Kubernetes + Openstack DNS

This video shows the default DNS configuration in Canonical Kubernetes and Openstack. Kubernetes has been deployed on Virtual Machines inside a tenant space and thus can communicate. Openstack automatically allocates the IP(s) and hostnames for each VM and gives them DNS forward/reverse DNS entries.

Kubernetes has its own overlay network, not to be confused with the overlay network managed and provided by Neutron (Openstack). This network has its own DNS entries which are automatically managed by Kubernetes and they are not exposed to the outside world by default.

The microbot workload has been exposed using an ingress rule, in this case to to the public IP 192.168.151.56. We can resolve this using the DNS entry: http://microbot.192.168.151.56.xip.io/.

We deploy Jenkins on to an additional virtual machine within the same project as Kubernetes as a simple test machine which can communicate to services exposed on the Kubernetes cluster.

Once deployed, I show simple forward and reverse DNS resolution within the cluster between the kubernetes-worker VM and the Jenkins host.

Jenkins shows the public IP addresses, I.E '192.168.x.x' but note, these Virtual Machines have internal adddresses on the 10.5.5.X network, managed by Openstack.

I show that the workload can be accessed by the Jenkins host using wget on the public address.

Next I show that the kube-dns service is running and I have exposed this so queries can be made to the internal DNS service using nodeport (port 30053 UDP and 32013 TCP). This is not a default configuration, I have modified the service to do this exposure.

Then I make some queries on the Jenkins machine on the internal DNS of Kubernetes to show that it has an internal DNS server and it manages the internal zone, kubernetes.default.svc.cluster.local. Each pod is given an IP on the internal overlay network managed by kubernetes and this can be queried using this setup. I check the IP of the microbot pod to see if it has a DNS entry.

Next, I change the ingress rule for the microbot which is exposing the microbot containers on the public domain (microbot.192.168.151.56.xip.io) to instead point to the internal domain provided by the kubernetes-worker node (juju-0d7fa3-default-1.openstack.internal).

Finally I wget the updated ingress rule on the jenkins host and the same file is returned as before (juju-0d7fa3-default-1.openstack.internal). This means that virtual machines within the same project in openstack can use the automatically allocated DNS names to speak to each-other.

Ingress rules are a L7 load-balancing solution which comes out of the box for exposing workloads within Kubernetes based on DNS name. It is possible to configure Designate to make this configuration more flexible.