-
Notifications
You must be signed in to change notification settings - Fork 741
Configurable Cluster Domain #1021
Comments
Right. Thanks for the feature request. Please be patient since we would probably spend next couple of dev cycles on testing and releases. |
will this be handled in the near future? |
Yes. @trunet Would you like to send a PR for this? |
@hongchaodeng I can if you help me telling how I can get the kubernetes domain inside pkg/util/etcdutil/member.go. |
I will handle it in next coming release |
@fen4o @trunet @zhenyuxx @blakebarnett |
We provide a VPN into the clusters, this has the benefit of making cluster DNS available to users, but it requires that the clusters have a unique domain. We would definitely not want to give up this flexibility. For example our users can get to their service like: |
So you have VPN to multiple clusters and want to access services in different clusters by having different cluster domain (DNS search domain)? |
Why do you want to make it configurable rather than just relying on what Kubelet provides on each node? |
@xiang90 correct |
@blakebarnett
|
Customizing the cluster domain suffix has other legitimate uses. The default |
@hongchaodeng maybe it's reasonable to require a cert be provided to the operator via configmap if the clusterdomain has been changed from the default? |
You already can do this today. We just need to update some docs. I am more interested in why some people want to supply cluster domain via a flag into etcd operator instead of relying on what is set on kubelet. |
ah, yeah that seems like an odd situation... |
@blakebarnett See https://kubernetes.io/docs/concepts/configuration/secret/
|
Right, makes sense. Awesome, I'll try out your new patch and do this. |
Exactly for the same reason as @blakebarnett - VPN in clusters. We also plan to use it for cluster federation as well. |
For that reason, etcd can still communicate to each other relying on the cluster domain provided by Kubelet. For external communication, you can provide whatever domain name you want to TLS assets if TLS is enabled. I do not feel the flag you mentioned is needed, correct? |
The real main reason why we use custom domains is because users have access to the internal
The etcd-operator is not working for us, because the members' IP address cannot be resolved. If the operator is smart enough to discover the cluster domain by itself - great, otherwise it must be configrable. |
Yeah. This is the direction to go. Kubelet will provide default search domain for its cluster domain. |
Please try out latest operator |
Everything looks okay. |
Cool~ |
The Cluster Domain is hard-coded to
cluster.local
. This won't work for clusters with custom domain name inkube-dns
andkubelet
Can we have it configurable via additional command line option? In kubelet right now its
--cluster-domain=...
and in kube-dns--domain=...
The text was updated successfully, but these errors were encountered: