Reputation: 1569
Azure Kubernetes with Azure VPN to access pods on cluster hostname
I have an Azure Kubernetes cluster running with two Ubuntu containers named:
- ubuntu-1
- ubuntu-2 Each container has a Service of type ClusterIP.
I would like to be able to ping or communicate with these containers using their internal DNS hostnames, such as:
ubuntu-1.default.svc.cluster.local
ubuntu-2.default.svc.cluster.local
To achieve this, I created a Virtual Network Gateway in the same virtual network as the cluster. I am able to connect to the VPN client; however, when I attempt to run:
ping ubuntu-1.default.svc.cluster.local
I receive the following error:
ping: ubuntu-1.default.svc.cluster.local: Name or service not known
As a test, i tried to add the service internal ip and the hostname to my host file. But when i ping, i get back this:
--- ubuntu-1.default.svc.cluster.local ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4140ms
i know that updating the host file with the dns hostname and ip is not practical at all because those ips can change any moment.
How can I resolve this issue to successfully ping the internal DNS hostnames of the containers just by connecting successfully to my vpn?
Thank you so much for any guidance or help. And please if you have any further question and need my code sample or configuration, dont hesitate to ask
UPDATE: I created the private DNS zone and attached it to the virtual network. in the dns zone nameservers i can see the internal ip of the virtual machine and while canneted to the Azure VPN client i am able to ping the vm. Now i tried to configure the coredns configmap. I faced an issue here to modify directly the coredns configmap as as soon as i save the new configuration, aks rolls back to the default one. So i modified the coredns-custom to override the Corefile as follow:
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-custom
namespace: kube-system
data:
Corefile.override: |
.:53 {
forward . <vnet resolver ip> {
cache 30
loop
reload
loadbalance
}
}
According to microsoft documentations, this should be by default my vnet ip. So if my vnet subnet is, for example 10.10.10.10 the resolver should be 10.10.10.4. So i put this resolved in my configmap. the changes gets applied but i am still not able to ping the internal hostname of the pods.
Upvotes: 0
Views: 142
Answers (0)
Related Questions
- How to access internet from azure point to site vpn (Not working)?
- Azure Files with Private Endpoint over Azure VPN
- Connect to Azure function app with private endpoint over VPN point to site
- Unable to Resolve Azure Managed PostgreSQL Database Address over VPN
- Azure VPN - have no connection to VNET
- Cannot access Private AKS cluster from Local Machine (on home network) connected to Azure VPN
- Not resolving private dns zone over point to site VPN connection into Azure
- Kubernetes cluster in private vnet with VPN gateway (Azure)
- DNS Fails on VPN into Azure Network with DNS server on Peered network
- Accessing resources from connected Azure VNETS via VPN