DNS

Stackland allows you to access cluster services (both the Kubernetes API and native services running in the cluster) from the outside using domain names.

To use DNS:

1. Before creating a cluster, allocate a domain zone to the cluster on an external DNS server.
2. Set up delegation of the dedicated domain zone: create NS and A records for the IP addresses of servers with the control-plane or combined role.
3. Specify the domain zone in the cluster.baseDomain.fqdn installer property.

Stackland provides DNS access on port 53 (UDP and TCP) for selected addresses.

Subzones and record creation rulesSubzones and record creation rules

The zone allocated to the cluster contains the following subzones:

• System records: Used to host records of Stackland system services.
• SVC subzone: Used to automatically create service records with the LoadBalancer type.
• Root subzone: Used to host user service records.

System recordsSystem records

The sys.<cluster domain> subzone is intended for hosting Stackland system service records. To prevent name conflicts when adding new system services, the user cannot create records in this subzone. For example, you cannot create an Ingress resource with the ingress.sys.<cluster domain> domain.

Examples of system records in the subzone:

• api.sys.<cluster domain>: Access to the Kubernetes API.
• console.sys.<cluster domain>: Access to the management console.
• grafana.sys.<cluster domain>: Access to the Grafana interface.
• storage.sys.<cluster domain>: Access to the Object Storage API.

SVC subzoneSVC subzone

The svc subzone is used to automatically create DNS records for services of the LoadBalancer type.

If you do not specify the dns.stackland.yandex.cloud/hostname annotation, the service will be available by default under the following name: <service name>.<project name>.svc.<cluster domain>.

Let's look at an example of creating a service without specifying the dns.stackland.yandex.cloud/hostname annotation:

apiVersion: v1
kind: Service
metadata:
  name: kafka01
  namespace: billing
spec:
  type: LoadBalancer
  # ...

In this case, the service will be automatically accessible by the following name: kafka01.billing.svc.<cluster domain>.

Root subzoneRoot subzone

The root subzone is designed to host custom DNS records using Ingress and Service with the LoadBalancer type. Users can create any records in the zone, with the exception of using the sys and svc subzones.

Examples of user records:

• phpmyadmin.<cluster domain>
• phpmyadmin.warehouse.<cluster domain>
• billing.prod.<cluster domain>
• billing.test.<cluster domain>
• pg01.bob.<cluster domain>

Creating DNS recordsCreating DNS records

For HTTP services, users can create a DNS record using the Ingress resource. Configuration example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: phpmyadmin
spec:
  ingressClassName: stackland-default
  rules:
  - host: phpmyadmin.<cluster domain> # This name will be used to create a DNS record.
    # ...

For other services:

apiVersion: v1
kind: Service
metadata:
  name: the-service
  annotations:
    dns.stackland.yandex.cloud/hostname: "the-service.<cluster domain>"
spec:
  type: LoadBalancer
  # ...

The following restrictions apply:

• Stackland will block creating resources if the host value in the Ingress resource and the dns.stackland.yandex.cloud/hostname annotation value in the Service resource are subdomains of sys.<cluster domain> and svc.<cluster domain>.
• Stackland prevents the creation of an Ingress or Service resource if another resource already uses the same domain name.

External and internal DNS zonesExternal and internal DNS zones

The system uses two DNS zones:

1. *.cluster.local internal zone, maintained by kube-dns.
2. *.<cluster domain> external zone.

Zone comparisonZone comparison

Example recordsExample records

Resolution resultResolution result

Who uses recordsWho uses records