Accessing a virtual machine on a secondary network by using the cluster domain name

You can access a virtual machine (VM) that is attached to a secondary network interface from outside the cluster by using the fully qualified domain name (FQDN) of the cluster.

Accessing VMs by using the cluster FQDN is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Configuring DNS server for secondary networks

The Cluster Network Addons Operator (CNAO) deploys the Domain Name Server (DNS) server and monitoring components when you enable the KubeSecondaryDNS feature gate in the HyperConverged custom resource (CR).

Prerequisites

  • You installed the OpenShift CLI (oc).

  • You have access to an OKD cluster with cluster-admin permissions.

Procedure

  1. Create a LoadBalancer service using MetalLB or any other load balancer to expose the DNS server outside the cluster. The service listens on port 53 and targets port 5353. For example:

    1. $ oc expose -n openshift-cnv deployment/secondary-dns --name=dns-lb --type=LoadBalancer --port=53 --target-port=5353 --protocol='UDP'

  2. Retrieve the public IP address of the service by querying the Service object:

    1. $ oc get service -n openshift-cnv

    Example output

    1. NAME        TYPE            CLUSTER-IP     EXTERNAL-IP      PORT(S)          AGE
    2. dns-lb   LoadBalancer       172.30.27.5    10.46.41.94      53:31829/TCP     5s

  3. Deploy the DNS server and monitoring components by editing the HyperConverged CR:

    1. apiVersion: hco.kubevirt.io/v1beta1
    2. kind: HyperConverged
    3. metadata:
    4.   name: kubevirt-hyperconverged
    5.   namespace: openshift-cnv
    6. spec:
    7.     featureGates:
    8.       deployKubeSecondaryDNS: true (1)
    9.     kubeSecondaryDNSNameServerIP: "10.46.41.94" (2)
    10. # ...
    1Set the KubeSecondaryDNS feature gate to true.
    2Set the IP address of the service to the value retrieved in step 2.

  4. Retrieve the FQDN of the OKD cluster by using the following command:

    1. $ oc get dnses.config.openshift.io cluster -o json | jq .spec.baseDomain

    Example output

    1. openshift.example.com

  5. Point to the DNS server by using one of the following methods:

    • Add the kubeSecondaryDNSNameServerIP value to the resolv.conf file on your local machine.

      Editing the resolv.conf file overwrites any existing DNS settings.

    • Add the kubeSecondaryDNSNameServerIP value and the cluster FQDN to the enterprise DNS server records. For example:

      1. vm.<FQDN>. IN NS ns.vm.<FQDN>.
      1. ns.vm.<FQDN>. IN A 10.46.41.94

Connecting to a virtual machine on a secondary network by using the cluster FQDN

You can access a virtual machine (VM) that is attached to a secondary network interface from outside the cluster by using the fully qualified domain name (FQDN) of the cluster.

Prerequisites

  • The QEMU guest agent must be running on the virtual machine.

  • The IP address of the VM that you want to connect to, by using a DNS client, must be public.

  • You have configured the DNS server for secondary networks.

  • You have retrieved the fully qualified domain name (FQDN) of the cluster.

Procedure

  1. Retrieve the VM configuration by using the following command:

    1. $ oc get vm -n secondary-test vm-test-sec-dns -o yaml

    Example output

    1. apiVersion: kubevirt.io/v1
    2. kind: VirtualMachine
    3. metadata:
    4.   labels:
    5.     kubevirt.io/vm: vm-test-sec-dns
    6.   name: vm-test-sec-dns (1)
    7.   namespace: secondary-test (2)
    8. spec:
    9.   running: true
    10.   template:
    11.     metadata:
    12.       labels:
    13.         kubevirt.io/vm: vm-test-sec-dns
    14.     spec:
    15.       domain:
    16.         devices:
    17. # ...
    18.           interfaces:
    19.             - bridge: {}
    20.               name: nic1
    21. # ...
    22.       networks:
    23.       - multus:
    24.           networkName: bridge-conf
    25.         name: nic1 (3)
    26. # ...
    1The name of the VirtualMachine object.
    2The namespace in which the VirtualMachine object is defined.
    3The name of the secondary network interface.

  2. Connect to the VM by using the following command:

    1. <interface_name>.<vm_name>.<namespace>.vm.<FQDN>

    where:

    • <interface_name> specifies the name of the secondary network interface.

    • <vm_name> specifies the name of the VirtualMachine object.

    • <namespace> specifies the namespace in which the VirtualMachine object is defined.

    • <FQDN> specifies the fully qualified domain name of the cluster.

    Example

    1. nic1.vm-test-sec-dns.secondary-test.vm.openshift.example.com

Additional resources