
Getting Local Domains to Work with Kubernetes in Docker Desktop for Mac
In this guide, I will show you how to set up local DNS to work with Kubernetes in Docker Desktop for Mac. We’re going to send *.localhost
domain traffic to your local Kubernetes cluster with the help of dnsmasq
and some clever IP routing.
Configuring the Host Mac
Prerequisites
- Install Homebrew
- Install Docker Desktop for Mac
- Enable Kubernetes in Docker Desktop’s Preferences.
Make a Loopback Alias
Make 172.173.174.175
into a loopback alias that points at your Mac.
sudo ifconfig lo0 alias 172.173.174.175
You can turn this into a plist
so that the configuration survives reboots. Make a file /Library/LaunchDaemons/localhost.docker.kubernetes.loopback.plist
containing the following:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>localhost.docker.kubernetes.loopback.plist</string>
<key>ProgramArguments</key>
<array>
<string>ifconfig</string>
<string>lo0</string>
<string>alias</string>
<string>172.173.174.175</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Configure dnsmasq
Install it via Brew.
brew install dnsmasq
Append the following line to dnsmasq.conf
, which will tell dnsmasq
to load additional *.conf
configuration files from the dnsmasq.d
directory.
conf-dir=/usr/local/etc/dnsmasq.d/,*.conf
Create a new file /usr/local/etc/dnsmasq.d/localhost.conf
that directs *.localhost
domains to 172.173.174.175
like this:
address=/.localhost/172.173.174.175
Restart the service.
sudo brew services restart dnsmasq
Resolver
Make a new file /etc/resolver/localhost
to tell your Mac to use its dnsmasq
service to resolve *.localhost
domains:
nameserver 127.0.0.1
Configuring the Virtual Machine (VM)
iptables
Use iptables
to tell the VM to forward 172.173.174.175
to 192.168.65.2
(its address for your Mac). The following command uses a minimal Docker image with nsenter(1)
to punch through to the containing VM and run iptables
there.
docker run -it --privileged --pid=host justincormack/nsenter1 /bin/bash -c "iptables -t nat -A OUTPUT -d 172.173.174.175 -j DNAT --to-destination 192.168.65.2"
How Does it Work?
- The VM sends
172.173.174.175
traffic to your Mac. - Your Mac sends
172.173.174.175
traffic to itself. - Both use
dnsmasq
to resolve*.localhost
domains. dnsmasq
always answers with172.173.174.175
for*.localhost
domains.- Therefore
*.localhost
domains, resolved from either your Mac or the VM, always indicate an IP address that routes traffic back to your Mac.
What’s the Deal With the IP Address?
A typical guide for using dnsmasq
for local development would tell you to set *.localhost
to resolve to 127.0.0.1
. That works for your Mac.
The problem with doing that is when your VM resolves foo.localhost
to 127.0.0.1
. On your VM, 127.0.0.1
is the VM itself. We don’t want foo.localhost
to go to the VM. We want it to go to the host Mac and let the host Mac handle the routing from there.
So we have foo.localhost
resolve to 172.173.174.175
, an arbitrary IP address from the private network block. And we separately configure both the host Mac and the VM to loop that traffic back to the host Mac.
Testing It Out
Make sure kubectl
is pointed at the docker-desktop
cluster:
kubectl config use-context docker-desktop
Install the nginx ingress controller like so:
kubectl apply --wait -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.27.1/deploy/static/mandatory.yaml
kubectl apply --wait -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.27.1/deploy/static/provider/cloud-generic.yaml
Navigate to http://anything.localhost
in your browser. If everything is working properly, you will see a generic 404 Not Found page.
Did it work for you? Let us know on Twitter!
From 0 to K8s in Hours, Not Months
Don’t waste time and resources on DevOps. Our team of Certified Kubernetes Admins manage and maintain Kubernetes clusters using AWS to host applications for ourselves and our partners.
You might also be interested in these articles: