• Cloud Container Engine

cce
  1. Help Center
  2. Cloud Container Engine
  3. User Guide 2.0
  4. Add-on Management
  5. coredns

coredns

The coredns add-on is a DNS server that chains plug-ins and provides domain name resolution services for Kubernetes clusters. Only clusters of Kubernetes 1.11 and later support this add-on.

Introduction to the Add-on

coredns is a Cloud Native Computing Foundation (CNCF) incubating project for DNS and service discovery in a cloud-native environment. coredns chains add-ons to achieve agility and flexibility. coredns can automatically discover services in a Kubernetes cluster and provide domain name resolution for these services. In addition, by connecting to the DNS server of cloud, coredns can resolve external domain names for applications in a cluster. Currently, coredns is the recommended DNS server for clusters in Kubernetes 1.11 and later.

Application Scenarios

The coredns add-on is installed by default in clusters of which the version is 1.11. When an add-on upgrade or bug fix is available, you only need to install or upgrade the coredns add-on. Upgrading or re-creating the cluster is not required.

Configuring the Stub Domain for coredns

Cluster administrators can modify the ConfigMap for the coredns Corefile to change how service discovery works. coredns has the ability to configure stub domains using the proxy plugin.

Assume that a cluster operator has a Consul DNS server located at 10.150.0.1 and all Consul names have the suffix .consul.local. To configure Consul in coredns, the cluster administrator creates the following information in the coredns ConfigMap:

consul.local:5353 {
        errors
        cache 30
        proxy . 10.150.0.1
    }

ConfigMap after modification:

apiVersion: v1
data:
  Corefile: |-
    .:5353 {
        cache 30
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream /etc/resolv.conf
          fallthrough in-addr.arpa ip6.arpa
        }
        loadbalance round_robin
        prometheus 10.0.0.0:9153
        proxy . /etc/resolv.conf
        reload
    }

    consul.local:5353 {
        errors
        cache 30
        proxy . 10.150.0.1
    }
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system

How Does Domain Name Resolution Work in Kubernetes?

DNS policies can be set on a per-pod basis. Currently, Kubernetes supports the following pod-specific DNS policies: Default, ClusterFirst, ClusterFirstWithHostNet, and None. For more details, see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/. These policies are specified in the dnsPolicy field of a pod Spec.

NOTE:
  • Kubernetes 1.10 and later support all four types of DNS policies. Kubernetes earlier than v1.10 supports only three types of policies, that is, Default, ClusterFirst, and ClusterFirstWithHostNet.
  • Default is not the default DNS policy. If dnsPolicy is not explicitly specified, ClusterFirst is used.

Without custom configurations: Any query that does not match the configured cluster domain suffix, such as "www.kubernetes.io", is forwarded to the upstream DNS server inherited from the node.

With custom configurations: If stub domains and upstream DNS servers are configured, DNS queries are routed according to the following flow:

  1. The query is first sent to the DNS caching layer in kube-dns.
  2. From the caching layer, the suffix of the request is examined and then forwarded to the appropriate DNS, based on the following cases:
    • Names with the cluster suffix, for example ".cluster.local": The request is sent to kube-dns.
    • Names with the stub domain suffix, for example ".acme.local": The request is sent to the configured custom DNS resolver, listening for example at 10.2.3.4.
    • Names without a matching suffix, for example "widget.com": The request is forwarded to the upstream DNS server, for example Google public DNS server at 10.8.8.8 and 10.8.4.4.
    Figure 1 Routing

Installing the Add-on

By default, coredns is installed in clusters of Kubernetes v1.11 and later. Note that only clusters of Kubernetes v1.11 and later support coredns.

Upgrading the Add-on

  1. Log in to the CCE console. In the navigation pane, choose Add-on Management. On the Add-on Instances tab page, click Upgrade under coredns. If the upgrade button is unavailable, the current add-on version is up-to-date and no upgrade is required. The coredns add-on will be upgraded in rolling upgrade mode to ensure that the domain name resolution service is not interrupted.
  2. On the Basic Information page, select the add-on version, and click Next.
  3. Select instance specifications, and click Upgrade.

Uninstalling the Add-on

  1. Log in to the CCE console. In the navigation pane, choose Add-on Management. On the Add-on Instances tab page, click Uninstall under coredns.
  2. In the dialog box that is displayed, click OK to uninstall the add-on.