DNS and Naming Scheme

An OpenShift 4 cluster requires using a specific DNS scheme which is described on this page. Most of the values are automatically generated and can’t be changed.

User selectable values

<base domain>

The base domain for the cluster (input by the customer).

Automatically generated values

<cluster id>

The Project Syn Lieutenant cluster id of the cluster (auto generated by the Lieutenant API).

<role>

Machine role. One of master, infra, worker and lb. Other roles possible when required by the customer (special node groups for builds, GPU support etc.).

<#>

An automatically, randomly defined character sequence with four digits.

<index>

A zero indexed incrementing number.

<cluster domain>

<cluster id>.<base domain>

<hostname>

The fully qualified domain name of machines belonging to the cluster.

`<role><#>.<cluster domain>`

This will only be used for naming the machines. No DNS records will be created.
<external api>

OpenShift API URL to be used by clients external to the cluster.

`api.<cluster domain>`
<internal api>

OpenShift API URL to be used by clients internal to the cluster.

`api-int.<cluster domain>`
<default app domain>

*.apps.<cluster domain>

<etcd>

etcd-<index>.<cluster domain>

<etcd srv>

DNS Resource Record of type SRV pointing to the <etcd> instances.

`_etcd-server-ssl._tcp.<cluster domain>`
<acme challenge>

DNS Resource Record of type TXT used for validating certificates using the DNS01 method. It must be possible to create these records programmatically with one of the APIs supported by cert-manager.

`_acme-challenge.<default app domain | external api>`

The following DNS records must resolve publicly:

  • <acme challenge>

  • <cluster domain>

  • <default app domain>

  • <external api>

    Everything else must resolve at least within the clusters network.

Example

DNS Records

A full list of DNS records for one cluster using the above definition:

; Services
api-int.c-summer-shadow-2592.example.com IN A x.x.x.x
api.c-summer-shadow-2592.example.com IN A x.x.x.x

etcd-0.c-summer-shadow-2592.example.com IN A x.x.x.x
etcd-1.c-summer-shadow-2592.example.com IN A x.x.x.x
etcd-2.c-summer-shadow-2592.example.com IN A x.x.x.x

*.apps.c-summer-shadow-2592.example.com IN CNAME api.c-summer-shadow-2592.example.com

_acme-challenge.api.c-summer-shadow-2592.example.com IN TXT ...
_acme-challenge.apps.c-summer-shadow-2592.example.com IN TXT ...

_etcd-server-ssl._tcp.c-summer-shadow-2592.example.com IN SRV 0 10 2380 etcd-0.c-summer-shadow-2592.example.com
_etcd-server-ssl._tcp.c-summer-shadow-2592.example.com IN SRV 0 10 2380 etcd-1.c-summer-shadow-2592.example.com
_etcd-server-ssl._tcp.c-summer-shadow-2592.example.com IN SRV 0 10 2380 etcd-2.c-summer-shadow-2592.example.com

Hostnames

A full list of example hostnames for one cluster using the above definition:

infra-454b.c-summer-shadow-2592.example.com
infra-9031.c-summer-shadow-2592.example.com
infra-c8f2.c-summer-shadow-2592.example.com

lb-5f52.c-summer-shadow-2592.example.com
lb-ba8f.c-summer-shadow-2592.example.com

master-0e9c.c-summer-shadow-2592.example.com
master-1a3c.c-summer-shadow-2592.example.com
master-e976.c-summer-shadow-2592.example.com

worker-4720.c-summer-shadow-2592.example.com
worker-7d32.c-summer-shadow-2592.example.com
worker-a640.c-summer-shadow-2592.example.com