The OpenStack services are exposed through the Ingress NGINX controller.
To configure DNS to access your OpenStack environment:
Obtain the external IP address of the Ingress service:
kubectl -n openstack get services ingress
Example of system response:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress LoadBalancer 10.96.32.97 10.172.1.101 80:34234/TCP,443:34927/TCP,10246:33658/TCP 4h56m
Select from the following options:
If you have a corporate DNS server, update your corporate DNS service and create appropriate DNS records for all OpenStack public endpoints.
To obtain the full list of public endpoints:
kubectl -n openstack get ingress -ocustom-columns=NAME:.metadata.name,HOSTS:spec.rules[*].host | awk '/cluster-fqdn/ {print $2}'
Example of system response:
barbican.it.just.works
cinder.it.just.works
cloudformation.it.just.works
designate.it.just.works
glance.it.just.works
heat.it.just.works
horizon.it.just.works
keystone.it.just.works
neutron.it.just.works
nova.it.just.works
novncproxy.it.just.works
octavia.it.just.works
placement.it.just.works
If you do not have a corporate DNS server, perform one of the following steps:
Add the appropriate records to /etc/hosts locally. For example:
10.172.1.101 barbican.it.just.works
10.172.1.101 cinder.it.just.works
10.172.1.101 cloudformation.it.just.works
10.172.1.101 designate.it.just.works
10.172.1.101 glance.it.just.works
10.172.1.101 heat.it.just.works
10.172.1.101 horizon.it.just.works
10.172.1.101 keystone.it.just.works
10.172.1.101 neutron.it.just.works
10.172.1.101 nova.it.just.works
10.172.1.101 novncproxy.it.just.works
10.172.1.101 octavia.it.just.works
10.172.1.101 placement.it.just.works
Deploy your DNS server on top of Kubernetes:
Deploy a standalone CoreDNS server by including the following
configuration into coredns.yaml:
apiVersion: lcm.mirantis.com/v1alpha1
kind: HelmBundle
metadata:
name: coredns
namespace: osh-system
spec:
repositories:
- name: hub_stable
url: https://kubernetes-charts.storage.googleapis.com
releases:
- name: coredns
chart: hub_stable/coredns
version: 1.8.1
namespace: coredns
values:
image:
repository: mirantis.azurecr.io/openstack/extra/coredns
tag: "1.6.9"
isClusterService: false
servers:
- zones:
- zone: .
scheme: dns://
use_tcp: false
port: 53
plugins:
- name: cache
parameters: 30
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local
- name: loadbalance
parameters: round_robin
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . /etc/resolv.conf
- name: file
parameters: /etc/coredns/it.just.works.db it.just.works
serviceType: LoadBalancer
zoneFiles:
- filename: it.just.works.db
domain: it.just.works
contents: |
it.just.works. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
it.just.works. IN NS b.iana-servers.net.
it.just.works. IN NS a.iana-servers.net.
it.just.works. IN A 1.2.3.4
*.it.just.works. IN A 1.2.3.4
Update the public IP address of the Ingress service:
sed -i 's/1.2.3.4/10.172.1.101/' release/ci/30-coredns.yaml
kubectl apply -f release/ci/30-coredns.yaml
Verify that the DNS resolution works properly:
Assign an external IP to the service:
kubectl -n coredns patch service coredns-coredns --type='json' -p='[{"op": "replace", "path": "/spec/ports", "value": [{"name": "udp-53", "port": 53, "protocol": "UDP", "targetPort": 53}]}]'
kubectl -n coredns patch service coredns-coredns --type='json' -p='[{"op": "replace", "path": "/spec/type", "value":"LoadBalancer"}]'
Obtain the external IP address of CoreDNS:
kubectl -n coredns get service coredns-coredns
Example of system response:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns-coredns ClusterIP 10.96.178.21 10.172.1.102 53/UDP,53/TCP 25h
Point your machine to use the correct DNS. It is 10.172.1.102
in the example system response above.
If you plan to launch Tempest tests or use the OpenStack client from
a keystone-client-XXX pod, verify that the Kubernetes built-in
DNS service is configured to resolve your public FQDN records by
adding your public domain to Corefile. For example,
to add the it.just.works domain:
kubectl -n kube-system get configmap coredns -oyaml
Example of system response:
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
it.just.works:53 {
errors
cache 30
forward . 10.96.178.21
}