Integrating with a corporate DNS zone
To integrate a Managed Service for Kubernetes cluster with a private corporate zone DNS:
- Configure the DNS server.
- Specify a corporate DNS zone.
- Create a dns-utils pod.
- Check DNS integration.
If you no longer need the resources you created, delete them.
Required paid resources
The support cost includes:
- Fee for the Managed Service for Kubernetes cluster: using the master and outgoing traffic (see Managed Service for Kubernetes pricing).
- Fee for each VM (cluster nodes, DNS server, VM for the Managed Service for Kubernetes cluster management without public access): using computing resources, operating system, and storage (see Compute Cloud pricing).
- Fee for VM public IP addresses (see Virtual Private Cloud pricing).
- Fee for a DNS zone and DNS requests (see Cloud DNS pricing).
Getting started
-
Create Managed Service for Kubernetes resources:
ManuallyTerraform-
Create security groups for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Create a Managed Service for Kubernetes cluster. When creating a cluster, specify the preconfigured security groups.
For Yandex Cloud internal network usage, your cluster does not need a public IP address. To enable internet access to your cluster, assign it a public IP address.
-
Create a node group. To enable internet access for your node group (e.g., for Docker image pulls), assign it a public IP address. Specify the preconfigured security groups.
-
If you do not have Terraform yet, install it.
-
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
-
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.
-
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
-
Download the k8s-cluster.tf configuration file of the Managed Service for Kubernetes cluster to the same working directory. This file describes:
-
Managed Service for Kubernetes cluster.
-
Managed Service for Kubernetes node group.
-
Service account required to create the Managed Service for Kubernetes cluster and node group.
-
Security groups which contain rules required for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Specify the folder ID in the configuration file.
-
Make sure the Terraform configuration files are correct using this command:
terraform validateIf there are any errors in the configuration files, Terraform will point them out.
-
Create the required infrastructure:
-
Run the command to view planned changes:
terraform planIf the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply -
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.
-
-
-
Install kubect and configure it to work with the new cluster.
If a cluster has no public IP address assigned and
kubectlis configured via the cluster's private IP address, runkubectlcommands on a Yandex Cloud VM that is in the same network as the cluster.
Configure the DNS server
When configuring, it is important to achieve IP connectivity between the Managed Service for Kubernetes cluster nodes and the DNS servers. The DNS servers themselves can either reside in Yandex Virtual Private Cloud or be accessible via VPN or Yandex Cloud Interconnect. In the example below, a DNS server with the 10.129.0.3 address and ns.example.com name serves the example.com zone.
Specify a corporate DNS zone
-
Prepare the
custom-zone.yamlfile with the following content:kind: ConfigMap apiVersion: v1 metadata: name: coredns-user namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | # User can put their additional configurations here, for example: example.com { errors cache 30 forward . 10.129.0.3 } -
Run this command:
kubectl replace -f custom-zone.yamlResult:
configmap/coredns-user replaced
Create a dns-utils pod
-
Create a pod.
kubectl run jessie-dnsutils \ --image=registry.k8s.io/jessie-dnsutils \ --restart=Never \ --command sleep infinityResult:
pod/jessie-dnsutils created -
View details of the pod created:
kubectl describe pod jessie-dnsutilsResult:
... Status: Running ...
Check DNS integration
Run the nslookup command in the active container:
kubectl exec jessie-dnsutils -- nslookup ns.example.com
Result:
Server: 10.96.128.2
Address: 10.96.128.2#53
Name: ns.example.com
Address: 10.129.0.3
Note
Delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
-
Delete the Managed Service for Kubernetes cluster:
ManuallyTerraform-
In the terminal window, go to the directory containing the infrastructure plan.
Warning
Make sure the directory has no Terraform manifests with the resources you want to keep. Terraform deletes all resources that were created using the manifests in the current directory.
-
Delete resources:
-
Run this command:
terraform destroy -
Confirm deleting the resources and wait for the operation to complete.
All the resources described in the Terraform manifests will be deleted.
-
-
-
Delete the VM with the DNS server.