K
Q

Alias for Kubernetes service

7/29/2020

I have Minikube running Kubernetes version 1.18.2. The Minikube is running stock CoreDNS as well. I need to introduce a DNS alias for my sevice coolservice. The service is available under standard coolservice, coolservice.default and coolservice.default.svc.cluster.local DNS names. I would like my service to be also available under the domain coolservice.foo.bar.

I'm trying to use the DNS rewrite plugin for that purpose. This is my Corefile configuration:

apiVersion: v1
data:
  Corefile: |
    .:53 {
      [... unchanged ...]
    }
    foo.bar {
      rewrite name exact coolservice.foo.bar coolservice.default.svc.cluster.local
    }
kind: ConfigMap
metadata:
  [... unchanged ...]

After I apply the Corefile with kubectl, I'm stating shell in another pod, and I'm trying to resolve the domain with host and curl. Unfortunately, if fails with error Question section mismatch:

root@aks-ssh:/# host coolservice.default.svc.cluster.local
coolservice.default.svc.cluster.local has address 10.108.195.164

root@aks-ssh:/# host coolservice.foo.bar
;; Question section mismatch: got coolservice.default.svc.cluster.local/A/IN
 
;; Question section mismatch: got coolservice.default.svc.cluster.local/A/IN
;; connection timed out; no servers could be reached

root@aks-ssh:/# curl -X GET coolservice.default.svc.cluster.local:8100/health
{"results":[],"compositeStatus":"Healthy"}

root@aks-ssh:/# curl -X GET coolservice.foo.bar:8100/health
curl: (6) Could not resolve host: coolservice.foo.bar

In this documentation section it's written that when using exact name rewrite rules, the answer gets rewritten automatically. I've tried regex rules as well. Any idea what can be wrong here? (I've tried to configure it on AKS cluster as well, the same problem.).

-- ciechowoj
azure-aks
coredns
dns
kubernetes

Similar Questions

How to install certificate in Istio ingress gateway in GKE
How to redeploy metrics-server
hostPath PersistentVolume and spec.capacity.storage attribute
Reverse proxy not routing to APIs using nginx and kubernetes
Is there any security advantage to mounting secrets as a file instead of passing them as environment variables with Docker on Kubernetes?

2 Answers

7/29/2020

Have a look at : https://github.com/coredns/coredns/issues/2347

is seems that its important to configure the Resonse Rewrite

See the section on Response Rewrites in the docs https://coredns.io/plugins/rewrite/

same as this: https://stackoverflow.com/questions/54509142/coredns-suffix-rewrite-causes-dns-queries-to-return-the-rewritten-name

-- djsly
Source: StackOverflow
8/4/2020

I was wondering if you saw Custom DNS Entries For Kubernetes article. It's also using rewrite plugin.

Suppose we have a service, foo.default.svc.cluster.local that is available to outside clients as foo.example.com. That is, when looked up outside the cluster, foo.example.com will resolve to the load balancer VIP - the external IP address for the service. Inside the cluster, it will resolve to the same thing, and so using this name internally will cause traffic to hairpin - travel out of the cluster and then back in via the external IP. Instead, we want it to resolve to the internal ClusterIP, avoiding the hairpin.

In your configuration, you have added foo.bar with brackets.

foo.bar {
      rewrite name exact coolservice.foo.bar coolservice.default.svc.cluster.local
    }

Did you try to do it without that? As per example in mentioned docs:

.:53 {
    errors
    log
    health
    rewrite name foo.example.com foo.default.svc.cluster.local
    kubernetes cluster.local 10.0.0.0/24
    proxy . /etc/resolv.conf
    cache 30
}

While in your case it would be

.:53 {
    errors
    log
    health
    rewrite name coolservice.foo.bar coolservice.default.svc.cluster.local
    kubernetes cluster.local 10.0.0.0/24
    proxy . /etc/resolv.conf
    cache 30
}

As you provided limited information, please make sure you are using correct service name and namespace name.

Those changes can be done using to commands kubectl edit configmap coredns -n kube-system or kubectl apply -f patched-coredns-deployment.yaml -n kube-system

After that you will need for a few minutes (10-15 minutes) for plugin to reload.

You can also force it as per article

Once we add that to the ConfigMap via kubectl edit or kubectl apply, we have to let CoreDNS know that the Corefile has changed. You can send it a SIGUSR1 to tell it to reload graceful - that is, without loss of service:

$ kubectl exec -n kube-system <coredns-pod-name> -- kill -SIGUSR1 1

On the end you can test it (with changing names to your own) by:

$ kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
/ # host foo
foo.default.svc.cluster.local has address 10.0.0.72
/ # host foo.example.com
foo.example.com has address 10.0.0.72
/ # host bar.example.com
Host bar.example.com not found: 3(NXDOMAIN)
/ #

Please let me know about your result.

-- PjoterS
Source: StackOverflow