How-to update DNS on vSphere with Tanzu Workload Cluster nodes after adding new DNS servers under Workload Management
search cancel

How-to update DNS on vSphere with Tanzu Workload Cluster nodes after adding new DNS servers under Workload Management

book

Article ID: 319397

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vSphere Kubernetes Service

Issue/Introduction


Provide a workaround to push DNS changes from the previous output to vSphere with Tanzu Workload Clusters effectively.

Symptoms:  

After updating DNS servers for vSphere with Tanzu via the vSphere Web Client -> Supervisor Cluster -> Configure -> Network -> 'Management Network' and 'Workload Network', running pods and new pods on Workload Clusters do not recognize the changes.

Environment

VMware vSphere 8.0 with Tanzu
VMware vSphere 7.0 with Tanzu

Cause


This behavior occurs on Workload Clusters and not on Supervisor Cluster because the Supervisor Cluster's CoreDNS pod forwards requests directly to the DNS configured under Workload Management and updates immediately when changes are made. However, the Workload Cluster's CoreDNS pod forwards requests to the Workload Cluster node DNS configuration, which then relies on the node's resolv.conf to point to the DNS configured in Workload Management. The network file on the Workload Cluster node, located at /etc/systemd/network/10-gosc-eth0.network, only updates when nodes are manually recreated.

Resolution


There is no resolution for this issue, as the functionality operates as intended by design.

Workaround:


To work around this issue, you can recreate the nodes by changing the vmClass of the Workload Cluster nodes, which triggers a rolling update of the nodes and updates the host file at /etc/systemd/network/10-gosc-eth0.network.
 

  • Use the following command to make the changes:


# kubectl edit tkc -n <namespace> <tkc-name>
 

  • Ensure that the vmClass selected is added to the Workload Cluster's namespace in vCenter under Workload Management.
 
  • For TKCs with v1alpha2 vmClass nodes, make the following changes to cluster manifest:
     

spec:
  topology:
    controlPlane:
      vmClass: string
    nodePools:
      vmClass: string

 

  • For TKCs with v1alpha1 vmClass nodes, make the following changes to cluster manifest:
 

spec:
  topology:
    controlPlane:
      class: string
    workers:
      class: string

 


Additional Information

vSphere with Tanzu 7.0

Impact/Risks:

DNS lookups performed by workloads running in Workload Clusters may fail due to this issue.

Powered by Wolken Software