[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: openshift dns as delegated domain



Hi Javier.

Javier Palacios have written on Thu, 1 Jun 2017 11:59:29 +0000:

> Hello all,
> 
> first suggest the creation of a new list for openshift admins, where
> I feel this question fits much better. And second, the question itself
> 
> I would like to convert the skydns built into openshift into a
> delegated zone of our own DNS domain. I've seen that it runs at 8053,
> and as our domain runs on a domain controller, seems that non-
> standard ports are not an option. As a workaround, I've opened the
> dnsmaq port of our master node in the firewall, and this is enough to
> resolve individual names and even the SOA record, but only if I use
> directly the dnsmasq instance. What is the proper way to achieve
> this? I expect to reinstall the cluster soon, modifying the default
> subdomain properly to try with a sub-zone delegation from our dns
> domain, which I know works with dnsmasq, alghouth a standalone one.

The dnsmasq is not a workaround it's the solution for keep DNS
resolving up and running.

The flow is normally like this.

nodeX:
/etc/resolv.conf => dnsmasq

egrep ^ /etc/dnsmasq.d/origin-*
/etc/dnsmasq.d/origin-dns.conf:strict-order
/etc/dnsmasq.d/origin-dns.conf:no-resolv
/etc/dnsmasq.d/origin-dns.conf:domain-needed
/etc/dnsmasq.d/origin-dns.conf:server=/cluster.local/CLUSTER-IP-from-kubernetes
/etc/dnsmasq.d/origin-upstream-dns.conf:server=IP of master LB

You can execute this command to get the cluster ip, but the ansible
playbooks do this for you.

oc get svc -n default kubernetes -o jsonpath='{.spec.clusterIP}'

I have solved this with additional files in /etc/dnsmasq.d/ and it
looks to me that the current ansible playbooks have this feature
already there.

Maybe this part can solve this for you at install time.

https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.origin.example#L709-L712
https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_node_dnsmasq/tasks/main.yml#L23-L31


> Javier Palacios

-- 
Best Regards
Aleksandar Lazic - ME2Digital e. U.
https://me2digital.online/

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]