Coredns configuring Kubernetes as Back-end

Overview

Coredns is so notorious because it was introduced from kubernetes1.9 as the default DNS for Kubernetes internal service discovery. There is no doubt that Kubernetes is one of Coredns's backend, so we speak Coredns, starting with Kubernetes as the back end.

Many of Coredns's features are mentioned on the web and are not covered here. A simple comparison of its advantages over bind and Skydns:

• Bind can store the resolution in MySQL or a file, Coredns can also store the resolution in a ETCD or file, and also support kubernetes as the backend, directly call the Kubernetes API to get the parsing data, and then cache it to local memory. Coredns supports plug-in extensions and currently supports both Powerdns and Amazondns as the backend in third-party plug-ins, and subsequent support for more and more backend. Bind is basically useless in the application scenario of Kubernetes.
• The Coredns itself is Skydns's successor, supporting all the features of the Skydns, with better performance and easier expansion. Its plug-in features are unmatched by either bind or Skydns.

COREDNS official website address: Https://coredns.io

Coredns Code Address: Https://github.com/coredns/coredns

Coredns Official plugin Address: Https://coredns.io/plugins

Coredns third-party plugin address: https://coredns.io/explugins/

Configuring Kubernetes Back-End storage configuration instructions

In fact, the official Kubernetes plug-in related examples and configuration instructions, the address is as follows: https://coredns.io/plugins/kubernetes/

I'll show you the official configuration example here:

kubernetes [ZONES...] {    resyncperiod DURATION    endpoint URL [URL...]    tls CERT KEY CACERT    namespaces NAMESPACE...    labels EXPRESSION    pods POD-MODE    endpoint_pod_names    upstream [ADDRESS...]    ttl TTL    fallthrough [ZONES...]}

Some common parameters are described below:

• Resyncperiod: The time interval for synchronizing data from the Kubernetes API

• Endpoint: Specifies the Kubernetes's API address, Coredns automatically performs a health check on it and proxies the request to a healthy node. Examples are as follows:

  endpoint https://10.1.61.129:6443 https://10.1.61.130:6443

• TLS: Used to specify the relevant certificate to connect to the remote Kubernetes API. Example:

  tls admin.pem admin-key.pem ca.pem

• Pods: Specify Pod-mode with the following three types:
  • Disabled: Default
  • Insecure: Returns an IP for the a record, but does not check whether the pod currently exists for that IP. This option is primarily intended for compatibility with Kube-dns
  • Verified: The recommended way to return a record is to ensure that the pod for the corresponding IP is present. It consumes more memory than the insecure.

• Upstream: Defines the address of the external domain name resolution forwarding, which can be an IP address or a resolv.conf file. Example:

  upstream 8.8.8.8:53 8.8.4.4:53

• TTL: Default 5s, Max 3600s

Example

A complete example of the configuration:

# /opt/coredns/cfg/Corefile.:53 {    kubernetes wh01 {        resyncperiod 10s        endpoint https://10.1.61.175:6443        tls admin.pem admin-key.pem ca.pem        pods verified        endpoint_pod_names        upstream /etc/resolv.conf    }    health    log /var/log/coredns.log    prometheus :9153    proxy . /etc/resolv.conf    cache 30    reload 10s}

You can also use the following notation:

wh01 {    kubernetes {        resyncperiod 10s        endpoint https://10.1.61.129:6443        tls admin.pem admin-key.pem ca.pem        pods verified        endpoint_pod_names        upstream /etc/resolv.conf    }    health    log    errors    prometheus :9153    proxy . /etc/resolv.conf    cache 30    reload 10s}

Other configurations are also described simply as follows:

• Health: Plug-in to detect whether the current configuration is alive, default listener HTTP 8080 port, configurable
• LOG: Plug-in to print logs to standard output
• Errors: Printing errors to standard output
• Prometheus: Plug-in for Prometheus monitoring
• Domain name resolution outside of PROXY:WH01 is implemented by proxy at the address specified by proxy
• Cache: Plug-in for caching DNS resolution in memory, in units of S
• Reload: plugin, unit s, automatically reload interval if configuration file changes

Start Coredns:

nohup /opt/coredns/bin/coredns -conf /opt/coredns/cfg/Corefile &

Start Coredns with Systemd

# cat /lib/systemd/system/coredns.service[Unit]Description=CoreDNSDocumentation=https://coredns.io[Service]ExecStart=\  -conf /opt/coredns/cfg/CorefileRestart=on-failureRestartSec=5[Install]WantedBy=multi-user.targe# systemctl start coredns# systemctl enable coredns

Coredns configuring Kubernetes as Back-end