# DNS Configuration Guide ## Required DNS Records ### Minimum Setup (Recommended) Only **one** DNS record is required for basic operation: ``` grafana.betelgeusebytes.io A/CNAME ``` This gives you access to the complete observability stack through Grafana's unified interface. ## Optional DNS Records If you want direct access to individual components, add these DNS records: ``` prometheus.betelgeusebytes.io A/CNAME loki.betelgeusebytes.io A/CNAME tempo.betelgeusebytes.io A/CNAME ``` Then deploy the optional ingresses: ```bash kubectl apply -f 21-optional-ingresses.yaml ``` ## DNS Record Types **Option 1: A Record (Direct IP)** ``` Type: A Name: grafana.betelgeusebytes.io Value: 1.2.3.4 (your cluster's public IP) TTL: 300 ``` **Option 2: CNAME (Alias to another domain)** ``` Type: CNAME Name: grafana.betelgeusebytes.io Value: your-server.example.com TTL: 300 ``` ## Access URLs Summary ### After DNS Setup | Service | URL | Purpose | DNS Required? | |---------|-----|---------|---------------| | **Grafana** | https://grafana.betelgeusebytes.io | Main dashboard (logs/metrics/traces) | ✅ Yes | | **Prometheus** | https://prometheus.betelgeusebytes.io | Metrics UI (optional) | ⚠️ Optional | | **Loki** | https://loki.betelgeusebytes.io | Logs API (optional) | ⚠️ Optional | | **Tempo** | https://tempo.betelgeusebytes.io | Traces API (optional) | ⚠️ Optional | ### Internal (No DNS Needed) These services are accessible from within your cluster only: ``` # Metrics http://prometheus.observability.svc.cluster.local:9090 # Logs http://loki.observability.svc.cluster.local:3100 # Traces (OTLP endpoints for your apps) http://tempo.observability.svc.cluster.local:4317 # gRPC http://tempo.observability.svc.cluster.local:4318 # HTTP # Grafana (internal) http://grafana.observability.svc.cluster.local:3000 ``` ## Verification After setting up DNS, verify it's working: ```bash # Check DNS resolution dig grafana.betelgeusebytes.io nslookup grafana.betelgeusebytes.io # Should return your cluster IP # Test HTTPS access curl -I https://grafana.betelgeusebytes.io # Should return 200 OK or 302 redirect ``` ## TLS Certificate Let's Encrypt will automatically issue certificates for: - grafana.betelgeusebytes.io (required) - prometheus.betelgeusebytes.io (if optional ingress deployed) - loki.betelgeusebytes.io (if optional ingress deployed) - tempo.betelgeusebytes.io (if optional ingress deployed) Check certificate status: ```bash kubectl get certificate -n observability kubectl describe certificate grafana-tls -n observability ``` ## Recommendation **For most users:** Just configure `grafana.betelgeusebytes.io` Why? - Single DNS record to manage - Grafana provides unified access to all components - Simpler certificate management - All functionality available through one interface **For advanced users:** Add optional DNS records if you need: - Direct Prometheus UI access for debugging - External log/trace ingestion - API integrations - Programmatic queries outside Grafana ## Troubleshooting **DNS not resolving:** - Check DNS propagation: https://dnschecker.org/ - Wait 5-15 minutes for DNS to propagate - Verify your DNS provider settings **Certificate not issued:** ```bash # Check cert-manager kubectl get pods -n cert-manager # Check certificate request kubectl describe certificate grafana-tls -n observability # Check challenges kubectl get challenges -n observability ``` **403/404 errors:** - Verify ingress is created: `kubectl get ingress -n observability` - Check NGINX ingress controller: `kubectl get pods -n ingress-nginx` - Check ingress logs: `kubectl logs -n ingress-nginx `