DigitalOcean

Report this

What is the reason for this report?
Question

Resolving through kube-dns on managed Kubernetes nodes

Posted on June 10, 2019
Kubernetes
cr7392b6b5a2e554b9227c92d1

By cr7392b6b5a2e554b9227c92d1

Hi Digital Ocean,

I am trying to set up an internal Docker registry within a DO managed Kubernetes cluster. I have the registry up and running and can access the registry from the worker nodes by using the service cluster ip, but I can not pull images in deployments through the url provided for the internal Docker registry with kube-dns. I believe the problem is that the worker nodes themselves are not set up to use the kube-dns name server.

As the worker nodes are to be treated as ephemeral, I do not wish to manually set up resolv.conf, as it would probably be overwritten at cluster upgrades, recycles etc.

What can be done? Would it be possible to upgrade the default managed Kubernetes nodes to resolve through kube-dns first?

Thanks for your time and kind regards.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
cr7392b6b5a2e554b9227c92d1
cr7392b6b5a2e554b9227c92d1
June 19, 2019

Accepted Answer

I figured out that it was possible to create a privileged DaemonSet putting self-signed certificates into the host nodes’ Docker certificate stores and editing resolv.conf to include the kube-dns nameserver.

However, I ended up exposing the Docker registry on the internet through an HAProxy Ingress, secured with HTTPS and using Basic Auth credentials, as I deemed the registry as being secure enough to be exposed for now (It will be easier to maintain and more easily accessible for other developers/machines/clusters).

0
John Kwiatkoski
John KwiatkoskiDigitalOcean Employee badge
June 11, 2019

You’re correct. The nodes are not setup to use the clusters DNS to hit services. However, what your can do is use the registry services’ clusterIP to specify the internal registry.That IP will not change unless you recreate the service. This way you can use the IP in your deployments to reference the registry and the provide the repo and tag for your image.

Regards,

John Kwiatkoski Senior Developer Support Engineer

0
andyb
andyb
June 17, 2019

You could potentially set up ExternalDNS for your docker registry as discussed in https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/digitalocean.md. I believe it would mean exposing your registry to the internet, so you’d need to secure it.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.