I'm considering to deploy Kubernetes cluster to semi-production usage. So far I've got a good grasp, but there's one thing that I don't fully understand yet. By default Kubernetes uses cluster.local domain for its internal DNS. It is possible at installation time to change that default. I own a domain and I can configure it to cluster.mydomain.com, but what would be a good reason to do so? I'm asking because I expect it to be hard to change later, so I want to properly configure it now.
Asked
Active
Viewed 32 times
0
vbezhenar
- 261
- 1
- 3
- 10
1 Answers
2
By default Kubernetes uses cluster.local domain for its internal DNS. It is possible at installation time to change that default.
Yes, it is.
Depends on how you would deploy Kubernetes ... Using kubespray, we would do this setting the cluster_name variable. It would change some configuration in the kubeadm-config file used during cluster deployment, as well as cluster DNS zones configuration.
I own a domain and I can configure it to cluster.mydomain.com, but what would be a good reason to do so?
I am not sure changing the cluster internal DNS domain name matching another existing domain would make much sense.
Hypothetically...
assuming your SDN connects to some external routers, exposing SDN ranges (through BGP, OSPF, ... eg: using calico) such as users within your LAN can connect to SDN IP addresses.
and granted that you did setup your mydomain.com zone, with some
cluster IN NS <kubernetes-dns-service-clusterip>, such as clients resolving names corresponding to your cluster services, would get an answer from the cluster DNS itself.
Then, it could make sense. Arguably. As end-users may consistently rely on those DNS names connecting to in-SDN services.
Although this really isn't a common use case. Never seen this myself. And probably not something we should recommend: SDN is meant to isolate your cluster network. Ingresses/service mesh ingress gateways/... would be the preferred way to expose services to end-users: normalizes tls configuration, filter which endpoints can be accessed, maybe log external accesses from a few selected pods/ingresses, ...
Unless you purposefully want end-users to directly connect kubernetes Services ClusterIPs, it probably doesn't make sense to use your own domain, as kubernetes internal DNS domain name.
And when in that case, a better solution may be to investigate solutions such as MetalLB, or Multus. Instead of exposing your SDN to end-users, prefer using one of those exposing specific Services or Deployments, allocating them with addresses outside of your SDN ranges.
SYN
- 1,751
- 8
- 14