Page MenuHomePhabricator

Setup DNS for kubernetes services
Closed, ResolvedPublic


Should use and setup DNS, accessible from both inside and outside the pods.

Event Timeline

yuvipanda raised the priority of this task from to Needs Triage.
yuvipanda updated the task description. (Show Details)
yuvipanda added subscribers: Aklapper, yuvipanda.

Also need to decide if we're ok using their pre-built images or want to build our own.

Since the primary use case for this is T111916, and there are alternatives there, we could skip this for the initial setup.

There's skydns + kube2sky running on a 2pod replica in the cluster now.

valhallasw claimed this task.

WOMP WOMP. This died due to T119814 when we set it up fully properly.

chasemp added a subscriber: chasemp.
valhallasw added a subscriber: valhallasw.

We need to somehow mount the ca cert from the host to the pods and it'll be all good.

x509: cannot validate certificate for because it doesn't contain any IP SANs

because kube2sky attempts to contact kubernetes via the IP that's made available via the environment variable, but that's ofcourse not part of the SAN for the SSL certificate that's issued to that...

Bstorm claimed this task.
Bstorm added a subscriber: Bstorm.

This is effectively done in the new cluster which uses CoreDNS throughout. It is not accessible outside the cluster, but it really shouldn't be as currently designed unless we make the decision to start peering Calico up the stack.