For publicly exposed Kubernetes services - type LoadBalancer - we have a dns record that points to the external ip address.
In each service we do TLS termination with a LetsEncrypt certificate that is tied to the external name. It's not allowed to add the internal name to the certificate as well.
What I would like to do is use any application in the same Kubernetes cluster connect using the external name but keep communication internal.
Is there any way to provide a dns record in the Kubernetes cluster that resolves the same name to the internal service ip address to do so?
You can do the following: Create a brand new NodePort service "server-renamed" (with the same selectors and everything as "server") Change your microservices config to use it and check all is OK. Remove the "server" service and recreate it with the new required specs.
CNAME. CNAME records are used to point a domain or subdomain to another hostname. To achieve this, CNAMEs use the existing A record as their value. In its turn, an A record subsequently resolves to a specified IP address.
For reference, you can achieve this configuring CoreDNS. Example configuration that will link from external DNS name foo.example.com
to the internal IP of foo
service in default
namespace
.:53 {
errors
log
health
rewrite name foo.example.com foo.default.svc.cluster.local
kubernetes cluster.local 10.0.0.0/24
file /etc/coredns/example.db example.org
proxy . /etc/resolv.conf
cache 30
}
Thanks @Jorrit Salverda for opening the kubernetes issue with this.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With