kubernetes-training

Small setup, no centralized DNS server

• cat >> /etc/host is source of truth for small environment

Centralized DNS server

• cat /etc/resolve.conf -> dns-name-server 192.168.1.100 : the dns server is at .1.100 ip
• If there’s two alias for same host: local host is effective
• cat /etc/nsswitch.conf

	# /etc/nsswitch.conf
	#
	# Example configuration of GNU Name Service Switch functionality.
	# If you have the `glibc-doc-reference' and `info' packages installed, try:
	# `info libc "Name Service Switch"' for information about this file.
	
	passwd:         files systemd
	group:          files systemd
	shadow:         files
	gshadow:        files
	
	hosts:          files mdns4_minimal [NOTFOUND=return] dns  <-- l to r order
	networks:       files
	
	protocols:      db files
	services:       db files
	ethers:         db files
	rpc:            db files
	
	netgroup:       nis

• /etc/resolve.conf can be used to add server name that host doesn’t know about. But if the server is a popular one, entry should be added to centralized DNS server

Core DNS

We are given a server dedicated as the DNS server, and a set of Ips to configure as entries in the server. There are many DNS server solutions out there, we will focus on a particular one – CoreDNS

Install

Set up

• First we put all of the entries into the DNS servers /etc/hosts file
• And then we configure CoreDNS to use that file. CoreDNS loads it’s configuration from a file named Corefile. Here is a simple configuration that instructs CoreDNS to fetch the IP to hostname mappings from the file /etc/hosts. When the DNS server is run, it now picks the Ips and names from the /etc/hosts file on the server

DNS in Kubernetes

Record for service

web-service is name of the service, apps is the namespace, all services are grouped together into a subdomain called svc. Finally all svc and pods are grouped together under cluster.local –> web-service.apps.svc.cluster.local

Record for pod

• pod’s name is generated by replacing . with -
• Subdomain: pod ->10-244-2-5.apps.pod.cluster.local

  CoreDNS

• /etc/resovl.conf: includes entry points to the central DNS’s server
• On the DNS server: pods created have their ip appended

  Setup

• CoreDNS is deployed as 2 pod of a replicaset in kube-system ns
• The pod runs ./coredns executable, requires a config file /etc/coredns/Corefile
• highlighted in orange are configured pluggins for various purposes: checking err, health, prometheus,etc.
• kubernetes: where top level’s domain name is set
• pods insecure: enable pod’s name resolution, which is often disabled by default.
• Any server that the ood can’t solve: is forwarded to proxy
• /etc/coredns/Corefile is passed into coredns pod as a configmap
• coredns is deployed and is there to watch for new pod/svc created and update the record accordingly.

  How does pods reach DNS server?

• coredns is deployed with a svc to made avail to other components within the cluster: kube-dns
• The ip address of kube-dns service is configured as the name-server on pod
• When pods are created, kubelet is responsible for pointing pod to this name-server. clusterDNS and clusterDomain fields are configured in the kubelet’s config file (in the picture)

  [!Note] resolve.conf has some default search field to help setting default domain. This only helps with services, pods need to use the full FQDN(Full Qualified Domain Name)

• For instance: web-service would resolve to web-service.default.svc.cluster.local