DNS service in Konvoy is provided by CoreDNS. CoreDNS is configured as a Deployment with 2 replicas in the kube-system namespace:
kubectl -n kube-system get deployment -l=k8s-app=kube-dns
NAME READY UP-TO-DATE AVAILABLE AGE
coredns 2/2 2 2 5h46m
The DNS service is exposed as a Kubernetes service with a static IP address:
kubectl -n kube-system get svc -l=k8s-app=kube-dns
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.0.0.10 <none> 53/UDP,53/TCP,9153/TCP 5h47m
CoreDNS can be customized via the Corefile stored in the coredns configmap in the kube-dns namespace:
kubectl -n kube-system get cm coredns -oyaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
…
By default, DNS queries for domain names outside of the cluster domain are forwarded to the DNS resolvers defined in the /etc/resolv.conf.
In scenarios when /etc/resolv.conf cannot be updated, users could modify the default configuration for the “forward” plugin in CoreDNS and specify the upstream DNS resolvers where to send the outside of cluster domain queries. To do so, the coredns configmap should be edited:
kubectl edit cm coredns -n kube-system
Set the ip address of the DNS resolver (in this case CoreDNS will forward all dns queries not within the cluster domain to 10.0.0.28):
forward . 10.0.0.28 {
max_concurrent 1000
}
To implement the changes in the coredns pods, re-rollout the deployment:
kubectl rollout restart -n kube-system deployment/coredns