This is a cache of https://docs.okd.io/latest/virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.html. It is a snapshot of the page at 2024-11-16T20:06:52.314+0000.
Accessing a VM by using its external FQDN - Networking | Virtualization | OKD 4
×

You can access a virtual machine (VM) that is attached to a secondary network interface from outside the cluster by using its fully qualified domain name (FQDN).

Accessing a VM from outside the cluster by using its FQDN is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Configuring a dns server for secondary networks

The Cluster Network Addons Operator (CNAO) deploys a Domain Name Server (dns) server and monitoring components when you enable the deployKubeSecondarydns feature gate in the HyperConverged custom resource (CR).

Prerequisites
  • You installed the OpenShift CLI (oc).

  • You configured a load balancer for the cluster.

  • You logged in to the cluster with cluster-admin permissions.

Procedure
  1. Edit the HyperConverged CR in your default editor by running the following command:

    $ oc edit hyperconverged kubevirt-hyperconverged -n kubevirt-hyperconverged
  2. Enable the dns server and monitoring components according to the following example:

    apiVersion: hco.kubevirt.io/v1beta1
    kind: HyperConverged
    metadata:
      name: kubevirt-hyperconverged
      namespace: kubevirt-hyperconverged
    spec:
        featureGates:
          deployKubeSecondarydns: true (1)
    # ...
    1 Enables the dns server
  3. Save the file and exit the editor.

  4. Create a load balancer service to expose the dns server outside the cluster by running the oc expose command according to the following example:

    $ oc expose -n kubevirt-hyperconverged deployment/secondary-dns --name=dns-lb \
      --type=LoadBalancer --port=53 --target-port=5353 --protocol='UDP'
  5. Retrieve the external IP address by running the following command:

    $ oc get service -n kubevirt-hyperconverged
    Example output
    NAME       TYPE             CLUSTER-IP     EXTERNAL-IP      PORT(S)          AGE
    dns-lb     LoadBalancer     172.30.27.5    10.46.41.94      53:31829/TCP     5s
  6. Edit the HyperConverged CR again:

    $ oc edit hyperconverged kubevirt-hyperconverged -n kubevirt-hyperconverged
  7. Add the external IP address that you previously retrieved to the kubeSecondarydnsNameServerIP field in the enterprise dns server records. For example:

    apiVersion: hco.kubevirt.io/v1beta1
    kind: HyperConverged
    metadata:
      name: kubevirt-hyperconverged
      namespace: kubevirt-hyperconverged
    spec:
      featureGates:
        deployKubeSecondarydns: true
      kubeSecondarydnsNameServerIP: "10.46.41.94" (1)
    # ...
    1 Specify the external IP address exposed by the load balancer service.
  8. Save the file and exit the editor.

  9. Retrieve the cluster FQDN by running the following command:

     $ oc get dnses.config.openshift.io cluster -o jsonpath='{.spec.baseDomain}'
    Example output
    openshift.example.com
  10. Point to the dns server. To do so, add the kubeSecondarydnsNameServerIP value and the cluster FQDN to the enterprise dns server records. For example:

    vm.<FQDN>. IN NS ns.vm.<FQDN>.
    ns.vm.<FQDN>. IN A <kubeSecondarydnsNameServerIP>

Connecting to a VM on a secondary network by using the cluster FQDN

You can access a running virtual machine (VM) attached to a secondary network interface by using the fully qualified domain name (FQDN) of the cluster.

Prerequisites
  • You installed the QEMU guest agent on the VM.

  • The IP address of the VM is public.

  • You configured the dns server for secondary networks.

  • You retrieved the fully qualified domain name (FQDN) of the cluster.

    To obtain the FQDN, use the oc get command as follows:

    $ oc get dnses.config.openshift.io cluster -o json | jq .spec.baseDomain
Procedure
  1. Retrieve the network interface name from the VM configuration by running the following command:

    $ oc get vm -n <namespace> <vm_name> -o yaml
    Example output
    apiVersion: kubevirt.io/v1
    kind: VirtualMachine
    metadata:
      name: example-vm
      namespace: example-namespace
    spec:
      running: true
      template:
        spec:
          domain:
            devices:
              interfaces:
                - bridge: {}
                  name: example-nic
    # ...
          networks:
          - multus:
              networkName: bridge-conf
            name: example-nic (1)
    1 Note the name of the network interface.
  2. Connect to the VM by using the ssh command:

    $ ssh <user_name>@<interface_name>.<vm_name>.<namespace>.vm.<cluster_fqdn>