DNS in Kubernetes, how does it work ?
Let’s take an example of 2 pods with two IP address, we tell the app to talk to a DB service using a service name. Apps can only send requests to an IP address so how do we tell the app pod to connect to the DB pod? Simple way is to write it in /etc/hosts file as its the first place to look for domain name mapping. As you probably know its not scalability and hard to manage. Instead, it makes more sense to centralize all the mappings into a centralized place versus each pod to have all list of the mappings. That centralized place is the DNS server. Simply point the pod to a Nameserver which has all the records. You do that by entering the name server and its IP to /etc./resolve. Conf in each pod, so we have Nameserver in Kubernetes cluster that manage a list of service names and their IP address and all pods point to this resolve nameserver whenever they want to make requests. The DNS server in Kubernested cluster is CoreDNS
When you first install your cluster with kubeadm init command, there were two addons deployed in the cluster in addition to teh master and worker. One of them as you can see is CoreDNS application that replaces the old version of Kubernetes DNS name: kube-dns. CoreDNS run in kube-system name space by default and has 2 replicas for redundancy due to its critical functionality.
How it works ?
Let’s take an example of 2 pods with two IP address, we tell the app to talk to a DB service using a service name. Apps can only send requests to an IP address so how do we tell the app pod to connect to the DB pod? Simple way is to write it in /etc/hosts file as its the first place to look for domain name mapping. As you probably know its not scalability and hard to manage. Instead, it makes more sense to centralize all the mappings into a centralized place versus each pod to have all list of the mappings. That centralized place is the DNS server. Simply point the pod to a Nameserver which has all the records. You do that by entering the name server and its IP to /etc./resolve. Conf in each pod, so we have Nameserver in Kubernetes cluster that manage a list of service names and their IP address and all pods point to this resolve nameserver whenever they want to make requests. The DNS server in Kubernested cluster is CoreDNS
When you first install your cluster with kubeadm init command, there were two addons deployed in the cluster in addition to the master and worker. One of them as you can see is CoreDNS application that replaces the old version of Kubernetes DNS name: kube-dns. CoreDNS run in kube-system name space by default and has 2 replicas for redundancy due to its critical functionality.
Whenever we create a service in the cluster, CoreDNS creates a record for that service that matches the name of the service to its IP address. Using this new record any pod within the cluster can now reach the service using its name. If you look at every pod using: kubectl exec -it [name] — name base if you : cat /etc/resolve. conf you will see the output: nameserver 10.96.0.10 question is how is this entry was configured in the pod itself? How tells the pods that nameserver in the cluster is coreDNS? the name server is not the IP of teh coreDNS but coreDNS service, to elaborate more if you: kubectl get service -n kube-system | grep dns you will see:
Let’s take an example of 2 pods with two IP address, we tell the app to talk to a DB service using a service name. Apps can only send requests to an IP address so how do we tell the app pod to connect to the DB pod? Simple way is to write it in /etc/hosts file as its the first place to look for domain name mapping. As you probably know its not scalability and hard to manage. Instead, it makes more sense to centralize all the mappings into a centralized place versus each pod to have all list of the mappings. That centralized place is the DNS server. Simply point the pod to a Nameserver which has all the records. You do that by entering the name server and its IP to /etc./resolve. Conf in each pod, so we have Nameserver in Kubernetes cluster that manage a list of service names and their IP address and all pods point to this resolve nameserver whenever they want to make requests. The DNS server in Kubernested cluster is CoreDNS
When you first install your cluster with kubeadm init command, there were two addons deployed in the cluster in addition to the master and worker. One of them as you can see is CoreDNS application that replaces the old version of Kubernetes DNS name: kube-dns. CoreDNS run in kube-system name space by default and has 2 replicas for redundancy due to its critical functionality.
Which is the DNS service itself that was mapped. But still how it is configured? How tell the pods that this is the name server they should use to resolve IP address? It could be also a major security risk. This is kubelet job, it creates automatically on each pod the /etc/resolve.conf file with the name server content. If you look at /var/lib/kubelet/config.yaml in you Kubernetes cluster you will see the ClusterDNS with 10.96.0.10
The issue with namespace
By default a namenamespace, sod default is created and each hostname is mapped to it. You can create namespaces as much as you waat:ndetc.ace new . Confces in it. All thof viceses of all namespaces are grouped togethein and SVC subdomain so each troubleeshooting addressed by a service name <servicename>.<namesp. Svc.svc cabinetsetes createRoot Domainrk, butalled works, it.Local so the full name of any service in the cluster would be <servicename>.<namespaceClusterlLocal.local that is also :lled : FQDN Fully Qualified Domain Name. This helps us to access any service that resides in the default nameshowever, ifver if the service reside in a different namespace we must provide the full name syntadefaultdefult Kubernetes tries to resolve names in thenamespace, soace so if we want to connect a pod from another namespace we must explicitly declare it. The searchat:e in : /etc./r. Confe.conf which is theofst for host-name lookup that allows the lookup within the same namespace.troubletshootinghoting tip, if you have an issue where accessing a service using just the name and it dowork, butrk butworks, itrks it means your Kubernetes cluster has an issue with resolving service names.
Join my Linkedin