Integrating into a corporate DNS zone
To integrate a Managed Service for Kubernetes cluster into a private corporate DNS zone:
- Configure the DNS server.
- Specify a corporate DNS zone.
- Create a
dns-utils
pod. - Verify DNS integration.
If you no longer need the resources you created, delete them.
Getting started
-
Create Managed Service for Kubernetes resources:
ManuallyTerraform-
Create security groups for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Create a Managed Service for Kubernetes cluster. When creating it, specify the security groups prepared in advance.
If you intend to use your cluster within the Yandex Cloud network, there is no need to allocate a public IP address to it. To allow connections from outside the network, assign a public IP address to the cluster.
-
Create a node group. Allocate it a public IP address to provide internet access and allow pulling Docker images and components. Specify the security groups prepared in advance.
-
If you do not have Terraform yet, install it.
-
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
-
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it
. -
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
-
Download the k8s-cluster.tf
configuration file of the Managed Service for Kubernetes cluster to the same working directory. The file describes:-
Managed Service for Kubernetes cluster.
-
Managed Service for Kubernetes node group.
-
Service account required to create the Managed Service for Kubernetes cluster and node group.
-
Security groups which contain rules required for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Specify the folder ID in the configuration file.
-
Check that the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Create the required infrastructure:
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console
. -
-
-
Install kubectl
and configure it to work with the created cluster.If a cluster has no public IP address assigned and
kubectl
is configured via the cluster's private IP address, runkubectl
commands on a Yandex Cloud VM that is in the same network as the cluster.
Configure the DNS server
When configuring, it is important to achieve IP connectivity between the Managed Service for Kubernetes cluster nodes and the DNS servers. The DNS servers themselves can either reside in Yandex Virtual Private Cloud or be accessible via VPN or Yandex Cloud Interconnect. In the example below, a DNS server with the 10.129.0.3
address and ns.example.com
name serves the example.com
zone.
Specify a corporate DNS zone
-
Prepare the
custom-zone.yaml
file with the following content:kind: ConfigMap apiVersion: v1 metadata: name: coredns-user namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | # User can put their additional configurations here, for example: example.com { errors cache 30 forward . 10.129.0.3 }
-
Run this command:
kubectl replace -f custom-zone.yaml
Result:
configmap/coredns-user replaced
Create a dns-utils pod
-
Create a pod.
kubectl run jessie-dnsutils \ --image=registry.k8s.io/jessie-dnsutils \ --restart=Never \ --command sleep infinity
Result:
pod/jessie-dnsutils created
-
View details of the pod created:
kubectl describe pod jessie-dnsutils
Result:
... Status: Running ...
Verify DNS integration
Run the nslookup
command in the active container:
kubectl exec jessie-dnsutils -- nslookup ns.example.com
Result:
Server: 10.96.128.2
Address: 10.96.128.2#53
Name: ns.example.com
Address: 10.129.0.3
Note
Delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
-
Delete the Managed Service for Kubernetes cluster:
ManuallyTerraform-
In the terminal window, go to the directory containing the infrastructure plan.
Warning
Make sure the directory has no Terraform manifests with the resources you want to keep. Terraform deletes all resources that were created using the manifests in the current directory.
-
Delete resources:
-
Run this command:
terraform destroy
-
Confirm deleting the resources and wait for the operation to complete.
All the resources described in the Terraform manifests will be deleted.
-
-
-
Delete the VM with the DNS server.