1

I have created an AKS cluster using CNI networking as we needed finer control over the address space used by the cluster's vnet. The vnet I associated with the cluster resides in the same resource group as the aks cluster, and several other resources (SQL DB, VM, etc.)reside within the group and are connected to the vnet. The pods in the cluster require the ability to communicate with these services by, ideally, service FQDN.

I deployed a busybox in the cluster to test name resolution. I noticed that I could ping a service on the vnet by hostname without suffix, however I could not resolve the service's private IP:

PS D:\> kubectl exec --stdin --tty busybox -- /bin/sh
/ # ping cms-qa-solr
PING cms-qa-solr (10.40.254.4): 56 data bytes
64 bytes from 10.40.254.4: seq=0 ttl=63 time=1.302 ms
64 bytes from 10.40.254.4: seq=1 ttl=63 time=1.300 ms
64 bytes from 10.40.254.4: seq=2 ttl=63 time=1.581 ms
64 bytes from 10.40.254.4: seq=3 ttl=63 time=1.416 ms
64 bytes from 10.40.254.4: seq=4 ttl=63 time=1.432 ms
^C
--- cms-qa-solr ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.300/1.406/1.581 ms
/ # nslookup cma-qa-solr
Server:         10.41.0.10
Address:        10.41.0.10:53

** server can't find cma-qa-solr.default.svc.cluster.local: NXDOMAIN

*** Can't find cma-qa-solr.svc.cluster.local: No answer
*** Can't find cma-qa-solr.cluster.local: No answer
*** Can't find cma-qa-solr.XXXXXXX.bx.internal.cloudapp.net: No answer
*** Can't find cma-qa-solr.default.svc.cluster.local: No answer
*** Can't find cma-qa-solr.svc.cluster.local: No answer
*** Can't find cma-qa-solr.cluster.local: No answer
*** Can't find cma-qa-solr.XXXXXXX.bx.internal.cloudapp.net: No answer

I then tried to resolve the FQDN of this particular VM, however it is resolving to the public IP and not the private vnet IP as I would like:

/ # ping cms-qa-solr.eastus.cloudapp.azure.com
PING cms-qa-solr.eastus.cloudapp.azure.com (20.185.245.233): 56 data bytes
^C
--- cms-qa-solr.eastus.cloudapp.azure.com ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
/ # nslookup cms-qa-solr.eastus.cloudapp.azure.com
Server:         10.41.0.10
Address:        10.41.0.10:53

Non-authoritative answer:
Name:   cms-qa-solr.eastus.cloudapp.azure.com
Address: 20.185.245.233

*** Can't find cms-qa-solr.eastus.cloudapp.azure.com: No answer

Is there any way to resolve a known hostname for these vnet-connected services (FQDN or otherwise) to the private IP of the service on the vnet?

Ken
  • 311
  • 1
  • 10

1 Answers1

0

There appeared to be no automatic or configurable way to achieve this, so I ended up deploying a private DNS zone to the resource group with a link to the vnet. I set it to autoregister, so VMs deployed in the vnet automatically get an A record for their private IP. Since the AKS cluster nodes are also part of this vnet, pods are able to resolve infrastructure private IPs by now querying private zone records.

Ken
  • 311
  • 1
  • 10