89 lines
1.8 KiB
Markdown
89 lines
1.8 KiB
Markdown
# Private DNS installation
|
|
|
|
## Contexte
|
|
|
|
We want to deploy an internal DNS to serve private domain and that will be able to forward any other requests to another DNS.
|
|
|
|
## Architecture
|
|
|
|
We will use CoreDNS (not the cluster internal) to serve those requests.
|
|
A etcd cluster will be deployed in statefullset, with PVC, as CoreDNS' backend.
|
|
We finally deploy external-dns to handle DNS entry creation and suppression, in Service or Ingress rules.
|
|
|
|
## Deploy
|
|
|
|
Pretty straitforward using manifests from 01\* to 04\*.
|
|
The CoreDNS configuration is in 04-coredns.yaml :
|
|
|
|
```
|
|
data:
|
|
Corefile: |
|
|
open-it.intra {
|
|
errors
|
|
health
|
|
log
|
|
etcd {
|
|
endpoint http://etcd-dns:2379
|
|
}
|
|
cache 30
|
|
prometheus 0.0.0.0:9153
|
|
}
|
|
|
|
. {
|
|
forward . 192.168.5.1
|
|
cache
|
|
}
|
|
```
|
|
|
|
|
|
|
|
## Testing
|
|
|
|
We will test by deploying a service type **LoadBalancer** with the annotation :
|
|
**external-dns.alpha.kubernetes.io/hostname: "<url|fqdn>"**
|
|
|
|
Let's try with that Service :
|
|
|
|
```
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: nginx-frontend
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: "nginx.open-it.intra"
|
|
spec:
|
|
ports:
|
|
- name: "web"
|
|
port: 80
|
|
targetPort: 80
|
|
selector:
|
|
app: nginx
|
|
type: LoadBalancer
|
|
```
|
|
|
|
First, let's retrieve DNS IP :
|
|
|
|
```
|
|
$ kubectl -n dns get svc coredns
|
|
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
|
coredns LoadBalancer 10.98.74.182 192.168.5.201 53:30690/UDP 2d1h
|
|
```
|
|
|
|
We can now try DNS resolution
|
|
|
|
```
|
|
$ dig @192.168.5.201 nginx.open-it.intra +short
|
|
192.168.5.203
|
|
```
|
|
|
|
or
|
|
|
|
```
|
|
$ nslookup nginx.open-it.intra 192.168.5.201
|
|
Server: 192.168.5.201
|
|
Address: 192.168.5.201#53
|
|
|
|
Name: nginx.open-it.intra
|
|
Address: 192.168.5.203
|
|
```
|