Reassign a namespace from one DNS-controller instance to another#
Introduction#
You can reassign a namespace from one DNS-controller instance to another. The steps you follow depend on whether the source and destination DNS-controller instances are general or realm-specific.
Warning
Reassigning a namespace from one DNS-controller instance to another may cause a temporary service outage.
How to use these instructions#
Choose the appropriate task below.
Reassign a namespace from a general to a realm-specific DNS-controller instance#
Add a realm label to the namespace using the name of the realm:
$ kubectl label namespace <namespaceName> dnscontroller/realm=<realmName>
Aspen Mesh DNS static entries in the namespace will now be managed by the realm-specific DNS-controller instance, which may use a different Kubernetes DNS server.
Make sure that the on-mesh workloads in the namespace use the same Kubernetes DNS server as the realm-specific DNS-controller instance.
For example, if you installed a mutating webhook that changes the
.spec.dnsConfig.nameservers
field for workloads based on a DNS-server label (for example,dns-server=spk
), add the DNS-server label to the namespace and restart all pods with sidecars in the namespace:$ kubectl label namespace <namespaceName> dns-server=spk $ kubectl delete pods --namespace <namespaceName> --selector security.istio.io/tlsMode=istio
Reassign a namespace from a realm-specific to a general DNS-controller instance#
Remove the realm label from the namespace:
$ kubectl label namespace <namespaceName> dnscontroller/realm-
Aspen Mesh DNS static entries in the namespace will now be managed by the general DNS-controller instance, which may use a different Kubernetes DNS server.
Make sure that the on-mesh workloads in the namespace use the same Kubernetes DNS server as the general DNS-controller instance.
For example, if you installed a mutating webhook that changes the
.spec.dnsConfig.nameservers
field for workloads based on a DNS-server label (for example,dns-server=spk
), and the namespace has a DNS-server label, remove the DNS-server label from the namespace and restart all pods with sidecars in the namespace:$ kubectl label namespace <namespaceName> dns-server- $ kubectl delete pods --namespace <namespaceName> --selector security.istio.io/tlsMode=istio
Reassign a namespace from a realm-specific to a realm-specific DNS-controller instance#
Change the realm label for the namespace using the name of the new realm:
$ kubectl label namespace <namespaceName> dnscontroller/realm=<realmName>
Aspen Mesh DNS static entries in the namespace will now be managed by the new realm-specific DNS-controller instance, which may use a different Kubernetes DNS server.
Make sure that the on-mesh workloads in the namespace use the same Kubernetes DNS server as the new realm-specific DNS-controller instance.
For example, if you installed a mutating webhook that changes the
.spec.dnsConfig.nameservers
field for workloads based on a DNS-server label (for example,dns-server=spk
), change the DNS-server label on the namespace and restart all pods with sidecars in the namespace:$ kubectl label namespace <namespaceName> dns-server=alt $ kubectl delete pods --namespace <namespaceName> --selector security.istio.io/tlsMode=istio