Adding nameservers in gcloud

Question

I have a VPN tunnel from gcloud to our local site. The local site has 2 nameservers running on 172.16.248.32 and 172.16.248.32

These nameservers resolve our local domain names such as mycompany.local

How can I use these nameservers from gcloud, so the pods in my Kubernetes cluster do resolve mycompany.local as well?

Answer 1

You'll have to configure your upstream DNS servers to be 172.16.248.32 and the other IP.

You can do it on a per pod basis like this:

apiVersion: v1
kind: Pod
metadata:
  namespace: default
  name: dns-example
spec:
  containers:
    - name: test
      image: nginx
  dnsPolicy: "None"
  dnsConfig:
    nameservers:
      - 172.16.248.32
    searches:
      - ns1.svc.cluster.local
      - mycompany.local
    options:
      - name: ndots
        value: "2"
      - name: edns0

So when the pods are created they include an /etc/resolv.conf like this:

nameserver 172.16.248.32
search ns1.svc.cluster.local my.dns.search.suffix
options ndots:2 edns0

The other option will vary whether you are using coredns or kube-dns, and that is configuring stub-domains (these configs will also propagate to the /etc/resolv.conf file in your pods, all documented here:

coredns

# coredns in the coredns ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream 172.16.0.1
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        proxy . 172.16.0.1
        cache 30
        loop
        reload
        loadbalance
    }
    mycompany.local:53 {
        errors
        cache 30
        proxy . 172.16.248.32
    }

kube-dns

# kube-dns in the kube-dns ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stubDomains: |
    {"mycompany.local": ["172.16.248.32"]}
  upstreamNameservers: |
    ["8.8.8.8", "8.8.4.4"]