Kubernetes StatefulSets: External DNS
501 views
Skip to first unread message
gv
Mar 13, 2018, 5:24:38 PM3/13/18
to Kubernetes user discussion and Q&A
Kubernetes StatefulSets create internal DNS entries with stable network IDs. The docs describe this here:
------------------------------------------------------------------------------
Each Pod in a StatefulSet derives its hostname from the name of the StatefulSet and the ordinal of the Pod. The pattern for the constructed hostname is $(statefulset name)-$(ordinal). The example above will create three Pods named web-0,web-1,web-2. A StatefulSet can use a Headless Service to control the domain of its Pods. The domain managed by this Service takes the form: $(service name).$(namespace).svc.cluster.local, where “cluster.local” is the cluster domain. As each Pod is created, it gets a matching DNS subdomain, taking the form: $(podname).$(governing service domain), where the governing service is defined by the serviceName field on the StatefulSet.
--------------------------------------------------------------------------------
I am experimenting with headless services, and this works great for communication between individual services i.e web-0.web.default.svc.cluster.local can connect and communicate with web-1.web.default.svc.cluster.local just fine.
Is there any way that I can configure this to work outside of the cluster network as well, where "cluster.local" is replaced with something like "clustera.com"?
I would like to give another kubernetes cluster, lets call it clusterb.com, access to the individual services of the original cluster (clustera.com); I'm hoping it would look something like clusterb simply hitting endpoints like web-1.web.default.svc.clustera.com and web-0.web.default.svc.clustera.com.
Is this possible? I would like access to the individual services, not a load balanced endpoint.
------------------------------------------------------------------------------
Each Pod in a StatefulSet derives its hostname from the name of the StatefulSet and the ordinal of the Pod. The pattern for the constructed hostname is $(statefulset name)-$(ordinal). The example above will create three Pods named web-0,web-1,web-2. A StatefulSet can use a Headless Service to control the domain of its Pods. The domain managed by this Service takes the form: $(service name).$(namespace).svc.cluster.local, where “cluster.local” is the cluster domain. As each Pod is created, it gets a matching DNS subdomain, taking the form: $(podname).$(governing service domain), where the governing service is defined by the serviceName field on the StatefulSet.
--------------------------------------------------------------------------------
I am experimenting with headless services, and this works great for communication between individual services i.e web-0.web.default.svc.cluster.local can connect and communicate with web-1.web.default.svc.cluster.local just fine.
Is there any way that I can configure this to work outside of the cluster network as well, where "cluster.local" is replaced with something like "clustera.com"?
I would like to give another kubernetes cluster, lets call it clusterb.com, access to the individual services of the original cluster (clustera.com); I'm hoping it would look something like clusterb simply hitting endpoints like web-1.web.default.svc.clustera.com and web-0.web.default.svc.clustera.com.
Is this possible? I would like access to the individual services, not a load balanced endpoint.
Ahmet Alp Balkan
Mar 13, 2018, 5:28:23 PM3/13/18
to kubernet...@googlegroups.com
Closest thing you can get is https://github.com/kubernetes-incubator/external-dns but I don't think it has support for StatefulSet ordinal numbers, mostly because it's not a common scenario to expose individual pods to the Internet publicly.
However, you may still make use of external-dns to manage public dns records to each pod, although it may require some work.
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
John Belamaric
Mar 13, 2018, 6:27:01 PM3/13/18
to kubernet...@googlegroups.com
If you have multiple clusters, you should give each a unique cluster domain anyway, rather than just ’cluster.local’. From your description below your pod IPs are routable between the clusters. In that case, you have a couple ways to do this:
1) You could expose the kube-dns service externally to the cluster and setup each kube-dns with stubDomains to the other kube-dns for their cluster domains (or if you are using CoreDNS use unique server blocks with proxy stanzas). Exposing this
externally could lead to DoS attacks on the cluster DNS though (and therefore basically the whole cluster), so it depends on your environment and firewall/security group setup to be safe.
2) You can use a custom build of CoreDNS and include the Kubernetai plugin: https://github.com/coredns/kubernetai which allows CoreDNS to talk to multiple API servers and serve up their
records with different cluster domains. That is safer (assuming your API server is already externally available).
For either solution, this is really only useful for Headless services. For clusterIP services it will give non-routable answers though (i.e., the service IPs won’t be routable between your clusters).
John
gei...@gmail.com
Mar 13, 2018, 6:48:49 PM3/13/18
to Kubernetes user discussion and Q&A
Very helpful John, thank you.
I think #1 is what I'm looking to do; just wasn't sure where to start. I think I can connect the clusters on a private network using google vpc, so that should address the security issues. I'll start messing around/learning the kube-dns service and stubdomains.
Cheers,
Geige
> kubernetes-us...@googlegroups.com.
I think #1 is what I'm looking to do; just wasn't sure where to start. I think I can connect the clusters on a private network using google vpc, so that should address the security issues. I'll start messing around/learning the kube-dns service and stubdomains.
Cheers,
Geige
>
> To post to this group, send email to
> kuberne...@googlegroups.com.
> To post to this group, send email to
>
> Visit this group at
> https://groups.google.com/group/kubernetes-users.
>
> For more options, visit
> https://groups.google.com/d/optout.
>
>
>
>
>
>
>
> --
>
> You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to
> kubernetes-use...@googlegroups.com.
>
> To post to this group, send email to
> kuberne...@googlegroups.com.
> Visit this group at
> https://groups.google.com/group/kubernetes-users.
>
> For more options, visit
> https://groups.google.com/d/optout.
>
>
>
>
>
>
>
> --
>
> You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to
> kubernetes-use...@googlegroups.com.
>
> To post to this group, send email to
Reply all
Reply to author
Forward
0 new messages