Service namespace stable?

nginx does not resolve the service name using search domains in the same way dig <service name> fails to find the ip with the default configuration. This means I need to use the fqdn, not just the service name. I found I can find the underlying team cluster namespace in /etc/resolv.conf by examining the search domains.

With this information I can construct the fqdn as follows:

<service name>.<team namespace>.svc.cluster.local

I have two questions:

1. Is this namespace stable?
2. Is this documented anywhere?

Good question @azaafoo! The namespace and therefore the FQDN should be stable, but we don’t guarantee stability. If you can, I’d recommend that you rely on the configuration in /etc/resolv.conf to go from service name to FQDN. For example, as part of your build step, you could get the FQDN with:

dig +search +noall +answer <service name> | awk '{print $1}'

And then dynamically include the FQDN in your nginx config.

Let us know if you have additional questions!

There’s also this option that grabs the namespace, but maybe the ordering of search is not stable?

cat /etc/resolv.conf | grep search | awk '{print $2}'

There’s also nslookup which gives the fqdn without the trailing . that dig does:

nslookup <service name> | grep Name | awk '{print $2}'

Thanks!

Oh good call! I think you’re right that using nslookup would be more stable than relying on the ordering of the search domains.

How did you dynamically get the output of nslookup <service name> | grep Name | awk '{print $2}' into your nginx configuration? Did you use the envsubst that’s built in to the nginx docker container? docs/nginx at 04c94c3a59005280ec604175aab6f7bb3c606614 · docker-library/docs · GitHub

Yes, essentially you need three things:

1. An entrypoint.sh script

#!/usr/bin/env sh
export SERVICE_FQDN=$(nslookup $SERVICE_NAME | grep Name | awk '{print $2}')
export NAMESERVER=$(cat /etc/resolv.conf | grep "nameserver" | head -n1 | awk '{print $2}')

/docker-entrypoint.sh "$@"

2. An nginx template, say, default.conf.template

server {
 ...
  upstream proxy_service {
    server $SERVICE_FQDN:$SERVICE_PORT;
  }
  ...
}

3. A Dockerfile

FROM nginx:1.20
RUN apt update && apt upgrade -y
RUN apt install -y dnsutils
RUN mkdir -p /etc/nginx/templates
COPY default.conf.template /etc/nginx/templates/default.conf.template
COPY entrypoint.sh /
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["nginx", "-g", "daemon off;"]

and then the nginx image will handle the substitutions for you.

Thank you very much for that speedy response! That helped me get up and running.

Some minor notes:

• It is necessary to chmod +x entrypoint.sh (otherwise the deploy will fail with exit code 126)
• Somewhere in the default.conf.template you should set the resolver based on the env var from entrypoint.sh. i.e. resolver $NAMESERVER;
• I’m not using upstream because then nginx never re-runs the DNS resolution (which is actually the whole reason I’m even on this thread in the first place since the IP address for my other render services occasionally changes)
  • linux - How to force nginx to resolve DNS (of a dynamic hostname) everytime when doing proxy_pass? - Server Fault
  • Official page about this: DNS for Service Discovery with NGINX and NGINX Plus
  • That said this doesn’t really directly affect your instructions, I just wanted to note that I’m using proxy_pass with a variable (to force the repeated dns resolution):

  • set $app_backend http://$SERVICE_FQDN:10000;
    proxy_pass $app_backend;