On Sun, May 15, 2016 at 6:52 AM, Warren Strange <[email protected]> wrote: > > >> >> >> Also, could you please tell us a little bit more about the problem you are >> trying to solve? What kind of a service you are running, etc.? I am trying >> to understand the use-cases. > > > > In my example I have an OIDC Provider and an OIDC client running in the same > cluster. The client needs to perform discovery on the provider - and the > discovery URLs are external (the address of the ingress LB).
Thanks for providing this context. > > I think this can still be made to work, but I believe traffic going via the > external LB will be charged network egress rates. This is not a big deal in > this example (the traffic will be moderate), but it could be more > significant in other cases. > > > >> >> >>> >>> > > >>> > > For example, if I want to www.foo.com to resolve to the external >>> > > ingress >>> > > IP for external clients, but resolve to an internal service VIP for >>> > > clients >>> > > running in the cluster, is that possible? >>> > >>> > No. Kubernetes gives you DNS as a service discovery mechanism, and DNS >>> > names >>> > uses your cluster domain (like cluster.internal). So, for a service >>> > foo, >>> > "foo.cluster.local" will work (and a search domain is there by default, >>> > so "foo" >>> > works too). >>> > >>> > You can configure your DNS server (or a DNS server) to act like that, >>> > being >>> > integrated with kubernetes services. But it is totally out of scope for >>> > kubernetes, IIUC. >>> >>> I'm not sure I was clear, so let me elaborate on one possible solution. >>> >>> You can have a DNS server, and a map between subdomains and k8s services >>> (like >>> www.foo.com to service foo, etc.), and having it return a CNAME to the >>> k8s DNS >>> sevice when www.foo.com is requested from an internal IP. And return >>> another >>> record when it is requested from an "external" IP. Some DNS servers, like >>> bind >>> iirc, suppor this. But you can also have two different DNS servers (one >>> for >>> internal usage and another for external, public). >>> >>> When you create a new service you should add it to the map, or have some >>> implicit map (like *.foo.com goes to *.cluster.internal service). >>> >>> This is, of course, something you can configure and run, but as I said, >>> out of >>> scope for k8s. You can even create a container that run this and run it >>> as a pod >>> in kubernetes and make the pods in the cluster use this DNS server. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Containers at Google" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/google-containers/pcGomGAGA8Q/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/google-containers. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Containers at Google" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-containers. For more options, visit https://groups.google.com/d/optout.
