How to do DNS resolution for On-Prem hostnames within GKE
Many of you know that , when you want to do DNS resolution for on-prem hostnames within GKE containers, you need to implement Cloud DNS Private Zones . There are various ways in which you can implement the Cloud DNS architecture over your Hybrid network connection. The Best practices to implement this is given below for your reference.
Best practices for Cloud DNS | Google Cloud
This document provides best practices for private zones, DNS forwarding, and reference architectures for hybrid DNS…
But in this post , we are not going to discuss about Cloud DNS instead we will see how kube-DNS can be used for doing the DNS name resolution for On-Prem hostnames using On-Prem DNS servers in a much more simpler way.
Using kube-dns | Kubernetes Engine Documentation | Google Cloud
This page describes how Google Kubernetes Engine (GKE) implements service discovery using kube-dns, the default DNS…
The service discovery within the GKE cluster is done using Kube-DNS, all the pods inside the cluster use this service to resolve all the DNS queries.
If you have a requirement to resolve On-Prem hostnames only within your GKE cluster and need to quickly implement the solution, you can use Kube-DNS.
The trick is updating the upstream-nameservers with your On-Prem DNS servers in the Kube-Dns config map. You can add upto 3 upstream nameservers in the Kube-DNS configmap and then do a rolling-restart to the kube-DNS pods to take the new configuration from the config map.
1. Hybrid connecitvity with On-Prem using VPN or Interconnects.
2. Route to connect to the On-Prem DNS servers.
3. Outbound firewall is not restricted / should be opened for port 53 to reach the On-Prem DNS servers.
Kube-DNS yaml file with upstream Nameservers:
( Replace the “DNS-IP-ADRS” string in the yaml with your on-prem DNS server’s RFC-1918 internal ip address )
Steps to implement:
Kubectl apply -f kube-dns-cm.yamlkubectl rollout restart deployment kube-dns -n kube-systemkubectl get deployment kube-dns -n kube-system
Test the connectivity to an On-Prem system using FQDN ( host.domain.com ), it should be successful .
Thanks for reading this post, I hope it was useful to you.