Reputation: 637
How are resolved *.svc address in openshift cluster
When I create an app in openshift it expose a service in *.svc address.
oc project
Using project "coco" on server "https://master.lab.example.com:8443"
oc get svc -o wide
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
ruby-ex 172.30.18.144 <none> 8080/TCP 9h app=ruby-ex,deploymentconfig=ruby-ex
From a node of the cluster I can curl it
curl -vvv ruby-ex.coco.svc:8080
* About to connect() to ruby-ex.coco.svc port 8080 (#0)
* Trying 172.30.18.144...
* Connected to ruby-ex.coco.svc (172.30.18.144) port 8080 (#0)
....
Thus it work as expected, but I can't find who's solving this domain name. Still from the same node
dig +short ruby-ex.coco.svc
Output nothing. Thus I wonder how curl find the right ip ?
EDIT 1: Following the answer of Graham my understanding progress
The file /etc/resolv.conf has this content :
search lab.example.com cluster.local
nameserver 10.0.2.15
I can see that 10.0.2.15 belong to the node and dnsmask listen on port 53
netstat -tulnp | grep 10.0.2.15
tcp 0 0 10.0.2.15:53 0.0.0.0:* LISTEN 1274/dnsmasq
udp 0 0 10.0.2.15:53 0.0.0.0:* 1274/dnsmasq
Going to the conf of dnsmask
cat /etc/dnsmasq.d/node-dnsmasq.conf
server=/in-addr.arpa/127.0.0.1
server=/cluster.local/127.0.0.1
And
netstat -tulnp | grep 127.0.0.1:53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2128/openshift
udp 0 0 127.0.0.1:53 0.0.0.0:* 2128/openshift
Show that the process openshift is listening to 127.0.0.1:53.
When I dig using this server the connection timeout
dig +short @127.0.0.1 ruby-ex.coco.svc
;; connection timed out; no servers could be reached
But for a known domain in the cluster it answers properly
dig +short @127.0.0.1 node1.lab.example.com
172.25.250.11
I just can't make the link between cluster.local and an *.svc address and I can't also explain why curl resolve the address but not dig.
Edit 2
I finally found the the answer, due to my bad understanding of /etc/resolv.conf. With the search directive in resolv.conf curl try ruby-ex.coco.svc and then ruby-ex.coco.svc.cluster.local and so on trying each domain. And indeed
dig +short @127.0.0.1 ruby-ex.coco.svc.cluster.local
172.30.18.144
works as expected, Thanks for your help.
Upvotes: 3
Views: 2084
Answers (1)
Reputation: 58523
There is a DNS internal to OpenShift which handles the request. Look at /etc/resolv.conf and it will have something like:
nameserver 172.31.39.82
search myproject.svc.cluster.local svc.cluster.local cluster.local ap-southeast-2.compute.internal
options ndots:5
A hostname corresponding to the name of a service, when created, is added to the internal DNS.
Upvotes: 4
Related Questions
- What's the hostname of openshift master server for internal access?
- How to configure exposed svc hostname IP address in Openshift 4.5
- how to use custom SCC in Kubernetes / openShift
- Openshift container with wrong openshift.io/scc
- how is the traffic to the openshift_cluster_hostname is redirected to the openshift web console
- See service hostname from OpenShift CLI
- Openshift: how to edit scc non-interactively?
- Openshift oc params-file format
- DNS Entry for an OpenShift V3
- Unable to access service by service name in Openshift v3 cluster