Provide Alternate DNS (e.g. corporate DNS/AD server) for Cluster Pods

Mindwatering Incorporated

Author: Tripp W Black

Created: 06/24 at 11:54 AM

 

Category:
RH OpenShift
Reference

Task:
The OCP cluster resolves public DNS, but cannot resolve internal cloud DNS within the general private cloud. Need to configure the private corporate DNS to be used for the cluster in addition to the default public DNS.


Steps:
Notes:
- DNS is provided by CoreDNS, which is one of the OCP operators.
- The DNS forward/override is provided typically per domain, e.g. mindwatering.local, or mindwatering.net, where the internal mindwatering.net contains additional server (A and PTR) records for internal servers and applications with the private cloud.
- The DNS forward entry IP can be an external IP if the OCP cluster is outside the DNS service's internal network, or an internal IP depending on the private cloud set-up
- The config Corefile is located w/in the CoreDNS pod(s), applied through the OCP operator ConfigMap in the openshift-dns namespace

For this example:
- Authoritative DNS server IP: 10.0.10.2 (and secondary/alternate: 10.0.20.2)
- Domains: mindwatering.local and mindwatering.net
- DNS Namespace/project: default (kube-system in native K8s)
- App deployment namespace: MWRESTApp
- App deployment needing the DNS forward: MWRESTApp
- Target REST server needing DNS resolution: MWInfraRESTApp


1. Create the DNS ConfigMap update YAML file:
$ ssh myadminid@ocp1.mindwatering.net
$ cd ~/
$ vi dns-mindwatering.yaml

apiVersion: operator.openshift.io/v1
kind: DNS
metadata:
  name: default
spec:
  servers:
  - name: mwnet-dns
    zones:
      - mindwatering.local
      - mindwatering.net
    forwardPlugin:
      upstreams:
        - 10.0.10.2
        - 10.0.20.2



2. Update the DNS Operator:
a. Get the API endpoint URL (if needed):
$ crc console --credentials
<note API login URL>

b. Login
$ oc login -u mydminid <api-url>
<confirm Login successful>

c. Confirm operators available and not degrated:
$ oc get co
<view list of operators, confirm available and not degraded>

d. Apply the DNS forward/override:
$ oc apply -f dns-mindwatering.yaml
<confirm success: dns.operator.openshift.io/default configured>


3. Test the DNS resolving using an application deployment requiring it:
Note:
- Testing from the deployment/pod: MWRESTApp
- Testing connection to REST app/service: MWInfraRESTApp
$ PODNAME=$(kubectl get pod -n MWRESTApp | awk '{ print $1 }' | grep -v NAME)
$ kubectl exec -ti $PODNAME -n MWRESTApp sh
sh-4.2# nslookup mwinfrarestapp.mindwatering.net
<confirm authoritative response returned from the internal DNS server 10.0.10.2>



previous page

×