A little while ago I wrote a post over on openshift.com about installing Openshift 4 on VMware. Some of you reading it have asked me how I configured the DNS in my particular set up so this post aims to outline that for you.

My current firewall software of choice is opnsense, a fork of the popular pfsense project. Both of these projects share a lot of DNA, including their usage of the DNS server unbound.

Note this post was written to compliment the openshift.com blog post and was tested against OCP 4.3.

Configuring unbound wasn't particularly difficult but it did take a bit more Googling than I'd like to admit. Firstly you should examine the DNS requirements for Openshift 4.

Here's how I laid out the hosts needed for a fairly minimal homelab grade cluster.

Node FQDN IP Address Other Info
lb lb.ocp4.ktz.lan 192.168.1.160 RHEL7
master1 master1.ocp4.ktz.lan 192.168.1.161 etcd-0.ocp4.ktz.lan
master2 master2.ocp4.ktz.lan 192.168.1.162 etcd-1.ocp4.ktz.lan
master3 master3.ocp4.ktz.lan 192.168.1.163 etcd-2.ocp4.ktz.lan
worker1 worker1.ocp4.ktz.lan 192.168.1.164
worker2 worker2.ocp4.ktz.lan 192.168.1.165
webserver ignition.ocp4.ktz.lan 192.168.1.168 RHEL7
bootstrap bootstrap.ocp4.ktz.lan 192.168.1.169 RHCOS

Requirements


The following records need to be created and pointed at the load balancer. Do this under Services -> Unbound DNS -> Overrides. Top tip here is to use aliases.

* lb.ocp4.ktz.lan
* api.ocp4.ktz.lan
* api-int.ocp4.ktz.lan

Wildcard records


The apps subdomain needs a wildcard entry. With Unbound on OPNsense you can do this via Services -> Unbound DNS -> General -> Advanced -> Custom Options.:

server:
local-zone: "apps.ocp4.ktz.lan" redirect
local-data: "apps.ocp4.ktz.lan 86400 IN A 192.168.1.160"

Verify with dig:

[[email protected] redhat]$ dig *.apps.ocp4.ktz.lan +short
192.168.1.160

SRV records

OPNsense uses Unbound and to create SRV records use the following code under Services -> Unbound DNS -> General -> Advanced -> Custom Options.

server:
local-data: "_etcd-server-ssl._tcp.ocp4.ktz.lan 180 IN SRV 0 10 2380 etcd-0.ocp4.ktz.lan."
local-data: "_etcd-server-ssl._tcp.ocp4.ktz.lan 180 IN SRV 0 10 2380 etcd-1.ocp4.ktz.lan."
local-data: "_etcd-server-ssl._tcp.ocp4.ktz.lan 180 IN SRV 0 10 2380 etcd-2.ocp4.ktz.lan."

Verify with dig:

[[email protected] redhat]$ dig _etcd-server-ssl._tcp.ocp4.ktz.lan SRV +short
0 10 2380 etcd-0.ocp4.ktz.lan.
0 10 2380 etcd-1.ocp4.ktz.lan.
0 10 2380 etcd-2.ocp4.ktz.lan.

Configuring custom options


Custom options are needed because not everything is configurable via the UI. Using the menu Services -> Unbound DNS -> General and the Custom options box (might be hidden under Advanced on first load).

Here, we can configure some required custom options. Namely the SRV, PTR and wildcard records.

server:
local-data: "_etcd-server-ssl._tcp.ocp4.ktz.lan 180 IN SRV 0 10 2380 etcd-0.ocp4.ktz.lan."
local-data: "_etcd-server-ssl._tcp.ocp4.ktz.lan 180 IN SRV 0 10 2380 etcd-1.ocp4.ktz.lan."
local-data: "_etcd-server-ssl._tcp.ocp4.ktz.lan 180 IN SRV 0 10 2380 etcd-2.ocp4.ktz.lan."
local-zone: "apps.ocp4.ktz.lan" redirect
local-data: "apps.ocp4.ktz.lan 86400 IN A 192.168.1.160"
local-data-ptr: "192.168.1.161 etcd-0.ocp4.ktz.lan"
local-data-ptr: "192.168.1.162 etcd-1.ocp4.ktz.lan"
local-data-ptr: "192.168.1.163 etcd-2.ocp4.ktz.lan"

Next, we need to configure the overrides for each host. Use the Services -> Unbound DNS -> Overrides menu for this. Here's an overview of some of my entries.

To save configuring the same thing over and over you can make use of aliases so that if your master1 IP changes, etcd-0 will change with it. Like this:

That should be it. Feel free to reach out on to me Twitter, I'm @IronicBadger, with any questions or comments.

For more information on actually installing Openshift 4 you can refer to my original blog post on openshift.com or this github repo, which contains the artifacts required to deploy Openshift using automation.