Search code examples
kubernetesdnsazure-container-instancesazure-aks

Connecting Azure Container instances with AKS pods via the AKS dns


I am not able to reach the DNS server in k8s from Azure Container instances

context:

I have 2 pods in an Azure AKS Kubernetes cluster.

Pod1: name = pod1, internal IP = 10.34.33.112

Pod2: name = pod2, internal IP = 10.34.33.155, Cluster IP = 10.34.104.109

AKS DNS Service ip = 10.34.96.58

So, from pod1, I expect that nslookup pod2 would return

(this works as expected)

/ # nslookup pod2
Server:     10.34.96.58
Address:    10.34.96.58:53

Name:   pod2.default.svc.cluster.local
Address: 10.34.104.109

Azure Container Instances: When I am running commands from the Container Instance a ping to pod2's internal IP works.

This is because they are in the same Virtual network via a Network Profile

# ping 10.34.33.155
PING 10.34.33.155 (10.34.33.155): 56 data bytes
64 bytes from 10.34.33.155: seq=0 ttl=63 time=2.208 ms
64 bytes from 10.34.33.155: seq=1 ttl=63 time=1.101 ms

However,

# nslookup pod2.default.svc.cluster.local 10.34.96.42
;; connection timed out; no servers could be reached

Even if I specify the nameserver, and the full url for the pod, It cannot be reached. I am not able to identify where the block is occurring.

any ideas? or Best Practices?


Solution

  • I'm pretty sure that AKS dns service is only available from within the cluster.

    Here is what I would do:

    • I would associate a Private DNS zone with the Virtual Network of the AKS cluster.
    • I would also deploy the Azure Container Instance into this same network. (You'll need to assign a dedicated subnet to the Azure Container Instances service.)
    • I would add A records for the desired private IP addresses in the Private DNS Zone from step 1.

    The 3rd step is something you can do by hand, or on each deployment automatically, by extending the deployment script with an Azure CLI task where you configure Azure Private DNS Zone records. This depends on your situation: whether this is a POC or purely operational project or more like a constantly evolving, DevOps heavy environment with CI/CD and all that.

    Note: I don't know much about your business requirements, but I'm suspicious that you would actually want to use service IPs instead of pod IPs. But there can be exception to that, so if you know what you are doing just ignore me :)