Currently, the Route53 service is only syncing some but not all of my services (running Rancher 0.50.2 upgraded from 0.47).
The logs show nothing that looks off to me, more like something is happening that is maybe undocumented? Some services are being assigned FQDNs while others are not.
Any thoughts as to the cause of this? I thought it was that the service was only putting names of services up when the services exposed ports at first, but it didn’t look like that was the case.
My goal is to use a VPN to be able to quickly connect to the Rancher managed network + do things like directly interact with a non-public database. I have the VPN working as per http://rancher.com/building-a-continuous-integration-environment-using-docker-jenkins-and-openvpn/ without the Jenkins part but now I need name resolution. Since the Rancher DNS only resolves services that have links to the container, that isn’t a solution either. I was hoping the Route53 code would expose every service (even better is every service and every container as a separate name).
Maybe we should open a bug on the docs then? That wasn’t made clear unless I miss-read something. Also, had a service that didn’t have ports exposed got published as well (which also might be a bug?).
I suspect my use case isn’t going to be well supported for now / may end up writing my own DNS service for this purposes but it would be really nice to be able to casually interact with containers ‘behind the firewall’ of the host systems.
The route53 service will generate DNS records for only services that have ports published to the host.
Again, would be nice to be able to resolve any container’s name. Unless the future plan is to add some form of firewall between services that aren’t linked. It would be nice if the built in rancher dns service would just resolve any arbitrary container/service’s name (e.g. <container>.<service>.<stack>.<env> or something like that).
@jschilperoord@untoldone it does make sense to provide different options for picking up fqdn target ips. But i would suggest a slightly different way of implementing it. Instead of making custom changes to external-dns and providing a template using out-of-main-stream image, we can do this:
Each way of building a) ip set for fqdn b) fqdn, should be represented as a plugin in external-dns repo.
Pass desired plugin as a CMD option in external-dns template. Default way would be the current way - a) chose host ip as a target ip address b) form fqdn as servicename.stackname.environmentName
Its already been a lot of users’ code contribution to Rancher external-dns branch (mostly enabling more providers support). So we always appreciate new PRs for the project, especially ones covering the use cases that are common to many users which I believe this case is.
That makes sense. I did this as a super quick hack to get my scenario working but if I find more time, I’ll see how I can turn it into a more reusable chunk of code.
Another note on my scenario here – I was looking for container level resolution in the names. The goal was to be able to directly connect to services for setup + administration. For example, I have a single postgres container and I want to direct connect to postgres securely (e.g. over VPN) to deploy our newest db migrations. Hypothetically if I had a docker image that elected a master + follower PG container, the existing code would resolve the service to 2 IPs even though only the master would be writeable.
This said, there may be completely different solutions that make sense… e.g. perhaps the internal rancher DNS would be another place to put what I’m trying to accomplish… or perhaps something different altogether would involve a replacement for my current VPN-ing.