Docs
uk8s
Cluster Component Management
CoreDNS
Configure custom DNS service

Configure Custom DNS Service

This article mainly introduces how to use a custom DNS service in the UK8S cluster.

Starting from Kubernetes 1.11, CoreDNS replaced kube-dns as the default DNS scheme. The current version of Kubernetes supported by UK8S is >= 1.11, so this article mainly introduces how to modify the configuration of CoreDNS to achieve the purpose of using a custom DNS service.

Introduction

CoreDNS is a modular, plug-in DNS server, whose configuration file information is saved in the Corefile. UK8S cluster administrators can configure a custom DNS service by modifying the ConfigMap.

In UK8S, the default Corefile configuration information of CoreDNS is as follows:

apiVersion: v1
kind: ConfigMap
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream 
          fallthrough in-addr.arpa ip6.arpai
          ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf {
          policy sequential
        }
        cache 30
        loop
        reload
        loadbalance
    }
metadata:
  name: coredns
  namespace: kube-system

The Corefile configuration information includes the following CoreDNS plugins:

  • errors: error logs will be printed to the container log in standard output;

  • health: The health status of CoreDNS;

  • kubernetes: The Kubernetes plugin is the module used in CoreDNS to replace kube-dns, and it completes the work of converting the domain name of the service to IP. The functions of commonly used parameters are as follows:

    • pods POD-MODES: used to set the processing mode of Pod’s A record, such as 1-2-3-4.ns.pod.cluster.local. in A 1.2.3.4. pods disabled is the default value, which means that dns records are not provided for the pod; pods insecure will always return the corresponding A record without verifying ns; pods verified will verify whether ns is correct. If there is a corresponding pod under this ns, then return the A record.

    • upstream [ADDRESS..]: Defines the upstream dns server used to resolve external hosts. If not specified, CoreDNS will handle it by itself, such as using the proxy plugin that will be introduced later.

    • fallthrough [ZONE..]: If this option is specified, the DNS query will be forwarded in the plugin chain. This plugin chain can contain another plugin to handle the query, such as in-addr.arpa.

  • prometheus: Metrics exposed by CoreDNS, the default is http://localhost:9153/metrics.

  • forward [from to]: Any domain name not belonging to the Kubernetes cluster, its DNS request will point to the DNS server address specified by forward. from is generally ”.”, representing all domain names. To can be multiple, such as 111.114.114.114 8.8.8.8. It should be noted that the new version of CoreDNS replaces the proxy plugin with the forward plugin, but the usage method is the same. If your cluster is a proxy, it is recommended to change to a forward plugin, which has better performance.

  • reload: allows to automatically load changed Corefile. It is recommended to configure it so that CoreDNS can implement hot updates.

For the meaning of other options, please see the official Kubernetes documentation. Next, let’s give an example of how to modify ConfigMap.

Example

Configure the DNS Server for Special Domains

Assuming we have a service domain of ucloudk8s with a private DNS Server address of 10.9.10.8, the cluster administrator can add the following rule in kubectl edit configmap/coredns -n kube-system. This is an independent Server Block, and we can configure different Server Blocks for different domains in the Corefile.

ucloudk8s.com:53 {
        errors
        cache 30
        forward . 10.9.10.8
    }

And, we don’t want to use the DNS server configured in /etc/resolv.conf as the upstream server, but point to the self-built DNS Server, just directly modify the previously mentioned upstream and proxy options.

upstream 10.9.10.8
forward .  172.16.0.1

The configmap after modifying is as follows:

apiVersion: v1
kind: ConfigMap
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream 10.9.10.8
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . 10.9.10.8
        cache 30
        loop
        reload
        loadbalance
        }
    ucloudk8s.com:53 {
        errors
        cache 30
        forward . 10.9.10.8
       }
metadata:
  name: coredns
  namespace: kube-system

Verification

We install a DNS server on a cloud host under the same VPC (please do not operate in the UK8S Node node) to verify whether the custom DNS is working normally.

Install DNS Server Through Docker

docker run -d -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN --name dns-server andyshinn/dnsmasq:2.75

Enter the Container

docker exec -it dns-server /bin/sh

Configure Upstream DNS Server

vi /etc/resolv.dnsmasq

nameserver 114.114.114.114
nameserver 8.8.8.8

Configure Local Resolution Rules

vi /etc/dnsmasqhosts

110.110.110.110 baidu.com

Modify the dnsmasq configuration file, specify to use the above two custom configuration files, modify the following two options, and restart the container.

vi /etc/dnsmasq.conf

resolv-file=/etc/resolv.dnsmasq
addn-hosts=/etc/dnsmasqhosts

docker restart dns-server

Modify CoreDNS’s configmap, add the following rules.

baidu.com:53{
  errors
  cache 30
  forward . 10.9.10.8 (You need to modify it to your DNS address for testing)      

 }

Enter K8S container and test with dig command. You can see that the resolution address is 110.110.110.110, which is as expected.

bash-4.4# dig baidu.com

; <<>> DiG 9.12.3-P4 <<>> baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39140
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com.                     IN      A

;; ANSWER SECTION:
baidu.com.              5       IN      A       110.110.110.110

;; Query time: 4 msec
;; SERVER: 172.17.0.2#53(172.17.0.2)
;; WHEN: Mon May 27 09:11:50 UTC 2019
;; MSG SIZE  rcvd: 63

FAQs

Modified CoreFile, But the Resolver is not Successful

First, make sure that CoreFile contains the reload plugin. If not, you need to add reload and rebuild CoreDNS to load the latest DNS rules.

Secondly, check the CoreDNS log through ”kubectl logs COREDNS-POD-NAME -n kube-system” to confirm whether CoreDNS is working normally and whether the DNS configuration is successfully loaded.

If it still doesn’t work normally, execute ”dig @YOUR-DNS-SERVER-ADDRESS YOUR-DOMAIN” in the container or Pod to confirm whether your DNS server is working normally.

If the above operations are all invalid, please contact UCloud Global technical support for assistance.

ETCD Backup and RecoveryDocker VS Containerd