Page MenuHomePhabricator

Setup DNS for kubernetes services
Closed, ResolvedPublic


Should use and setup DNS, accessible from both inside and outside the pods.

Event Timeline

yuvipanda raised the priority of this task from to Needs Triage.
yuvipanda updated the task description. (Show Details)
yuvipanda added subscribers: Aklapper, yuvipanda.

Our test cluster's DNS ran into - let's see how this one fares!

Also need to decide if we're ok using their pre-built images or want to build our own.

Since the primary use case for this is T111916, and there are alternatives there, we could skip this for the initial setup.

There's skydns + kube2sky running on a 2pod replica in the cluster now.

valhallasw closed this task as Resolved.Oct 4 2015, 11:50 AM
valhallasw claimed this task.
yuvipanda reopened this task as Open.Nov 29 2015, 2:14 AM

WOMP WOMP. This died due to T119814 when we set it up fully properly.

Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptNov 29 2015, 2:14 AM
chasemp triaged this task as Medium priority.Nov 30 2015, 4:40 PM
chasemp added a subscriber: chasemp.
valhallasw removed valhallasw as the assignee of this task.Dec 2 2015, 4:08 PM
valhallasw added a subscriber: valhallasw.

We need to somehow mount the ca cert from the host to the pods and it'll be all good.

x509: cannot validate certificate for because it doesn't contain any IP SANs

because kube2sky attempts to contact kubernetes via the IP that's made available via the environment variable, but that's ofcourse not part of the SAN for the SSL certificate that's issued to that...

yuvipanda removed yuvipanda as the assignee of this task.Mar 22 2016, 9:06 PM
Joe added a subscriber: Joe.Apr 4 2016, 5:29 PM
valhallasw moved this task from Triage to Backlog on the Toolforge board.May 27 2016, 11:34 AM
Bstorm closed this task as Resolved.Feb 25 2020, 4:29 PM
Bstorm claimed this task.
Bstorm added a subscriber: Bstorm.

This is effectively done in the new cluster which uses CoreDNS throughout. It is not accessible outside the cluster, but it really shouldn't be as currently designed unless we make the decision to start peering Calico up the stack.