[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Using cluster DNS for the integrated registry



We are looking to move from using the docker-registry service’s IP to its cluster DNS entry (docker-registry.default.svc.cluster.local) to make certificate generation and push/pull secret usage easier. Currently, the master caches the registry’s service IP and uses that when creating image references in image streams. If the service is deleted and recreated, it most likely gets a new IP, invalidating previously generated image references, and you also have to restart the master for it to pick up the new IP. Additionally, if you want the registry to use TLS, you must generate a certificate for it, and any time the IP changes, you’ll have to generate a new certificate.

We’d like to use the cluster DNS entry exclusively, but there are some challenges. The biggest is that in order for Docker to be able to talk to the registry using its DNS entry, the host where Docker is running must use the IP address of the OpenShift master as a resolver for DNS. This is straightforward to implement for Ansible-based installations (we have a Trello card to do this work soon). But for developers running OpenShift from source and anyone running OpenShift via ‘docker run’, it’s not automatic; you have to manually edit /etc/resolv.conf to add a nameserver entry for your master (which most likely will just be 127.0.0.1 if you’re running an all-in-one setup).

I’m wondering if anyone has any ideas for a way to eliminate the need to manually edit /etc/resolv.conf on your host and still have the host’s Docker daemon be able to resolve cluster DNS entries like the registry?

TIA,
Andy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]