Kubernetes DNS Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 18: Line 18:


=Name Resolution inside a Pod=
=Name Resolution inside a Pod=
A pod can be configured to use the internal DNS server or not for its DNS queries. The configuration element in question is dnsPolicy, present in the pod manifest.
A pod can be configured to use the [[#DNS_Server|internal DNS server]] or not for its DNS queries. The configuration element in question is dnsPolicy, present in the pod manifest.


Each pod gets an <code>/etc/resolv.conf</code> with a name server hardcoded to the IP address of the DNS service <code>kube-dns</code>:
Each pod gets an <code>/etc/resolv.conf</code> with a name server hardcoded to the IP address of the DNS service <code>kube-dns</code>:

Revision as of 06:29, 20 September 2020

Internal

Overview

Each Kubernetes cluster runs its own DNS service. The DNS service is exposed as a kube-dns Kubernetes ClusterIP service, running in the "kube-system" namespace. The service is backed by two coredns highly-available pods, also deployed in the "kube-system" namespace.

The DNS Service

Each Kubernetes cluster runs an internal DNS service. The DNS service is exposed as a regular Kubernetes ClusterIP service, deployed in the "kube-system" namespace, which in turn exposes the Kubernetes internal DNS server: 

NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   49d

The static ClusterIP address allocated to the DNS service (10.96.0.10) is hardcoded into every pod in the cluster, allowing the pods to resolve service names.

Every time a new Kubernetes service is deployed, the Kubernetes cluster automatically updates the internal database with service name to ClusterIP address mappings, making the ClusterIP address of the new service dynamically available to all other pods in the cluster. The mechanism is explained in detail in:

Services and DNS

StatefulSets and the individual pods managed by a StatefulSet are also registered with the DNS service.

Name Resolution inside a Pod

A pod can be configured to use the internal DNS server or not for its DNS queries. The configuration element in question is dnsPolicy, present in the pod manifest.

Each pod gets an /etc/resolv.conf with a name server hardcoded to the IP address of the DNS service kube-dns: 

nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

The local DNS library is thus configured to use by default the name server behind the Kubernetes DNS service.

Based on /etc/resolv.conf configuration, each name being resolved resolved on any pod is successively looked up, in order, in the following DNS subdomains: "default.svc.cluster.local", "svc.cluster.local" and "cluster.local". Explain default.svc.cluster.local, svc.cluster.local, cluster.local.

TODO

DNS Operations

DNS Implementation Details

The DNS Server

The Kubernetes cluster's DNS server implementation is based on CoreDNS, kube-dns or SkyDNS, depending on version. The pods implementing the DNS support are exposed to the cluster via a DNS ClusterIP Service.

CoreDNS

NAME                         READY   STATUS    RESTARTS   AGE
coredns-5644d7b6d9-kcxt6     1/1     Running   0          8h
coredns-5644d7b6d9-mztf9     1/1     Running   0          8h

kube-dns

Note that kube-dns seems to be both the name of the Kubernetes DNS service and the name of a backing provider.

SkyDNS

Retrieved from "https://kb.novaordis.com/index.php?title=Kubernetes_DNS_Concepts&oldid=69172"