Continental Innovates with Rancher and Kubernetes
Available as of v2.2.0
Rancher’s Global DNS feature provides a way to program an external DNS provider to route traffic to your Kubernetes applications. Since the DNS programming supports spanning applications across different Kubernetes clusters, Global DNS is configured at a global level. An application can become highly available as it allows you to have one application run on different Kubernetes clusters. If one of your Kubernetes clusters goes down, the application would still be accessible.
Note: Global DNS is only available in Kubernetes installations with the local cluster enabled.
local
Before adding in Global DNS entries, you will need to configure access to an external provider.
The following table lists the first version of Rancher each provider debuted.
For each application that you want to route traffic to, you will need to create a Global DNS Entry. This entry will use a fully qualified domain name (a.k.a FQDN) from a global DNS provider to target applications. The applications can either resolve to a single multi-cluster application or to specific projects. You must add specific annotation labels to the ingresses in order for traffic to be routed correctly to the applications. Without this annotation, the programming for the DNS entry will not work.
By default, only global administrators and the creator of the Global DNS provider or Global DNS entry have access to use, edit and delete them. When creating the provider or entry, the creator can add additional users in order for those users to access and manage them. By default, these members will get Owner role to manage them.
Owner
The global administrators, creator of the Global DNS provider and any users added as members to a Global DNS provider, have owner access to that provider. Any members can edit the following fields:
members
From the Global View, select Tools > Global DNS Providers.
For the Global DNS provider that you want to edit, click the ⋮ > Edit.
The global administrators, creator of the Global DNS entry and any users added as members to a Global DNS entry, have owner access to that DNS entry. Any members can edit the following fields:
Any users who can access the Global DNS entry can only add target projects that they have access to. However, users can remove any target project as there is no check to confirm if that user has access to the target project.
Permission checks are relaxed for removing target projects in order to support situations where the user’s permissions might have changed before they were able to delete the target project. Another use case could be that the target project was removed from the cluster before being removed from a target project of the Global DNS entry.
From the Global View, select Tools > Global DNS Entries.
For the Global DNS entry that you want to edit, click the ⋮ > Edit.
Notes: Alibaba Cloud SDK uses TZ data. It needs to be present on /usr/share/zoneinfo path of the nodes running local cluster, and it is mounted to the external DNS pods. If it is not available on the nodes, please follow the instruction to prepare it. Different versions of AliDNS have different allowable TTL range, where the default TTL for a global DNS entry may not be valid. Please see the reference before adding an AliDNS entry.
Notes:
/usr/share/zoneinfo
In order for Global DNS entries to be programmed, you will need to add a specific annotation on an ingress in your application or target project.
For any application that you want targeted for your Global DNS entry, find an ingress associated with the application.
This ingress needs to use a specific hostname and an annotation that should match the FQDN of the Global DNS entry.
hostname
In order for the DNS to be programmed, the following requirements must be met:
rancher.io/globalDNS.hostname
Once the ingress in your multi-cluster application or in your target projects is in an active state, the FQDN will be programmed on the external DNS against the Ingress IP addresses.
active