datacenter. What is the best practice that services populated by ingress-nginx are resolvable by clients which are using the datacenter’s DNS service?

Example: In ingress I have configured the host “app1.myownKubernetesCluster.internal” metalLB is assigning the the IP for the ingress controller.

I want to be able to resolve app1.myownKubernetesCluster.internal to from a client which is using the datacenter’s DNS-server.

What is the best practice for that? Is there some kind of DNS forwarding?

Thanks, Andreas

You will have to discuss that with your datacenter DNS provider. You can use the external-dns tool to update some DNS providers, but the providers are less likely to be run in on-prem deployments.

There’s a few other things you can do like having a zone delegated to something you control and dynamically update, but no matter what you do – you will have to discuss that with the team managing dns in your datacenter.

Hi @mrbobbytables,

I talked to our datacenter guys. They said they will forward all DNS requests below a subdomain to to some kubernetes DNS.

I think that is in general the easiest approach. But the thing in kubernetes is not really clear for me:

Target, what do I need:

  • make all services with external IP (loadbalancer) dns resolvable.
  • make all hostnames configured in ingress-nginx dns resolvable.

Does that sound ok so far?

As I understand kubernetes is running CoreDNS service for internal name resolution. Currently this one is only available by a service with clusterIP - so only internal.

So do I just need to add an external loadbalancer IP and use this IP as DNS forward target for datacenter’s DNS service?

Or shouldn’t I mess up with the internal CoreDNS and create an own CoreDNS instance running in kubernetes and fill it with external-dns-tool you mentioned above? CoreDNS is mentioned there - at least as alpha status.

BTW, I noticed that internal coreDNS resolves services, but not defined hostnames in ingress - at least by default. So just making internal coreDNS reachable from outside isn’t enough.

Thanks, Andreas

That should be achievable :slight_smile:

I would not use the internal instance. Those tend to be managed by the tool you’re using to install/upgrade the cluster.

Yes. The external loadBalancer IP should target the new coreDNS service provisioned to work with the external dns tool.

many thanks. Then I have quite track to follow.