Integrating into a corporate DNS zone

To integrate a Managed Service for Kubernetes cluster into a private corporate DNS zone:

1. Specify a corporate DNS zone.
2. Create a dns-utils pod.
3. Verify DNS integration.

If you no longer need the resources you created, delete them.

Getting startedGetting started

1. Create Managed Service for Kubernetes resources:

   Manually

   Terraform

   1. Create security groups for the Managed Service for Kubernetes cluster and its node groups.

      Warning

      The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

   2. Create a Managed Service for Kubernetes cluster. When creating it, specify the security groups prepared in advance.

      If you intend to use your cluster within the Yandex Cloud network, there is no need to allocate a public IP address to it. To allow connections from outside the network, assign a public IP address to the cluster.

   3. Create a node group. Allocate it a public IP address to provide internet access and allow pulling Docker images and components. Specify the security groups prepared in advance.

   1. If you do not have Terraform yet, install it.

   2. Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.

   3. Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.

   4. Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.

   5. Download the k8s-cluster.tf configuration file of the Managed Service for Kubernetes cluster to the same working directory. The file describes:

      • Network.

      • Subnet.

      • Managed Service for Kubernetes cluster.

      • Managed Service for Kubernetes node group.

      • Service account required to create the Managed Service for Kubernetes cluster and node group.

      • Security groups which contain rules required for the Managed Service for Kubernetes cluster and its node groups.

        Warning

        The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

   6. Specify the folder ID in the configuration file:

   7. Make sure the Terraform configuration files are correct using this command:

      terraform validate
      

      If there are any errors in the configuration files, Terraform will point them out.

   8. Create the required infrastructure:

      1. Run the command to view planned changes:

         terraform plan
         

         If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.

      2. If you are happy with the planned changes, apply them:

         1. Run the command:

            terraform apply
            

         2. Confirm the update of resources.

         3. Wait for the operation to complete.

      All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

2. Install kubectl and configure it to work with the created cluster.

   If a cluster has no public IP address assigned and kubectl is configured via the cluster's private IP address, run kubectl commands on a Yandex Cloud VM that is in the same network as the cluster.

Configure the DNS serverConfigure the DNS server

When configuring, it is important to achieve IP connectivity between the Managed Service for Kubernetes cluster nodes and the DNS servers. The DNS servers themselves can either reside in Yandex Virtual Private Cloud or be accessible via VPN or Yandex Cloud Interconnect. In the example below, a DNS server with the address 10.129.0.3 and name ns.example.com serves the example.com zone.

Specify a corporate DNS zoneSpecify a corporate DNS zone

1. Create a custom-zone.yaml file with the following contents:

   kind: ConfigMap
   apiVersion: v1
   metadata:
     name: coredns-user
     namespace: kube-system
     labels:
       addonmanager.kubernetes.io/mode: EnsureExists
   data:
     Corefile: |
       # User can put their additional configurations here, for example:
       example.com {
         errors
         cache 30
         forward . 10.129.0.3
       }
   

2. Run this command:

   kubectl replace -f custom-zone.yaml
   

   Result:

   configmap/coredns-user replaced
   

Create a dns-utils podCreate a dns-utils pod

1. Create a pod.

   kubectl run jessie-dnsutils \
     --image=registry.k8s.io/jessie-dnsutils \
     --restart=Never \
     --command sleep infinity
   

   Result:

   pod/jessie-dnsutils created
   

2. View details of the pod created:

   kubectl describe pod jessie-dnsutils
   

   Result:

   ...
   Status:  Running
   ...
   

Verify DNS integrationVerify DNS integration

Run the nslookup command in the running cluster:

kubectl exec jessie-dnsutils -- nslookup ns.example.com

Result:

Server:   10.96.128.2
Address:  10.96.128.2#53
Name:     ns.example.com
Address:  10.129.0.3

Delete the resources you createdDelete the resources you created

Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:

1. Delete the Managed Service for Kubernetes cluster:

   Manually

   Terraform

   Delete the Managed Service for Kubernetes cluster.

   1. In the command line, go to the directory with the current Terraform configuration file with an infrastructure plan.

   2. Delete the resources using this command:

      terraform destroy
      

      Alert

      Terraform will delete all the resources you created using it, such as Managed Service for Kubernetes clusters, networks, subnets, and VMs.

   3. Confirm the deletion of resources.

2. Delete the VM with the DNS server.

3. Delete the DNS zone.