cypher
/
betelgeusebytes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
betelgeusebytes/k8s/observability-stack/DNS-SETUP.md

3.7 KiB
Raw Permalink Blame History

DNS Configuration Guide

Required DNS Records

Minimum Setup (Recommended)

Only one DNS record is required for basic operation:

grafana.betelgeusebytes.io    A/CNAME    <your-cluster-ip>

This gives you access to the complete observability stack through Grafana's unified interface.

Optional DNS Records

If you want direct access to individual components, add these DNS records:

prometheus.betelgeusebytes.io    A/CNAME    <your-cluster-ip>
loki.betelgeusebytes.io          A/CNAME    <your-cluster-ip>
tempo.betelgeusebytes.io         A/CNAME    <your-cluster-ip>

Then deploy the optional ingresses:

kubectl apply -f 21-optional-ingresses.yaml

DNS Record Types

Option 1: A Record (Direct IP)

Type: A
Name: grafana.betelgeusebytes.io
Value: 1.2.3.4  (your cluster's public IP)
TTL: 300

Option 2: CNAME (Alias to another domain)

Type: CNAME
Name: grafana.betelgeusebytes.io
Value: your-server.example.com
TTL: 300

Access URLs Summary

After DNS Setup

Service URL Purpose DNS Required?
Grafana https://grafana.betelgeusebytes.io Main dashboard (logs/metrics/traces) Yes
Prometheus https://prometheus.betelgeusebytes.io Metrics UI (optional) ⚠️ Optional
Loki https://loki.betelgeusebytes.io Logs API (optional) ⚠️ Optional
Tempo https://tempo.betelgeusebytes.io Traces API (optional) ⚠️ Optional

Internal (No DNS Needed)

These services are accessible from within your cluster only:

# Metrics
http://prometheus.observability.svc.cluster.local:9090

# Logs
http://loki.observability.svc.cluster.local:3100

# Traces (OTLP endpoints for your apps)
http://tempo.observability.svc.cluster.local:4317  # gRPC
http://tempo.observability.svc.cluster.local:4318  # HTTP

# Grafana (internal)
http://grafana.observability.svc.cluster.local:3000

Verification

After setting up DNS, verify it's working:

# Check DNS resolution
dig grafana.betelgeusebytes.io
nslookup grafana.betelgeusebytes.io

# Should return your cluster IP

# Test HTTPS access
curl -I https://grafana.betelgeusebytes.io
# Should return 200 OK or 302 redirect

TLS Certificate

Let's Encrypt will automatically issue certificates for:

  • grafana.betelgeusebytes.io (required)
  • prometheus.betelgeusebytes.io (if optional ingress deployed)
  • loki.betelgeusebytes.io (if optional ingress deployed)
  • tempo.betelgeusebytes.io (if optional ingress deployed)

Check certificate status:

kubectl get certificate -n observability
kubectl describe certificate grafana-tls -n observability

Recommendation

For most users: Just configure grafana.betelgeusebytes.io

Why?

  • Single DNS record to manage
  • Grafana provides unified access to all components
  • Simpler certificate management
  • All functionality available through one interface

For advanced users: Add optional DNS records if you need:

  • Direct Prometheus UI access for debugging
  • External log/trace ingestion
  • API integrations
  • Programmatic queries outside Grafana

Troubleshooting

DNS not resolving:

  • Check DNS propagation: https://dnschecker.org/
  • Wait 5-15 minutes for DNS to propagate
  • Verify your DNS provider settings

Certificate not issued:

# Check cert-manager
kubectl get pods -n cert-manager

# Check certificate request
kubectl describe certificate grafana-tls -n observability

# Check challenges
kubectl get challenges -n observability

403/404 errors:

  • Verify ingress is created: kubectl get ingress -n observability
  • Check NGINX ingress controller: kubectl get pods -n ingress-nginx
  • Check ingress logs: kubectl logs -n ingress-nginx <nginx-pod>