Configure DNS to access OpenStack¶
DNS is a mandatory component for MOSK deployment, all records must be created on the customer DNS server. The OpenStack services are exposed through the Ingress NGINX controller.
Warning
This document describes how to temporarily configure DNS. The workflow contains non-permanent changes that will be rolled back during a managed cluster update or reconciliation loop. Therefore, proceed at your own risk.
To configure DNS to access your OpenStack environment:
Obtain the external IP address of the Ingress service:
kubectl -n openstack get services ingress
Example of system response:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress LoadBalancer 10.96.32.97 10.172.1.101 80:34234/TCP,443:34927/TCP,10246:33658/TCP 4h56m
Select from the following options:
If you have a corporate DNS server, update your corporate DNS service and create appropriate DNS records for all OpenStack public endpoints.
To obtain the full list of public endpoints:
kubectl -n openstack get ingress -ocustom-columns=NAME:.metadata.name,HOSTS:spec.rules[*].host | awk '/namespace-fqdn/ {print $2}'
Example of system response:
barbican.it.just.works cinder.it.just.works cloudformation.it.just.works designate.it.just.works glance.it.just.works heat.it.just.works horizon.it.just.works keystone.it.just.works neutron.it.just.works nova.it.just.works novncproxy.it.just.works octavia.it.just.works placement.it.just.works
If you do not have a corporate DNS server, perform one of the following steps:
Add the appropriate records to
/etc/hosts
locally. For example:10.172.1.101 barbican.it.just.works 10.172.1.101 cinder.it.just.works 10.172.1.101 cloudformation.it.just.works 10.172.1.101 designate.it.just.works 10.172.1.101 glance.it.just.works 10.172.1.101 heat.it.just.works 10.172.1.101 horizon.it.just.works 10.172.1.101 keystone.it.just.works 10.172.1.101 neutron.it.just.works 10.172.1.101 nova.it.just.works 10.172.1.101 novncproxy.it.just.works 10.172.1.101 octavia.it.just.works 10.172.1.101 placement.it.just.works
Deploy your DNS server on top of Kubernetes:
Deploy a standalone CoreDNS server by including the following configuration into
coredns.yaml
:apiVersion: lcm.mirantis.com/v1alpha1 kind: HelmBundle metadata: name: coredns namespace: osh-system spec: repositories: - name: hub_stable url: https://charts.helm.sh/stable releases: - name: coredns chart: hub_stable/coredns version: 1.8.1 namespace: coredns values: image: repository: mirantis.azurecr.io/openstack/extra/coredns tag: "1.6.9" isClusterService: false servers: - zones: - zone: . scheme: dns:// use_tcp: false port: 53 plugins: - name: cache parameters: 30 - name: errors # Serves a /health endpoint on :8080, required for livenessProbe - name: health # Serves a /ready endpoint on :8181, required for readinessProbe - name: ready # Required to query kubernetes API for data - name: kubernetes parameters: cluster.local - name: loadbalance parameters: round_robin # Serves a /metrics endpoint on :9153, required for serviceMonitor - name: prometheus parameters: 0.0.0.0:9153 - name: forward parameters: . /etc/resolv.conf - name: file parameters: /etc/coredns/it.just.works.db it.just.works serviceType: LoadBalancer zoneFiles: - filename: it.just.works.db domain: it.just.works contents: | it.just.works. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600 it.just.works. IN NS b.iana-servers.net. it.just.works. IN NS a.iana-servers.net. it.just.works. IN A 1.2.3.4 *.it.just.works. IN A 1.2.3.4
Update the public IP address of the Ingress service:
sed -i 's/1.2.3.4/10.172.1.101/' coredns.yaml kubectl apply -f coredns.yaml
Verify that the DNS resolution works properly:
Assign an external IP to the service:
kubectl -n coredns patch service coredns-coredns --type='json' -p='[{"op": "replace", "path": "/spec/ports", "value": [{"name": "udp-53", "port": 53, "protocol": "UDP", "targetPort": 53}]}]' kubectl -n coredns patch service coredns-coredns --type='json' -p='[{"op": "replace", "path": "/spec/type", "value":"LoadBalancer"}]'
Obtain the external IP address of CoreDNS:
kubectl -n coredns get service coredns-coredns
Example of system response:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE coredns-coredns ClusterIP 10.96.178.21 10.172.1.102 53/UDP,53/TCP 25h
Point your machine to use the correct DNS. It is
10.172.1.102
in the example system response above.If you plan to launch Tempest tests or use the OpenStack client from a
keystone-client-XXX
pod, verify that the Kubernetes built-in DNS service is configured to resolve your public FQDN records by adding your public domain toCorefile
. For example, to add theit.just.works
domain:kubectl -n kube-system get configmap coredns -oyaml
Example of system response:
apiVersion: v1 data: Corefile: | .:53 { errors health ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } it.just.works:53 { errors cache 30 forward . 10.96.178.21 }