Kubernetes DNS Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(31 intermediate revisions by the same user not shown)
Line 1: Line 1:
=Internal=
=Internal=
* [[Kubernetes Networking Concepts#DNS_Support|Kubernetes Networking Concepts]]
* [[Kubernetes_Concepts#Subjects|Kubernetes Concepts]]
* [[Kubernetes_Concepts#Subjects|Kubernetes Concepts]]
* [[Kubernetes Networking Concepts#DNS_Support|Kubernetes Networking Concepts]]
 
=Overview=
=Overview=


Each [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Cluster|Kubernetes cluster]] runs its own DNS service. The DNS service is exposed as a [[#The_DNS_Service|kube-dns]] Kubernetes [[Kubernetes_Service_Concepts#Service_.28ClusterIP_Service.29|ClusterIP service]], running in the "kube-system" namespace. The service is backed by two [[#CoreDNS|coredns]] highly-available pods, also deployed in the "kube-system" namespace.
Each [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Cluster|Kubernetes cluster]] runs its own DNS service. The DNS service is exposed as a [[#The_DNS_Service|kube-dns]] Kubernetes [[Kubernetes_Service_Concepts#Service_.28ClusterIP_Service.29|ClusterIP service]], running in the "kube-system" namespace. The service is backed by two [[#CoreDNS|coredns]] highly-available pods, also deployed in the "kube-system" namespace.


=The DNS Service=
=<span id='DNS_Service'></span>The DNS Service=
 
Each Kubernetes [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Cluster|cluster]] runs an internal DNS service. The DNS service is exposed as a regular Kubernetes [[Kubernetes_Service_Concepts#Service|ClusterIP service]], deployed in the "kube-system" namespace, which in turn exposes the Kubernetes [[#The_DNS_Server|internal DNS server]]:
Each Kubernetes [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Cluster|cluster]] runs an internal DNS service. The DNS service is exposed as a regular Kubernetes [[Kubernetes_Service_Concepts#Service|ClusterIP service]], deployed in the "kube-system" namespace, which in turn exposes the Kubernetes [[#Internal_DNS_Server|internal DNS server]]:
<syntaxhighlight lang='text'>
<syntaxhighlight lang='text'>
NAME      TYPE        CLUSTER-IP  EXTERNAL-IP  PORT(S)                  AGE
NAME      TYPE        CLUSTER-IP  EXTERNAL-IP  PORT(S)                  AGE
kube-dns  ClusterIP  10.96.0.10  <none>        53/UDP,53/TCP,9153/TCP  49d
kube-dns  ClusterIP  10.96.0.10  <none>        53/UDP,53/TCP,9153/TCP  49d
</syntaxhighlight>
</syntaxhighlight>
The static ClusterIP address allocated to the DNS service (10.96.0.10) is hardcoded into every pod in the cluster, allowing the pods to resolve service names.  
The static ClusterIP address allocated to the DNS service (10.96.0.10) is [[#Name_Resolution_inside_a_Pod|hardcoded]] into every pod in the cluster, allowing the pods to resolve service names.  


Every time a new Kubernetes [[Kubernetes_Service_Concepts#Service|service]] is deployed, the Kubernetes cluster automatically updates the internal database with service name to ClusterIP address mappings, making the ClusterIP address of the new service dynamically available to all other pods in the cluster. The mechanism is explained in detail in: {{Internal|Kubernetes_Service_Concepts#DNS|Services and DNS}}
Every time a new Kubernetes [[Kubernetes_Service_Concepts#Service|service]] is deployed, the Kubernetes cluster automatically updates the internal database with service name to ClusterIP address mappings, making the ClusterIP address of the new service dynamically available to all other pods in the cluster. The mechanism is explained in detail in: {{Internal|Kubernetes_Service_Concepts#DNS|Services and DNS}}
[[Kubernetes_Higher_Level_Pod_Controllers#StatefulSet|StatefulSets]] and the individual pods managed by a StatefulSet are also registered with the DNS service.
[[Kubernetes Workload Resources#StatefulSet|StatefulSets]] and the individual pods managed by a StatefulSet are also registered with the DNS service.


=DNS Operations=
=Name Resolution inside a Pod=
A pod can be configured to use the [[#DNS_Server|internal DNS server]] or not for DNS queries executed on the pod. This behavior is configured with the pod manifest [[Kubernetes_Pod_Manifest#Example|dnsPolicy]] element.


* [[Kubernetes DNS Operations#Troubleshooting_DNS_Resolution|Troubleshooting DNS resolution]]
Each pod gets an <code>/etc/resolv.conf</code> with a name server hardcoded to the IP address of the DNS service <code>kube-dns</code>:
 
=<span id='Internal_DNS_Server></span>DNS Implementation Details=
==CoreDNS==
<syntaxhighlight lang='text'>
<syntaxhighlight lang='text'>
NAME                        READY  STATUS    RESTARTS  AGE
nameserver 10.96.0.10
coredns-5644d7b6d9-kcxt6    1/1    Running  0          8h
search default.svc.cluster.local svc.cluster.local cluster.local
coredns-5644d7b6d9-mztf9    1/1    Running  0          8h
options ndots:5
</syntaxhighlight>
</syntaxhighlight>
==kube-dns==
The local DNS library is thus configured to use by default the name server behind the Kubernetes [[#DNS_Service|DNS service]].
Note that <code>kube-dns</code> seems to be both the name of the Kubernetes [[#DNS_Service|DNS service]] and the name of a backing provider.
==SkyDNS==


Each name being resolved on a pod is successively looked up, in order, in the following DNS subdomains: "default.svc.cluster.local", "svc.cluster.local" and "cluster.local". For more details see [[/etc/resolv.conf#Search|/etc/resolv.conf search]].


=cluster.local=


"cluster.local" is a configurable cluster domain suffix used in all cluster local names.


==svc.cluster.local==
All services in the cluster belong to "svc.cluster.local" subdomain.


=TODO=
<font color=darkgray>
* TODO: https://medium.com/kubernetes-tutorials/kubernetes-dns-for-services-and-pods-664804211501
</font>


=DNS Operations=


* [[Kubernetes DNS Operations#Troubleshooting_DNS_Resolution|Troubleshooting DNS resolution]]


=<span id='Internal_DNS_Server></span>DNS Implementation Details=


-----------
==<span id='DNS_Server'></span>The DNS Server==


The Kubernetes cluster's DNS server implementation is based on [[#CoreDNS|CoreDNS]], [[#kube-dns|kube-dns]] or [[#SkyDNS|SkyDNS]], depending on version. The pods implementing the DNS support are exposed to the cluster via a [[#DNS_Service|DNS ClusterIP Service]].


 
===CoreDNS===
<font color=darkgray>Explain default.svc.cluster.local, svc.cluster.local, cluster.local.</font>
 
TODO: https://medium.com/kubernetes-tutorials/kubernetes-dns-for-services-and-pods-664804211501
 
==Name Resolution inside a Pod==
 
Each pod gets an <code>/etc/resolv.conf</code> with a name server hardcoded to the IP address of the DNS service <code>kube-dns</code>:
<syntaxhighlight lang='text'>
<syntaxhighlight lang='text'>
nameserver 10.96.0.10
NAME                        READY  STATUS    RESTARTS  AGE
search default.svc.cluster.local svc.cluster.local cluster.local
coredns-5644d7b6d9-kcxt6    1/1    Running  0         8h
options ndots:5
coredns-5644d7b6d9-mztf9    1/1    Running  0          8h
</syntaxhighlight>
</syntaxhighlight>
The local DNS library is thus configured to use by default the name server behind the Kubernetes [[#DNS_Service|DNS service]].
===kube-dns===
Note that <code>kube-dns</code> seems to be both the name of the Kubernetes [[#DNS_Service|DNS service]] and the name of a backing provider.
===SkyDNS===
 
=External DNS=


==Services and Naming==
{{Internal|external-dns|external-dns}}

Latest revision as of 23:31, 11 July 2023

Internal

Overview

Each Kubernetes cluster runs its own DNS service. The DNS service is exposed as a kube-dns Kubernetes ClusterIP service, running in the "kube-system" namespace. The service is backed by two coredns highly-available pods, also deployed in the "kube-system" namespace.

The DNS Service

Each Kubernetes cluster runs an internal DNS service. The DNS service is exposed as a regular Kubernetes ClusterIP service, deployed in the "kube-system" namespace, which in turn exposes the Kubernetes internal DNS server:

NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   49d

The static ClusterIP address allocated to the DNS service (10.96.0.10) is hardcoded into every pod in the cluster, allowing the pods to resolve service names.

Every time a new Kubernetes service is deployed, the Kubernetes cluster automatically updates the internal database with service name to ClusterIP address mappings, making the ClusterIP address of the new service dynamically available to all other pods in the cluster. The mechanism is explained in detail in:

Services and DNS

StatefulSets and the individual pods managed by a StatefulSet are also registered with the DNS service.

Name Resolution inside a Pod

A pod can be configured to use the internal DNS server or not for DNS queries executed on the pod. This behavior is configured with the pod manifest dnsPolicy element.

Each pod gets an /etc/resolv.conf with a name server hardcoded to the IP address of the DNS service kube-dns:

nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

The local DNS library is thus configured to use by default the name server behind the Kubernetes DNS service.

Each name being resolved on a pod is successively looked up, in order, in the following DNS subdomains: "default.svc.cluster.local", "svc.cluster.local" and "cluster.local". For more details see /etc/resolv.conf search.

cluster.local

"cluster.local" is a configurable cluster domain suffix used in all cluster local names.

svc.cluster.local

All services in the cluster belong to "svc.cluster.local" subdomain.

TODO

DNS Operations

DNS Implementation Details

The DNS Server

The Kubernetes cluster's DNS server implementation is based on CoreDNS, kube-dns or SkyDNS, depending on version. The pods implementing the DNS support are exposed to the cluster via a DNS ClusterIP Service.

CoreDNS

NAME                         READY   STATUS    RESTARTS   AGE
coredns-5644d7b6d9-kcxt6     1/1     Running   0          8h
coredns-5644d7b6d9-mztf9     1/1     Running   0          8h

kube-dns

Note that kube-dns seems to be both the name of the Kubernetes DNS service and the name of a backing provider.

SkyDNS

External DNS

external-dns