For publicly exposed Kubernetes services - type LoadBalancer - we have a dns record that points to the external ip address.
In each service we do TLS termination with a LetsEncrypt certificate that is tied to the external name. It's not allowed to add the internal name to the certificate as well.
What I would like to do is use any application in the same Kubernetes cluster connect using the external name but keep communication internal.
Is there any way to provide a dns record in the Kubernetes cluster that resolves the same name to the internal service ip address to do so?
For reference, you can achieve this configuring CoreDNS. Example configuration that will link from external DNS name foo.example.com
to the internal IP of foo
service in default
namespace
.:53 {
errors
log
health
rewrite name foo.example.com foo.default.svc.cluster.local
kubernetes cluster.local 10.0.0.0/24
file /etc/coredns/example.db example.org
proxy . /etc/resolv.conf
cache 30
}
Thanks @Jorrit Salverda for opening the kubernetes issue with this.