Kubernetes指南
Linux性能优化实战eBPF 核心技术与实战SDN指南个人博客
EN
EN
  • Overview
  • Introduction
    • Kubernetes Introduction
    • Kubernetes Concepts
    • Kubernetes 101
    • Kubernetes 201
    • Kubernetes Cluster
  • Concepts
    • Concepts
    • Architecture
    • Design Principles
    • Components
      • etcd
      • kube-apiserver
      • kube-scheduler
      • kube-controller-manager
      • kubelet
      • kube-proxy
      • kube-dns
      • Federation
      • kubeadm
      • hyperkube
      • kubectl
    • Objects
      • Autoscaling
      • ConfigMap
      • CronJob
      • CustomResourceDefinition
      • DaemonSet
      • Deployment
      • Ingress
      • Job
      • LocalVolume
      • Namespace
      • NetworkPolicy
      • Node
      • PersistentVolume
      • Pod
      • PodPreset
      • ReplicaSet
      • Resource Quota
      • Secret
      • SecurityContext
      • Service
      • ServiceAccount
      • StatefulSet
      • Volume
  • Setup
    • Setup Guidance
    • kubectl Install
    • Single Machine
    • Feature Gates
    • Best Practice
    • Version Support
    • Setup Cluster
      • kubeadm
      • kops
      • Kubespray
      • Azure
      • Windows
      • LinuxKit
      • kubeasz
    • Setup Addons
      • Addon-manager
      • DNS
      • Dashboard
      • Monitoring
      • Logging
      • Metrics
      • GPU
      • Cluster Autoscaler
      • ip-masq-agent
  • Extension
    • API Extension
      • Aggregation
      • CustomResourceDefinition
    • Access Control
      • Authentication
      • RBAC Authz
      • Admission
    • Scheduler Extension
    • Network Plugin
      • CNI
      • Flannel
      • Calico
      • Weave
      • Cilium
      • OVN
      • Contiv
      • SR-IOV
      • Romana
      • OpenContrail
      • Kuryr
    • Container Runtime
      • CRI-tools
      • Frakti
    • Storage Driver
      • CSI
      • FlexVolume
      • glusterfs
    • Network Policy
    • Ingress Controller
      • Ingress + Letsencrypt
      • minikube Ingress
      • Traefik Ingress
      • Keepalived-VIP
    • Cloud Provider
    • Device Plugin
  • Cloud Native Apps
    • Apps Management
      • Patterns
      • Rolling Update
      • Helm
      • Operator
      • Service Mesh
      • Linkerd
      • Linkerd2
    • Istio
      • Deploy
      • Traffic Management
      • Security
      • Policy
      • Metrics
      • Troubleshooting
      • Community
    • Devops
      • Draft
      • Jenkins X
      • Spinnaker
      • Kompose
      • Skaffold
      • Argo
      • Flux GitOps
  • Practices
    • Overview
    • Resource Management
    • Cluster HA
    • Workload HA
    • Debugging
    • Portmap
    • Portforward
    • User Management
    • GPU
    • HugePage
    • Security
    • Audit
    • Backup
    • Cert Rotation
    • Large Cluster
    • Big Data
      • Spark
      • Tensorflow
    • Serverless
  • Troubleshooting
    • Overview
    • Cluster Troubleshooting
    • Pod Troubleshooting
    • Network Troubleshooting
    • PV Troubleshooting
      • AzureDisk
      • AzureFile
    • Windows Troubleshooting
    • Cloud Platform Troubleshooting
      • Azure
    • Troubleshooting Tools
  • Community
    • Development Guide
    • Unit Test and Integration Test
    • Community Contribution
  • Appendix
    • Ecosystem
    • Learning Resources
    • Domestic Mirrors
    • How to Contribute
    • Reference Documents
由 GitBook 提供支持
在本页
  • CoreDNS: The Preferred Choice for Kubernetes
  • Supported DNS Record Types
  • Configuring Private and Upstream DNS Servers
  • kube-dns
  • Deploying a kube-dns Example
  • How kube-dns Works
  • A Glimpse at the Source Code
  • Common Issues
  • Reference Materials
  1. Setup
  2. Setup Addons

DNS

上一页Addon-manager下一页Dashboard

最后更新于1年前

DNS within Kubernetes serves as one of its core functionalities, offering naming services through extensions like kube-dns or CoreDNS.

CoreDNS: The Preferred Choice for Kubernetes

Starting with version 1.11, is available for naming services and was adopted as the default DNS service from v1.13 onward. CoreDNS distinguishes itself by its increased efficiency and reduced resource consumption, making it the recommended replacement for kube-dns in cluster DNS service provision.

The process of upgrading from kube-dns to CoreDNS involves:

$ git clone https://github.com/coredns/deployment
$ cd deployment/kubernetes
$ ./deploy.sh | kubectl apply -f -
$ kubectl delete --namespace=kube-system deployment kube-dns

For new deployments, to view the configuration method for the CoreDNS extension.

Supported DNS Record Types

  • Service

    • A record: Generates my-svc.my-namespace.svc.cluster.local with IP resolution in two scenarios:

      • Normal Service resolves to Cluster IP.

      • Headless Service resolves to a specified list of Pod IPs.

    • SRV record: Generates _my-port-name._my-port-protocol.my-svc.my-namespace.svc.cluster.local.

  • Pod

    • A record: pod-ip-address.my-namespace.pod.cluster.local.

    • Specific hostname and subdomain: hostname.custom-subdomain.default.svc.cluster.local as illustrated below:

apiVersion: v1
kind: Pod
metadata:
  name: busybox2
  labels:
    name: busybox
spec:
  hostname: busybox-2
  subdomain: default-subdomain
  containers:
  - image: busybox
    command:
      - sleep
      - "3600"
    name: busybox

Configuring Private and Upstream DNS Servers

As of Kubernetes 1.6, customization of stub domains and upstream name servers is possible by providing a ConfigMap to kube-dns. For example, the following setup inserts a separate private root DNS server along with two upstream DNS servers.

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stubDomains: |
    {“acme.local”: [“1.2.3.4”]}
  upstreamNameservers: |
    [“8.8.8.8”, “8.8.4.4”]

Using the specific configuration mentioned above, query requests are initially sent to the DNS cache layer of kube-dns (the Dnsmasq server). The server first checks the request's suffix, sending those with a cluster suffix (e.g., ”.cluster.local”) to kube-dns and names with a stub domain suffix (e.g., ”.acme.local”) to the designated private DNS server [“1.2.3.4”]. Lastly, requests not matching any of these suffixes will be forwarded to the upstream DNS [“8.8.8.8”, “8.8.4.4”].

kube-dns

Deploying a kube-dns Example

kubectl apply -f https://github.com/feiskyer/kubernetes-handbook/raw/master/manifests/kubedns/kube-dns.yaml

This action will initiate a Pod within Kubernetes that contains three containers running the three DNS-related services:

# kube-dns container
kube-dns --domain=cluster.local. --dns-port=10053 --config-dir=/kube-dns-config --v=2

# dnsmasq container
dnsmasq-nanny -v=2 -logtostderr -configDir=/etc/k8s/dns/dnsmasq-nanny -restartDnsmasq=true -- -k --cache-size=1000 --log-facility=- --server=127.0.0.1#10053

# sidecar container
sidecar --v=2 --logtostderr --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A
kubectl apply -f https://github.com/feiskyer/kubernetes-handbook/raw/master/manifests/kubedns/coredns.yaml

How kube-dns Works

As the diagram below illustrates, kube-dns is comprised of three containers:

  • kube-dns: The core component of DNS services, mainly consisting of KubeDNS and SkyDNS

    • KubeDNS is responsible for monitoring changes in Services and Endpoints, and updating the relevant information in SkyDNS.

    • SkyDNS handles DNS resolution, listening on port 10053 (tcp/udp), as well as port 10055 for metrics.

    • The kube-dns service also listens on port 8081 for health checks.

  • dnsmasq-nanny: Responsible for starting dnsmasq and restarting it upon configuration changes.

    • dnsmasq's upstream is SkyDNS, meaning internal DNS resolution within the cluster is managed by SkyDNS.

  • sidecar: Responsible for health checks and serving DNS metrics (listening on port 10054).

A Glimpse at the Source Code

Common Issues

DNS Resolution Issues in Ubuntu 18.04

Ubuntu 18.04 by default enables systemd-resolved, which places nameserver 127.0.0.53 in the system's /etc/resolv.conf. Since this is a local address, it may cause CoreDNS or kube-dns to fail in resolving external web addresses.

The solution involves replacing the systemd-resolved generated resolv.conf file:

sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

Alternatively, manually specify the resolv.conf path for the DNS service:

--resolv-conf=/run/systemd/resolve/resolv.conf

Reference Materials

DNS services are generally deployed as extensions, for instance by placing the in the /etc/kubernetes/addons directory on the Master node. Manual deployment is also an option:

Kubernetes v1.10 also supports the Beta version of CoreDNS which has performance advantages over kube-dns. This can be deployed as an extension by placing in the /etc/kubernetes/addons directory on the Master node, or deployed manually:

The code for kube-dns has been separated from the main Kubernetes repository, now housed at .

The code for kube-dns, dnsmasq-nanny, and sidecar all start at cmd/<cmd-name>/main.go, and they call on pkg/dns, pkg/dnsmasq, and pkg/sidecar respectively to execute their tasks. The core DNS resolution, however, directly utilizes code from github.com/skynetservices/skydns/server with specific implementation visible at .

CoreDNS
click here
kube-dns.yaml
coredns.yaml
https://github.com/kubernetes/dns
skynetservices/skydns
dns-pod-service Introduction
coredns/coredns