The Kubernetes platform.
The Package manager.
The Open Service Broker.
The Drycc Workflow controller and all applications deployed via Workflow are intended (by default) to be accessible as subdomains of the Workflow cluster's domain. For example, assuming example.com
were a cluster's domain:
drycc.example.com
<application name>.example.com
Given that this is the case, the primary objective in configuring DNS is that traffic for all subdomains of a cluster's domain be directed to the cluster node(s) hosting the platform's router component, which is capable of directing traffic within the cluster to the correct endpoints.
Generally, it is recommended that a [load balancer][] be used to direct inbound traffic to one or more routers. In such a case, configuring DNS is as simple as defining a wildcard record in DNS that points to the load balancer.
For example, assuming a domain of example.com
:
A
record enumerating each of your load balancer(s) IPs (i.e. DNS round-robining)CNAME
record referencing an existing fully-qualified domain name for the load balancerDNS for any applications using a "custom domain" (a fully-qualified domain name that is not a subdomain of the cluster's own domain) can be configured by creating a CNAME
record that references the wildcard record described above.
Although it is dependent upon your distribution of Kubernetes and your underlying infrastructure, in many cases, the IP(s) or existing fully-qualified domain name of a load balancer can be determined directly using the kubectl
tool:
$ kubectl --namespace=istio-nginx describe service | grep "LoadBalancer"
LoadBalancer Ingress: a493e4e58ea0511e5bb390686bc85da3-1558404688.us-west-2.elb.amazonaws.com
The LoadBalancer Ingress
field typically describes an existing domain name or public IP(s). Note that if Kubernetes is able to automatically provision a load balancer for you, it does so asynchronously. If the command shown above is issued very soon after Workflow installation, the load balancer may not exist yet.
On some platforms (Minikube, for instance), a load balancer is not an easy or practical thing to provision. In these cases, one can directly identify the public IP of a Kubernetes node that is hosting a router pod and use that information to configure the local /etc/hosts
file.
Because wildcard entries do not work in a local /etc/hosts
file, using this strategy may result in frequent editing of that file to add fully-qualified subdomains of a cluster for each application added to that cluster. Because of this a more viable option may be to utilize the xip.io service.
In general, for any IP, a.b.c.d
, the fully-qualified domain name any-subdomain.a.b.c.d.xip.io
will resolve to the IP a.b.c.d
. This can be enormously useful.
To begin, find the node(s) hosting router instances using kubectl
:
$ kubectl --namespace=istio-ingress describe pod | grep Node:
Node: ip-10-0-0-199.us-west-2.compute.internal/10.0.0.199
Node: ip-10-0-0-198.us-west-2.compute.internal/10.0.0.198
The command will display information for every router pod. For each, a node name and IP are displayed in the Node
field. If the IPs appearing in these fields are public, any of these may be used to configure your local /etc/hosts
file or may be used with xip.io. If the IPs shown are not public, further investigation may be needed.
You can list the IP addresses of a node using kubectl
:
$ kubectl describe node ip-10-0-0-199.us-west-2.compute.internal
# ...
Addresses: 10.0.0.199,10.0.0.199,54.218.85.175
# ...
Here, the Addresses
field lists all the node's IPs. If any of them are public, again, they may be used to configure your local /etc/hosts
file or may be used with xip.io.
In this section, we'll describe how to configure Google Cloud DNS for routing your domain name to your Drycc cluster.
We'll assume the following in this section:
mystuff.com
domain name registered with a registrarmystuff.com
in the instructions to followHere are the steps for configuring cloud DNS to route to your drycc cluster:
kubectl get svc -n istio-ingress
and look for the LoadBalancer Ingress
column to get the IP addressNetworking
=> Cloud DNS
, then click on Create Zone
)mystuff.com.
(note the .
at the endCreate
buttonAdd Record Set
button on the resulting pageDNS Name
: *
Resource Record Type
: A
TTL
: the DNS TTL of your choosing. If you're testing or you anticipate that you'll tear down and rebuild many drycc clusters over time, we recommend a low TTLIPv4 Address
: The IP that you got in the very first stepCreate
buttonlbdomain.com
, enter the following fields in the resulting form:DNS Name
: *
Resource Record Type
: CNAME
TTL
: the DNS TTL of your choosing. If you're testing or you anticipate that you'll tear down and rebuild many drycc clusters over time, we recommend a low TTLCanonical name
: lbdomain.com.
(note the .
a the end)Create
buttonmystuff.com
domain to the ones under the data
column in the NS
record on the same page. They'll often be something like the below (note the trailing .
characters).ns-cloud-b1.googledomains.com.
ns-cloud-b2.googledomains.com.
ns-cloud-b3.googledomains.com.
ns-cloud-b4.googledomains.com.
Note: If you ever have to re-create your drycc cluster, simply go back to step 6.4 or 7.4 (depending on your load balancer) and change the IP address or domain name to the new value. You may have to wait for the TTL you set to expire.
To test that traffic reaches its intended destination, a request can be sent to the Drycc controller like so (do not forget the trailing slash!):
curl http://drycc.example.com/v2/
Or:
curl http://drycc.54.218.85.175.xip.io/v2/
Since such requests require authentication, a response such as the following should be considered an indicator of success:
{"detail":"Authentication credentials were not provided."}