Kubernetes @ bareMetal: how to deal with DNS?

General Discussions
1

I am using a bare-metal kubernetes cluster. Using metalLB loadbalancer in front of ingress-nginx.

I have no background in DNS services. I know we have some DNS-server running in the datacenter. What is the best practice that services populated by ingress-nginx are resolvable by clients which are using the datacenter’s DNS service?

Example: In ingress I have configured the host “app1.myownKubernetesCluster.internal” metalLB is assigning the the IP 192.168.1.20 for the ingress controller.

I want to be able to resolve app1.myownKubernetesCluster.internal to 192.168.1.20 from a client which is using the datacenter’s DNS-server.

What is the best practice for that? Is there some kind of DNS forwarding?

Thanks, Andreas

2

You will have to discuss that with your datacenter DNS provider. You can use the external-dns tool to update some DNS providers, but the providers are less likely to be run in on-prem deployments.

There’s a few other things you can do like having a zone delegated to something you control and dynamically update, but no matter what you do – you will have to discuss that with the team managing dns in your datacenter.

3

Hi @mrbobbytables,

I talked to our datacenter guys. They said they will forward all DNS requests below a subdomain to to some kubernetes DNS.

I think that is in general the easiest approach. But the thing in kubernetes is not really clear for me:

Target, what do I need:

  • make all services with external IP (loadbalancer) dns resolvable.
  • make all hostnames configured in ingress-nginx dns resolvable.

Does that sound ok so far?

As I understand kubernetes is running CoreDNS service for internal name resolution. Currently this one is only available by a service with clusterIP - so only internal.

So do I just need to add an external loadbalancer IP and use this IP as DNS forward target for datacenter’s DNS service?

Or shouldn’t I mess up with the internal CoreDNS and create an own CoreDNS instance running in kubernetes and fill it with external-dns-tool you mentioned above? CoreDNS is mentioned there - at least as alpha status.

BTW, I noticed that internal coreDNS resolves services, but not defined hostnames in ingress - at least by default. So just making internal coreDNS reachable from outside isn’t enough.

Thanks, Andreas

4

That should be achievable :slight_smile:

I would not use the internal instance. Those tend to be managed by the tool you’re using to install/upgrade the cluster.

Yes. The external loadBalancer IP should target the new coreDNS service provisioned to work with the external dns tool.

5

many thanks. Then I have quite track to follow.

6

Hey,

Can you please follow up on if you proceeded on solving this task?

First off

  • Could you make both services exposed with external IP and hostnames configured in ingress-nginx dns resolvable?
  • Did you end up using external-dns (in combination with coreDNS), or something similar?

So there was only a single IP for your loadbalancer exposed services?

How were you able to route subdomains to specific services using an external IP?

Thanks a lot,