New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using DNS names in Endpoints #13358
Comments
I'd like to add a DNS to a service so that skydns would respond with a CNAME to the provided DNS as well. It's not quite headless and it's not quite setting the endpoints, but it's a variant of this use case. |
The CNAME in many cases is superior to setting endpoints, because you can resolve to a destination DNS address for TLS. |
@ncdc re: service linking as we discussed. |
Brendan sent #11838 wherein we discussed a bunch of reasons why a hostname Can you explain what this issue is about relative to that PR? On Tue, Sep 1, 2015 at 4:49 PM, Clayton Coleman notifications@github.com
|
@thockin Storing a resolved IP could not always be achieved. |
They can be used under their real names. They can not be aliased into On Tue, Sep 1, 2015 at 10:38 PM, erez notifications@github.com wrote:
|
I'd prefer to have a hostname reference service. Name "lb" resolves to " On Sep 2, 2015, at 2:02 AM, Tim Hockin notifications@github.com wrote: They can be used under their real names. They can not be aliased into On Tue, Sep 1, 2015 at 10:38 PM, erez notifications@github.com wrote:
— |
I want to use AWS RDS instance which provide different Databases (Ex: postgres ) as a service. Now i want to add this service as an endpoint in kubernetes , but unfortunately the endpoint of RDS is a DNS name . The endpoint yaml does not allow the dns name in the ip field .kind: "Endpoints"
|
Very interested in seeing updates to this. Our use case: we want to have a namespace to test one specific component against external components. So we have http://api-external, http://api-internal. We want those to CNAME to http://api-external.dev.oursite.com/ for example. Because that is again CNAMEd to an AWS ELB, we cannot simply put an IP address for this, it won't work correctly. |
As @Arjun2016 mentions, for certain AWS services (e.g.: RedShift, RDS, Elasticsearch Service, etc...) Amazon only provides a Only being able to tie an external endpoint to an IP restricts access from pods to services external to a Kubernetes cluster which are only guaranteed to be accessible via DNS names. Without the ability to use DNS names as an Endpoint, it enforces the use of workarounds such as setting up an external proxy host or ELB plus an Elastic IP, or other potentially fragile and overly complex solutions which may introduce additional points of failure. Not sure what the design reasoning is behind only allowing IPs (and I'm sure there is probably some good reason), but clearly from a user standpoint, it's a necessary feature in certain circumstances. I'm interested in seeing the discussion continue on this. |
This sounds more like the referential service usecase, not the DNS in
endpoints. I'm assuming that you don't have to load balance multiple
identical RDS instances by CNAME?
|
@smarterclayton: As far as Amazon has commented on load balancing RDS instances, it's currently not possible to load balance SQL requests to read replicas via an ELB, or via the
So, as it seems, they want you to access it solely via the single
|
xref #13748 for service CNAME to another DNS address |
To complicate matters further... with services such as Amazon ElasticSearch provide a
So the options are slim for connecting to it unless you find something that uses their SDK to sign ES requests, roll your own, or use an IP-based security policy for anonymous REST access. Again, this comes with it's own complexities if you're using an Auto Scaling Group for Kubernetes worker nodes... as they'll change over time for scaling or self-healing events. Role-based would work if you add the Role as an "Instance Profile" to the AutoScaling Group Launch Configuration, but this requires that you find something that'll sign requests (not easy at this point). So, that pretty much leaves the "simplest" solution to use IP-based access for ES. So, for connecting up Kubernetes
|
For AWS ES, there's @justinsb's https://github.com/kopeio/aws-es-proxy |
Is this a dup of #13748 - it's pretty darn close - can we flatten them? |
I'm closing this as a dup, #13748 has more info |
I don't know why this issue is closed. It's not the same as #13748 because the title is about Endpoints. I've got a situation where Endpoints object with IP addresses is not suffisent and the need of dns resolution is important: glusterfs-endpoint In my case, my servers are behind routers that use NAT. So my endpoint to gluster are private ips (10.0.0.0/8) but after a restart, some server can change private IP. So, my endpoints are all wrong. I've got private domain name (*.priv.scaleway.com) that are fixed. If Endpoins could use DNS instead, my problem is resolved. Note: I'm using OpenShift 1.5.0 |
@metal3d this is probably a different bug then - it sounds like you need a way to control how gluster resolves those endpoints by having gluster look at the service, rather than just the endpoints? Or do you need gluster to refresh endpoints more frequently? |
@smarterclayton I don't know if it's a bug :) I only find one way to assign gluster endpoints to persistent volumes: using endpoint object, and the only examples that I see are using IP addresses. At this time, glusterfs is the only solution I can use on my servers to be able to replicate data, and endpoints are not easy to administrate. Replicate endpoints in namespaces + no solution to use DNS instead of IP complicate a bit the management PS: excuse my english |
PS: I'm checking how to use storageclass that should resolve my problem |
Why not just point everything at a clusterip on the service? |
@paralin because persistent volume want a endpoint reference, and gluster is not installed via kubernetes/openshift, it's on different servers. Or I didn't understand what you mean |
Endpoints can not hold hostnames. The spillover of complexity is not viable. |
When using docker edge on mac with kubernetes and hyperkit there is no IP for the host, so when accessing an external Service via endpoint (eg. a db) on the host the workaround for docker is using "host.docker.internal", What now? |
Use an ExternalName Service?
I am not sure I understand the problem you are presenting
…On Tue, Sep 4, 2018 at 1:16 AM WegDamit ***@***.***> wrote:
When using docker edge on mac with kubernetes and hyperkit there is no IP
for the host,
see Docker Docs
<https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds>
so when accessing an external Service via endpoint (eg. a db) on the host
the workaround for docker is using "host.docker.internal",
which is not possible in k8s as the endpoint definition only accepts an IP.
What now?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#13358 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFVgVOEJr5viUQF4B2N63y0423auOVHYks5uXjb0gaJpZM4F0oUZ>
.
|
ExternalName sounds like the best solution to this problem to me - if resolving the host name once is ok. |
@astorath This is correct. ExternalName is implemented as a CNAME record on the cluster DNS, not via forwarding. If you want to change the port, you have to do it in the application. |
What about EndpointSlice ?
|
@lukasmrtvy Does the EndpointSlice work for you? I still get (<error: endpoints "k8s-host" not found>) in my ingress |
EndpointSlice doesn't work for me (I'm trying to access the local server / baremetal running a mariadb instance).
doesn't work (also doesn't seem to work with my full FQDN instead of localhost...)
works fine --- only, my IP for the endpoint will need to be something else for my fail-over server (which is x.x.1.108) instead. Am I doing something wrong with my EndpointSlice config there? It looked like what the docs said to me. |
maybe kube-proxy not support Endpointslice of FQDN
|
Currently it is only possible to add IP addresses to Endpoints in Kubernetes.
What if I need to add a DNS name instead of IP address as a service endpoint?
The classic use case is AWS RDS instances which provide different Databases as a service.
They provide an endpoint which is a host name and not an IP address.
Is there a way to workaround this limitation?
The text was updated successfully, but these errors were encountered: