DNS Entries Required for OpenShift or OKD

Mindwatering Incorporated

Author: Tripp W Black

Created: 05/26 at 02:25 PM

Category:
RH OpenShift
Install

Note:
- In OCP and OKD 4.4 and later, etcd host and SRV records are no longer required.
- Control planes nodes are number 0-2 (0-based)
- Worker/compute nodes are numbered 0-1 (0-based)

Example DNS Config:



$TTL 1W

@	IN	SOA	ns1.mindwatering.net.	root (

			2026050100	; serial

			3H		; refresh (3 hours)

			30M		; retry (30 minutes)

			2W		; expiry (2 weeks)

			1W )		; minimum (1 week)

	IN	NS	ns1.mindwatering.net.

	IN	MX 10	smtp.mindwatering.net.

;

;

ns1.mindwatering.net.		IN	A	192.168.222.1

smtp.mindwatering.net.		IN	A	192.168.222.201

;

helper.mindwatering.net.		IN	A	192.168.222.50

helper.ocp4.mindwatering.net.	IN	A	192.168.222.50

;

api.ocp4.mindwatering.net.		IN	A	192.168.222.50

api-int.ocp4.mindwatering.net.	IN	A	192.168.222.50

;

*.apps.ocp4.mindwatering.net.	IN	A	192.168.222.50

;

bootstrap.ocp4.mindwatering.net.	IN	A	192.168.222.96

;

control-plane0.ocp4.mindwatering.net.	IN	A	192.168.222.97

control-plane1.ocp4.mindwatering.net.	IN	A	192.168.222.98

;

control-plane2.ocp4.mindwatering.net.	IN	A	192.168.222.99

;

compute0.ocp4.mindwatering.net.	IN	A	192.168.222.101

compute1.ocp4.mindwatering.net.	IN	A	192.168.222.102

;

;EOF

Table of Required DNS Records from OKD docs:

Component	Record	Description
Kubernetes API	api.<cluster_name>.<base_domain>.	A DNS A/AAAA or CNAME record, and a DNS PTR record, to identify the API load balancer. These records must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
Kubernetes API	api-int.<cluster_name>.<base_domain>.	A DNS A/AAAA or CNAME record, and a DNS PTR record, to internally identify the API load balancer. These records must be resolvable from all the nodes within the cluster. The API server must be able to resolve the worker nodes by the hostnames that are recorded in Kubernetes. If the API server cannot resolve the node names, then proxied API calls can fail, and you cannot retrieve logs from pods.
Routes	*.apps.<cluster_name>.<base_domain>.	A wildcard DNS A/AAAA or CNAME record that refers to the application ingress load balancer. The application ingress load balancer targets the machines that run the Ingress Controller pods. The Ingress Controller pods run on the compute machines by default. These records must be resolvable by both clients external to the cluster and from all the nodes within the cluster. Wildcard route to the OKD console: console-openshift-console.apps.<cluster_name>.<base_domain>
Bootstrap machine	bootstrap.<cluster_name>.<base_domain>.	A DNS A/AAAA or CNAME record, and a DNS PTR record, to identify the bootstrap machine. These records must be resolvable by the nodes within the cluster.
Control plane machines	<control_plane><n>.<cluster_name>.<base_domain>.	DNS A/AAAA or CNAME records and DNS PTR records to identify each machine for the control plane nodes. These records must be resolvable by the nodes within the cluster.
Compute machines	<compute><n>.<cluster_name>.<base_domain>.	DNS A/AAAA or CNAME records and DNS PTR records to identify each machine for the worker nodes. These records must be resolvable by the nodes within the cluster.