3.2. Setting DNS to private

Procedure

1. Review the DNS custom resource for your cluster:

   $ oc get dnses.config.openshift.io/cluster -o yaml

   Example output

   apiVersion: config.openshift.io/v1
   kind: DNS
   metadata:
     creationTimestamp: "2019-10-25T18:27:09Z"
     generation: 2
     name: cluster
     resourceVersion: "37966"
     selfLink: /apis/config.openshift.io/v1/dnses/cluster
     uid: 0e714746-f755-11f9-9cb1-02ff55d8f976
   spec:
     baseDomain: <base_domain>
     privateZone:
       tags:
         Name: <infrastructureID>-int
         kubernetes.io/cluster/<infrastructureID>: owned
     publicZone:
       id: Z2XXXXXXXXXXA4
   status: {}

   Note that the spec section contains both a private and a public zone.

2. Patch the DNS custom resource to remove the public zone:

   $ oc patch dnses.config.openshift.io/cluster --type=merge --patch='{"spec": {"publicZone": null}}'
   dns.config.openshift.io/cluster patched

   Because the Ingress Controller consults the DNS definition when it creates Ingress objects, when you create or modify Ingress objects, only private records are created.

   重要

   DNS records for the existing Ingress objects are not modified when you remove the public zone.

3. Optional: Review the DNS custom resource for your cluster and confirm that the public zone was removed:

   $ oc get dnses.config.openshift.io/cluster -o yaml

   Example output

   apiVersion: config.openshift.io/v1
   kind: DNS
   metadata:
     creationTimestamp: "2019-10-25T18:27:09Z"
     generation: 2
     name: cluster
     resourceVersion: "37966"
     selfLink: /apis/config.openshift.io/v1/dnses/cluster
     uid: 0e714746-f755-11f9-9cb1-02ff55d8f976
   spec:
     baseDomain: <base_domain>
     privateZone:
       tags:
         Name: <infrastructureID>-int
         kubernetes.io/cluster/<infrastructureID>-wfpg4: owned
   status: {}