karmada operator add the support for custom dns domain

Signed-off-by: zhzhuang-zju <[email protected]>

operator/pkg/certs/certs.go

@@ -55,6 +55,7 @@ const (
 type AltNamesMutatorConfig struct {
 	Name                string
 	Namespace           string
+	DnsDomain           string
 	ControlplaneAddress string
 	Components          *operatorv1alpha1.KarmadaComponents
 }
@@ -452,8 +453,8 @@ func makeAltNamesMutator(f func(cfg *AltNamesMutatorConfig) (*certutil.AltNames,
 }
 
 func etcdServerAltNamesMutator(cfg *AltNamesMutatorConfig) (*certutil.AltNames, error) {
-	etcdClientServiceDNS := fmt.Sprintf("%s.%s.svc.cluster.local", util.KarmadaEtcdClientName(cfg.Name), cfg.Namespace)
-	etcdPeerServiceDNS := fmt.Sprintf("*.%s.%s.svc.cluster.local", util.KarmadaEtcdName(cfg.Name), cfg.Namespace)
+	etcdClientServiceDNS := fmt.Sprintf("%s.%s.svc.%s", util.KarmadaEtcdClientName(cfg.Name), cfg.Namespace, cfg.DnsDomain)
+	etcdPeerServiceDNS := fmt.Sprintf("*.%s.%s.svc.%s", util.KarmadaEtcdName(cfg.Name), cfg.Namespace, cfg.DnsDomain)
 
 	altNames := &certutil.AltNames{
 		DNSNames: []string{"localhost", etcdClientServiceDNS, etcdPeerServiceDNS},
@@ -474,7 +475,7 @@ func apiServerAltNamesMutator(cfg *AltNamesMutatorConfig) (*certutil.AltNames, e
 			"kubernetes",
 			"kubernetes.default",
 			"kubernetes.default.svc",
-			fmt.Sprintf("*.%s.svc.cluster.local", constants.KarmadaSystemNamespace),
+			fmt.Sprintf("*.%s.svc.%s", constants.KarmadaSystemNamespace, cfg.DnsDomain),
 			fmt.Sprintf("*.%s.svc", constants.KarmadaSystemNamespace),
 		},
 		IPs: []net.IP{
@@ -487,9 +488,9 @@ func apiServerAltNamesMutator(cfg *AltNamesMutatorConfig) (*certutil.AltNames, e
 	// if its altNames contains 'karmada-demo-aggregated-apiserver.karmada-system.svc';
 	// 2.When karmada-apiserver access webhook, the cert of 'karmada-demo-webhook' will be verified to see
 	// if its altNames contains 'karmada-demo-webhook.test.svc'.
-	// Therefore, the certificate's altNames should contain both 'karmada-system.svc.cluster.local' and 'test.svc.cluster.local'.
+	// Therefore, the certificate's altNames should contain both 'karmada-system.svc.${dnsDomain}' and 'test.svc.${dnsDomain}'.
 	if cfg.Namespace != constants.KarmadaSystemNamespace {
-		appendSANsToAltNames(altNames, []string{fmt.Sprintf("*.%s.svc.cluster.local", cfg.Namespace),
+		appendSANsToAltNames(altNames, []string{fmt.Sprintf("*.%s.svc.%s", cfg.Namespace, cfg.DnsDomain),
 			fmt.Sprintf("*.%s.svc", cfg.Namespace)})
 	}
 

operator/pkg/controlplane/apiserver/apiserver.go

@@ -34,31 +34,32 @@ import (
 )
 
 // EnsureKarmadaAPIServer creates karmada apiserver deployment and service resource
-func EnsureKarmadaAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaComponents, name, namespace string, featureGates map[string]bool) error {
-	if err := installKarmadaAPIServer(client, cfg.KarmadaAPIServer, name, namespace, featureGates); err != nil {
+func EnsureKarmadaAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaComponents, name, namespace, dnsDomain string, featureGates map[string]bool) error {
+	if err := installKarmadaAPIServer(client, cfg.KarmadaAPIServer, name, namespace, dnsDomain, featureGates); err != nil {
 		return fmt.Errorf("failed to install karmada apiserver, err: %w", err)
 	}
 
 	return createKarmadaAPIServerService(client, cfg.KarmadaAPIServer, name, namespace)
 }
 
 // EnsureKarmadaAggregatedAPIServer creates karmada aggregated apiserver deployment and service resource
-func EnsureKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaComponents, name, namespace string, featureGates map[string]bool) error {
-	if err := installKarmadaAggregatedAPIServer(client, cfg.KarmadaAggregatedAPIServer, name, namespace, featureGates); err != nil {
+func EnsureKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaComponents, name, namespace, dnsDomain string, featureGates map[string]bool) error {
+	if err := installKarmadaAggregatedAPIServer(client, cfg.KarmadaAggregatedAPIServer, name, namespace, dnsDomain, featureGates); err != nil {
 		return err
 	}
 	return createKarmadaAggregatedAPIServerService(client, name, namespace)
 }
 
-func installKarmadaAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaAPIServer, name, namespace string, _ map[string]bool) error {
+func installKarmadaAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaAPIServer, name, namespace, dnsDomain string, _ map[string]bool) error {
 	apiserverDeploymentBytes, err := util.ParseTemplate(KarmadaApiserverDeployment, struct {
 		DeploymentName, Namespace, Image, ImagePullPolicy, EtcdClientService string
-		ServiceSubnet, KarmadaCertsSecret, EtcdCertsSecret                   string
+		ServiceSubnet, KarmadaCertsSecret, EtcdCertsSecret, DnsDomain        string
 		Replicas                                                             *int32
 		EtcdListenClientPort                                                 int32
 	}{
 		DeploymentName:       util.KarmadaAPIServerName(name),
 		Namespace:            namespace,
+		DnsDomain:            dnsDomain,
 		Image:                cfg.Image.Name(),
 		ImagePullPolicy:      string(cfg.ImagePullPolicy),
 		EtcdClientService:    util.KarmadaEtcdClientName(name),
@@ -112,15 +113,16 @@ func createKarmadaAPIServerService(client clientset.Interface, cfg *operatorv1al
 	return nil
 }
 
-func installKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaAggregatedAPIServer, name, namespace string, featureGates map[string]bool) error {
+func installKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operatorv1alpha1.KarmadaAggregatedAPIServer, name, namespace, dnsDomain string, featureGates map[string]bool) error {
 	aggregatedAPIServerDeploymentBytes, err := util.ParseTemplate(KarmadaAggregatedAPIServerDeployment, struct {
 		DeploymentName, Namespace, Image, ImagePullPolicy, EtcdClientService string
-		KubeconfigSecret, KarmadaCertsSecret, EtcdCertsSecret                string
+		KubeconfigSecret, KarmadaCertsSecret, EtcdCertsSecret, DnsDomain     string
 		Replicas                                                             *int32
 		EtcdListenClientPort                                                 int32
 	}{
 		DeploymentName:       util.KarmadaAggregatedAPIServerName(name),
 		Namespace:            namespace,
+		DnsDomain:            dnsDomain,
 		Image:                cfg.Image.Name(),
 		ImagePullPolicy:      string(cfg.ImagePullPolicy),
 		EtcdClientService:    util.KarmadaEtcdClientName(name),

operator/pkg/controlplane/apiserver/apiserver_test.go

@@ -58,7 +58,7 @@ func TestEnsureKarmadaAPIServer(t *testing.T) {
 
 	fakeClient := fakeclientset.NewSimpleClientset()
 
-	err := EnsureKarmadaAPIServer(fakeClient, cfg, name, namespace, map[string]bool{})
+	err := EnsureKarmadaAPIServer(fakeClient, cfg, name, namespace, constants.KarmadaDefaultDNSDomain, map[string]bool{})
 	if err != nil {
 		t.Fatalf("expected no error, but got: %v", err)
 	}
@@ -96,7 +96,7 @@ func TestEnsureKarmadaAggregatedAPIServer(t *testing.T) {
 
 	fakeClient := fakeclientset.NewSimpleClientset()
 
-	err := EnsureKarmadaAggregatedAPIServer(fakeClient, cfg, name, namespace, featureGates)
+	err := EnsureKarmadaAggregatedAPIServer(fakeClient, cfg, name, namespace, constants.KarmadaDefaultDNSDomain, featureGates)
 	if err != nil {
 		t.Fatalf("expected no error, but got: %v", err)
 	}
@@ -137,7 +137,7 @@ func TestInstallKarmadaAPIServer(t *testing.T) {
 	featureGates := map[string]bool{"FeatureA": true}
 
 	// Call the function under test.
-	err := installKarmadaAPIServer(fakeClient, cfg, name, namespace, featureGates)
+	err := installKarmadaAPIServer(fakeClient, cfg, name, namespace, constants.KarmadaDefaultDNSDomain, featureGates)
 	if err != nil {
 		t.Fatalf("expected no error, but got: %v", err)
 	}
@@ -229,7 +229,7 @@ func TestInstallKarmadaAggregatedAPIServer(t *testing.T) {
 
 	featureGates := map[string]bool{"FeatureA": true}
 
-	err := installKarmadaAggregatedAPIServer(fakeClient, cfg, name, namespace, featureGates)
+	err := installKarmadaAggregatedAPIServer(fakeClient, cfg, name, namespace, constants.KarmadaDefaultDNSDomain, featureGates)
 	if err != nil {
 		t.Fatalf("Failed to install Karmada Aggregated API Server: %v", err)
 	}

operator/pkg/controlplane/apiserver/mainfests.go

@@ -53,10 +53,10 @@ spec:
         - --etcd-cafile=/etc/etcd/pki/etcd-ca.crt
         - --etcd-certfile=/etc/etcd/pki/etcd-client.crt
         - --etcd-keyfile=/etc/etcd/pki/etcd-client.key
-        - --etcd-servers=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.cluster.local:{{ .EtcdListenClientPort }}
+        - --etcd-servers=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.{{ .DnsDomain }}:{{ .EtcdListenClientPort }}
         - --bind-address=0.0.0.0
         - --secure-port=5443
-        - --service-account-issuer=https://kubernetes.default.svc.cluster.local
+        - --service-account-issuer=https://kubernetes.default.svc.{{ .DnsDomain }}
         - --service-account-key-file=/etc/karmada/pki/karmada.key
         - --service-account-signing-key-file=/etc/karmada/pki/karmada.key
         - --service-cluster-ip-range={{ .ServiceSubnet }}
@@ -179,7 +179,7 @@ spec:
         - --etcd-cafile=/etc/etcd/pki/etcd-ca.crt
         - --etcd-certfile=/etc/etcd/pki/etcd-client.crt
         - --etcd-keyfile=/etc/etcd/pki/etcd-client.key
-        - --etcd-servers=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.cluster.local:{{ .EtcdListenClientPort }}
+        - --etcd-servers=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.{{ .DnsDomain }}:{{ .EtcdListenClientPort }}
         - --tls-cert-file=/etc/karmada/pki/karmada.crt
         - --tls-private-key-file=/etc/karmada/pki/karmada.key
         - --tls-min-version=VersionTLS13

operator/pkg/controlplane/etcd/etcd.go

@@ -35,41 +35,43 @@ import (
 )
 
 // EnsureKarmadaEtcd creates etcd StatefulSet and service resource.
-func EnsureKarmadaEtcd(client clientset.Interface, cfg *operatorv1alpha1.LocalEtcd, name, namespace string) error {
-	if err := installKarmadaEtcd(client, name, namespace, cfg); err != nil {
+func EnsureKarmadaEtcd(client clientset.Interface, cfg *operatorv1alpha1.LocalEtcd, name, namespace, dnsDomain string) error {
+	if err := installKarmadaEtcd(client, name, namespace, dnsDomain, cfg); err != nil {
 		return err
 	}
 	return createEtcdService(client, name, namespace)
 }
 
-func installKarmadaEtcd(client clientset.Interface, name, namespace string, cfg *operatorv1alpha1.LocalEtcd) error {
+func installKarmadaEtcd(client clientset.Interface, name, namespace, dnsDomain string, cfg *operatorv1alpha1.LocalEtcd) error {
 	// if the number of etcd is greater than one, we need to concatenate the peerURL for each member cluster.
 	// memberName is podName generated by etcd statefulset: ${statefulsetName}-index
-	// memberPeerURL uses the etcd peer headless service name: ${podName}.${serviceName}.${namespace}.svc.cluster.local:2380
+	// memberPeerURL uses the etcd peer headless service name: ${podName}.${serviceName}.${namespace}.svc.${dnsDomain}:2380
 	initialClusters := make([]string, *cfg.Replicas)
 	for index := range initialClusters {
 		memberName := fmt.Sprintf("%s-%d", util.KarmadaEtcdName(name), index)
 
 		// build etcd member cluster peer url
-		memberPeerURL := fmt.Sprintf("http://%s.%s.%s.svc.cluster.local:%v",
+		memberPeerURL := fmt.Sprintf("http://%s.%s.%s.svc.%s:%v",
 			memberName,
 			util.KarmadaEtcdName(name),
 			namespace,
+			dnsDomain,
 			constants.EtcdListenPeerPort,
 		)
 
 		initialClusters[index] = fmt.Sprintf("%s=%s", memberName, memberPeerURL)
 	}
 
 	etcdStatefulSetBytes, err := util.ParseTemplate(KarmadaEtcdStatefulSet, struct {
-		StatefulSetName, Namespace, Image, ImagePullPolicy, EtcdClientService string
-		CertsSecretName, EtcdPeerServiceName                                  string
-		InitialCluster, EtcdDataVolumeName, EtcdCipherSuites                  string
-		Replicas, EtcdListenClientPort, EtcdListenPeerPort                    int32
+		StatefulSetName, Namespace, Image, ImagePullPolicy, DnsDomain string
+		EtcdClientService, CertsSecretName, EtcdPeerServiceName       string
+		InitialCluster, EtcdDataVolumeName, EtcdCipherSuites          string
+		Replicas, EtcdListenClientPort, EtcdListenPeerPort            int32
 	}{
 		StatefulSetName:      util.KarmadaEtcdName(name),
 		Namespace:            namespace,
 		Image:                cfg.Image.Name(),
+		DnsDomain:            dnsDomain,
 		ImagePullPolicy:      string(cfg.ImagePullPolicy),
 		EtcdClientService:    util.KarmadaEtcdClientName(name),
 		CertsSecretName:      util.EtcdCertSecretName(name),

operator/pkg/controlplane/etcd/etcd_test.go

@@ -60,7 +60,7 @@ func TestEnsureKarmadaEtcd(t *testing.T) {
 	// Create fake clientset.
 	fakeClient := fakeclientset.NewSimpleClientset()
 
-	err := EnsureKarmadaEtcd(fakeClient, cfg, name, namespace)
+	err := EnsureKarmadaEtcd(fakeClient, cfg, name, namespace, constants.KarmadaDefaultDNSDomain)
 	if err != nil {
 		t.Fatalf("expected no error, but got: %v", err)
 	}
@@ -98,7 +98,7 @@ func TestInstallKarmadaEtcd(t *testing.T) {
 	// Create fake clientset.
 	fakeClient := fakeclientset.NewSimpleClientset()
 
-	err := installKarmadaEtcd(fakeClient, name, namespace, cfg)
+	err := installKarmadaEtcd(fakeClient, name, namespace, constants.KarmadaDefaultDNSDomain, cfg)
 	if err != nil {
 		t.Fatalf("failed to install karmada etcd, got: %v", err)
 	}

operator/pkg/controlplane/etcd/mainfests.go

@@ -51,7 +51,7 @@ spec:
         - --name=$(KARMADA_ETCD_NAME)
         - --listen-client-urls= https://0.0.0.0:{{ .EtcdListenClientPort }}
         - --listen-peer-urls=http://0.0.0.0:{{ .EtcdListenPeerPort }}
-        - --advertise-client-urls=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.cluster.local:{{ .EtcdListenClientPort }}
+        - --advertise-client-urls=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.{{ .DnsDomain }}:{{ .EtcdListenClientPort }}
         - --initial-cluster={{ .InitialCluster }}
         - --initial-cluster-state=new
         - --client-cert-auth=true

operator/pkg/controlplane/search/mainfests.go

@@ -57,7 +57,7 @@ spec:
             - --kubeconfig=/etc/kubeconfig
             - --authentication-kubeconfig=/etc/kubeconfig
             - --authorization-kubeconfig=/etc/kubeconfig
-            - --etcd-servers=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.cluster.local:{{ .EtcdListenClientPort }}
+            - --etcd-servers=https://{{ .EtcdClientService }}.{{ .Namespace }}.svc.{{ .DnsDomain }}:{{ .EtcdListenClientPort }}
             - --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
             - --etcd-certfile=/etc/karmada/pki/etcd-client.crt
             - --etcd-keyfile=/etc/karmada/pki/etcd-client.key

operator/pkg/controlplane/search/search.go

@@ -33,23 +33,24 @@ import (
 )
 
 // EnsureKarmadaSearch creates karmada search deployment and service resource.
-func EnsureKarmadaSearch(client clientset.Interface, cfg *operatorv1alpha1.KarmadaSearch, name, namespace string, featureGates map[string]bool) error {
-	if err := installKarmadaSearch(client, cfg, name, namespace, featureGates); err != nil {
+func EnsureKarmadaSearch(client clientset.Interface, cfg *operatorv1alpha1.KarmadaSearch, name, namespace, dnsDomain string, featureGates map[string]bool) error {
+	if err := installKarmadaSearch(client, cfg, name, namespace, dnsDomain, featureGates); err != nil {
 		return err
 	}
 
 	return createKarmadaSearchService(client, name, namespace)
 }
 
-func installKarmadaSearch(client clientset.Interface, cfg *operatorv1alpha1.KarmadaSearch, name, namespace string, _ map[string]bool) error {
+func installKarmadaSearch(client clientset.Interface, cfg *operatorv1alpha1.KarmadaSearch, name, namespace, dnsDomain string, _ map[string]bool) error {
 	searchDeploymentSetBytes, err := util.ParseTemplate(KarmadaSearchDeployment, struct {
 		DeploymentName, Namespace, Image, ImagePullPolicy, KarmadaCertsSecret string
-		KubeconfigSecret, EtcdClientService                                   string
+		KubeconfigSecret, EtcdClientService, DnsDomain                        string
 		Replicas                                                              *int32
 		EtcdListenClientPort                                                  int32
 	}{
 		DeploymentName:       util.KarmadaSearchName(name),
 		Namespace:            namespace,
+		DnsDomain:            dnsDomain,
 		Image:                cfg.Image.Name(),
 		ImagePullPolicy:      string(cfg.ImagePullPolicy),
 		KarmadaCertsSecret:   util.KarmadaCertSecretName(name),

operator/pkg/controlplane/search/search_test.go

@@ -56,7 +56,7 @@ func TestEnsureKarmadaSearch(t *testing.T) {
 	// Create fake clientset.
 	fakeClient := fakeclientset.NewSimpleClientset()
 
-	err := EnsureKarmadaSearch(fakeClient, cfg, name, namespace, map[string]bool{})
+	err := EnsureKarmadaSearch(fakeClient, cfg, name, namespace, constants.KarmadaDefaultDNSDomain, map[string]bool{})
 	if err != nil {
 		t.Fatalf("failed to ensure karmada search, but got: %v", err)
 	}
@@ -95,7 +95,7 @@ func TestInstallKarmadaSearch(t *testing.T) {
 	// Create fake clientset.
 	fakeClient := fakeclientset.NewSimpleClientset()
 
-	err := installKarmadaSearch(fakeClient, cfg, name, namespace, map[string]bool{})
+	err := installKarmadaSearch(fakeClient, cfg, name, namespace, constants.KarmadaDefaultDNSDomain, map[string]bool{})
 	if err != nil {
 		t.Fatalf("failed to install karmada search: %v", err)
 	}

operator/pkg/init.go

@@ -201,6 +201,10 @@ func (data *initData) GetNamespace() string {
 	return data.namespace
 }
 
+func (data *initData) GetDNSDomain() string {
+	return data.dnsDomain
+}
+
 func (data *initData) RemoteClient() clientset.Interface {
 	return data.remoteClient
 }

operator/pkg/tasks/init/apiserver.go

@@ -104,6 +104,7 @@ func runKarmadaAPIServer(r workflow.RunData) error {
 		cfg,
 		data.GetName(),
 		data.GetNamespace(),
+		data.GetDNSDomain(),
 		data.FeatureGates())
 	if err != nil {
 		return fmt.Errorf("failed to install karmada apiserver component, err: %w", err)
@@ -147,6 +148,7 @@ func runKarmadaAggregatedAPIServer(r workflow.RunData) error {
 		cfg,
 		data.GetName(),
 		data.GetNamespace(),
+		data.GetDNSDomain(),
 		data.FeatureGates())
 	if err != nil {
 		return fmt.Errorf("failed to install karmada aggregated apiserver, err: %w", err)

operator/pkg/tasks/init/cert.go

@@ -154,6 +154,7 @@ func mutateCertConfig(data InitData, cc *certs.CertConfig) error {
 			Namespace:           data.GetNamespace(),
 			Components:          data.Components(),
 			ControlplaneAddress: data.ControlplaneAddress(),
+			DnsDomain:           data.GetDNSDomain(),
 		}, cc)
 
 		if err != nil {

operator/pkg/tasks/init/component.go

@@ -266,6 +266,7 @@ func runKarmadaSearch(r workflow.RunData) error {
 		cfg.KarmadaSearch,
 		data.GetName(),
 		data.GetNamespace(),
+		data.GetDNSDomain(),
 		data.FeatureGates(),
 	)
 	if err != nil {

operator/pkg/tasks/init/data.go

@@ -29,6 +29,7 @@ type InitData interface {
 	certs.CertStore
 	GetName() string
 	GetNamespace() string
+	GetDNSDomain() string
 	SetControlplaneConfig(config *rest.Config)
 	ControlplaneConfig() *rest.Config
 	ControlplaneAddress() string

operator/pkg/tasks/init/etcd.go

@@ -72,7 +72,7 @@ func runDeployEtcd(r workflow.RunData) error {
 		return errors.New("unexpected empty etcd local configuration")
 	}
 
-	err := etcd.EnsureKarmadaEtcd(data.RemoteClient(), cfg.Etcd.Local, data.GetName(), data.GetNamespace())
+	err := etcd.EnsureKarmadaEtcd(data.RemoteClient(), cfg.Etcd.Local, data.GetName(), data.GetNamespace(), data.GetDNSDomain())
 	if err != nil {
 		return fmt.Errorf("failed to install etcd component, err: %w", err)
 	}

operator/pkg/tasks/init/test_helpers.go

@@ -58,6 +58,7 @@ type TestInitData struct {
 	KarmadaClientConnector clientset.Interface
 	ControlplaneAddr       string
 	Certs                  []*certs.KarmadaCert
+	DnsDomain              string
 }
 
 // Ensure TestInitData implements InitData interface at compile time.
@@ -73,6 +74,11 @@ func (t *TestInitData) GetNamespace() string {
 	return t.Namespace
 }
 
+// GetDNSDomain returns the dnsDomain of the current Karmada installation.
+func (t *TestInitData) GetDNSDomain() string {
+	return t.DnsDomain
+}
+
 // SetControlplaneConfig sets the control plane configuration for Karmada.
 func (t *TestInitData) SetControlplaneConfig(config *rest.Config) {
 	t.ControlplaneConfigREST = config

operator/pkg/tasks/init/upload.go

@@ -69,7 +69,7 @@ func runUploadAdminKubeconfig(r workflow.RunData) error {
 	switch data.Components().KarmadaAPIServer.ServiceType {
 	case corev1.ServiceTypeClusterIP:
 		apiserverName := util.KarmadaAPIServerName(data.GetName())
-		endpoint = fmt.Sprintf("https://%s.%s.svc.cluster.local:%d", apiserverName, data.GetNamespace(), constants.KarmadaAPIserverListenClientPort)
+		endpoint = fmt.Sprintf("https://%s.%s.svc.%s:%d", apiserverName, data.GetNamespace(), data.GetDNSDomain(), constants.KarmadaAPIserverListenClientPort)
 
 	case corev1.ServiceTypeNodePort:
 		service, err := apiclient.GetService(data.RemoteClient(), util.KarmadaAPIServerName(data.GetName()), data.GetNamespace())