VMware Solutions DNS configuration
Collecting Active Directory credentials
- Log in to IBM Cloud®.
- From the left menu, select VMware.
- From the IBM Cloud for VMware Solutions console, click Resources > vCenter Server from the left navigation pane.
- Select your deployed instance.
- Click the Access information tab and collect the AD/DNS IP and remote desktop credentials.
- From a jump server or by using SSL VPN, remote desktop to the AD/DNS server.
Creating DNS records
- Based on the following example, create a table to record your values.
- Update the following PowerShell commands with your values.
- From the Windows® RDP Session, open a PowerShell command window.
- Run commands to create the DNS artifacts.
- Reverse Lookup Zones
- Create DNS A Records with PTR
- Create DNS Service record for
etcd - Create DNS SRV record for
etcd
Notes about DNS records
- The
Add-DnsServerPrimaryZone-networkidcmdlet creates only classful reverse lookup zones. Therefore, if you specify a prefix longer than/24, then the cmdlet creates a/32reverse lookup zone. Therefore, as a workaround in the script use/24instead of a/26. You also need to modify the private portable subnet to match the classful/24network in the commands. - Do not create CNAME entries because the Red Hat® OpenShift® certificates are keyed to the DNS returning the IP address only and not a referral to the base hostname. Use the following format for DNS naming standards:
HostName.ClusterName.SubDomain.DomainName- HostName - Name of the virtual machine or host, for example,
control-plane-0 - ClusterName - Red Hat OpenShift cluster name, for example,
ocp - SubDomain - Subdomain of the IBM Cloud for VMware Solutions deployment, for example,
dallas - DomainName - Domain name of the IBM Cloud for VMware Solutions Deployment, for example,
ibm.local
- HostName - Name of the virtual machine or host, for example,
For example, the FQDN would be, control-plane-0.ocp.dallas.ibm.local.
The following table is for an example deployment. Use your own values.
| DNS Description | DNS Example Name | DNS Example IP address |
|---|---|---|
| DNS Reverse Lookup for Red Hat OpenShift VXLAN | 192.168.133.0/24 |
|
| DNS Reverse Lookup for Red Hat OpenShift IBM Cloud Subnet | 10.208.242.128/26 |
|
| Bastion Host | bastion.ocp.dallas.ibm.local | 192.168.133.8 |
| bootstrap-0 Host | bootstrap-0.ocp.dallas.ibm.local | 192.168.133.9 |
| control-plane-0 Host | control-plane-0.ocp.dallas.ibm.local | 192.168.133.10 |
| control-plane-1 Host | control-plane-1.ocp.dallas.ibm.local | 192.168.133.11 |
| control-plane-2 Host | control-plane-2.ocp.dallas.ibm.local | 192.168.133.12 |
| compute-0 Host | compute-0.ocp.dallas.ibm.local | 192.168.133.13 |
| compute-1 Host | compute-1.ocp.dallas.ibm.local | 192.168.133.14 |
| compute-2 Host | compute-2.ocp.dallas.ibm.local | 192.168.133.15 |
| Application wildcard DNS (Load Balancer) | *.apps.ocp.dallas.ibm.local | 10.208.242.131 |
| Kubernetes API URL (Load Balancer) | api.ocp.dallas.ibm.local | 10.208.242.132 |
| Kubernetes API-INT (Internal) URL (Load Balancer) | api-int.ocp.dallas.ibm.local |
10.208.242.132 |
etcd Node0 |
etcd-0.ocp.dallas.ibm.local | 192.168.133.10 |
etcd Node1 |
etcd-1.ocp.dallas.ibm.local | 192.168.133.11 |
etcd Node2 |
etcd-2.ocp.dallas.ibm.local | 192.168.133.12 |
etcd Service Record Node 0 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.10 |
etcd Service Record Node 1 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.11 |
etcd Service Record Node 2 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.12 |
DNS commands
# Create Reverse Lookup Zones
Add-DnsServerPrimaryZone -networkid "192.168.133.0/24" -replicationscope forest
Add-DnsServerPrimaryZone -networkid "10.208.242.0/24" -replicationscope forest
# Create DNS A Records, with PTR
Add-DnsServerResourceRecordA -Name "bastion.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.8" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "bootstrap-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.9" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.10" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.10" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.11" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.11" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.12" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.12" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.13" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.14" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.15" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "*.apps.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.131" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "api.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.132" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "api-int.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.132" -CreatePtr -TimeToLive 00:00:10
# Create DNS SRV record for etcd
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-0.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-1.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-2.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380