Configure DNS for Pre-Provisioned IPs

Note: As of v1.8, Enterprise PKS has been renamed to VMware Tanzu Kubernetes Grid Integrated Edition. Some screenshots in this documentation do not yet reflect the change.

Page last updated:

This topic describes how to define network profile for performing DNS lookup of the pre-provisioned IP addresses for the Kubernetes API load balancer and ingress controller.

About DNS Lookup of Pre-Provisioned IP Addresses

In an Tanzu Kubernetes Grid Integrated Edition environment on NSX-T, when you provision a Kubernetes cluster using the command tkgi create-cluster, NSX-T creates a layer 4 load balancer that fronts the Kubernetes API server running on the master node(s). In addition, NCP creates two layer 7 virtual servers (HTTP and HTTPS) as front-end load balancers for the ingress resources in Kubernetes servers.

The IP addresses that are assigned to the API load balancer and ingress controller are derived from the floating IP pool in NSX-T. These IP addresses are not known in advance, and you have to wait for the IP addresses to be allocated to know what they are so you can update your DNS records.

If you want to pre-provision these IP addresses, you define a network profile to lookup the IP addresses for these components from your DNS server. In this way you can tell TKGI what IP addresses to use for these resources when the cluster is created, and be able to have DNS records for them so FQDNs can be used.

DNS Lookup Parameters

Using the dns_lookup_mode parameter, you can define a network profile to specify the lookup mode: API or API_INGRESS. If the mode is API, TKGI will perform a lookup of the pre-provisioned IP address for the Kubernetes API load balancer. If the mode is API_INGRESS, TKGI will perform a lookup of the pre-provisioned IP addresses for the Kubernetes API load balancer and the ingress controller.

The IP addresses used must come from the floating IP pool. The floating IP pool, if not specified in the network profile, will come from the TKGI tile configuration.

The DNS lookup, whether for the Kubernetes master(s) load balancer or the ingress controller, is performed in the Kubernetes master VM using the DNS server(s) configured in the TKGI tile or the nodes_dns field in the network profile.

Example API Load Balancer Lookup

The following network profile, api.json, triggers a DNS lookup for the Kubernetes master node(s) IP address. In this example, a custom floating IP pool is specified, and DNS servers. If these parameters are not specified, the values in the TKGI tile are used.

{
    "name": "example-network-profile",
    "description": "Network profile using API lookup mode",
    "parameters": {
      "nodes_dns": [
        "8.8.8.8", "192.168.115.1", "192.168.116.1"
        ],          
      "fip_pool_ids": [
        "ENTER-FIP-POOL-ID1",
        "ENTER-FIP-POOL-ID2" 
        ],
      "dns_lookup_mode": "API"
    }
}

Performing DNS Lookup of the Ingress Controller Using Network Profile

The following example network profile, api_ingress.json, triggers a DNS lookup for the Kubernetes master node(s) IP address and the ingress controller IP address.

{
    "name": "api_ingress",
    "description": "Network profile using API_INGRESS dns lookup mode",
    "parameters": {
        "fip_pool_ids": [
            "ENTER-FIP-POOL-ID1",
            "ENTER-FIP-POOL-ID2"
        ],
        "dns_lookup_mode": "API_INGRESS",
        "ingress_prefix": "ingress"
    }
}

Setting the Master Node IP Address on the Command Line

As an alternative to DNS lookup, you can specify a fixed IP address in the command line so that it will be used for the Kubernetes master node(s) load balancer.

Previously, to create a cluster, you were required to specify an external hostname for the cluster. For example:

$ tkgi create-cluster my-cluster --external-hostname example.hostname --plan small

Now you can specify the IP address for the load balancer that fronts the Kubernetes master node(s) using the --external-hostname or -e flag. For example:

$ tkgi create-cluster my-cluster -e 192.168.160.20 -p small

The IP address that you use must belong to a valid floating IP pool created in NSX-T.


Please send any feedback you have to pks-feedback@pivotal.io.