Overview
Coredns is so notorious because it was introduced from kubernetes1.9 as the default DNS for Kubernetes internal service discovery. There is no doubt that Kubernetes is one of Coredns's backend, so we speak Coredns, starting with Kubernetes as the back end.
Many of Coredns's features are mentioned on the web and are not covered here. A simple comparison of its advantages over bind and Skydns:
- Bind can store the resolution in MySQL or a file, Coredns can also store the resolution in a ETCD or file, and also support kubernetes as the backend, directly call the Kubernetes API to get the parsing data, and then cache it to local memory. Coredns supports plug-in extensions and currently supports both Powerdns and Amazondns as the backend in third-party plug-ins, and subsequent support for more and more backend. Bind is basically useless in the application scenario of Kubernetes.
- The Coredns itself is Skydns's successor, supporting all the features of the Skydns, with better performance and easier expansion. Its plug-in features are unmatched by either bind or Skydns.
COREDNS official website address: Https://coredns.io
Coredns Code Address: Https://github.com/coredns/coredns
Coredns Official plugin Address: Https://coredns.io/plugins
Coredns third-party plugin address: https://coredns.io/explugins/
Configuring Kubernetes Back-End storage configuration instructions
In fact, the official Kubernetes plug-in related examples and configuration instructions, the address is as follows: https://coredns.io/plugins/kubernetes/
I'll show you the official configuration example here:
kubernetes [ZONES...] { resyncperiod DURATION endpoint URL [URL...] tls CERT KEY CACERT namespaces NAMESPACE... labels EXPRESSION pods POD-MODE endpoint_pod_names upstream [ADDRESS...] ttl TTL fallthrough [ZONES...]}
Some common parameters are described below:
- Resyncperiod: The time interval for synchronizing data from the Kubernetes API
Endpoint: Specifies the Kubernetes's API address, Coredns automatically performs a health check on it and proxies the request to a healthy node. Examples are as follows:
endpoint https://10.1.61.129:6443 https://10.1.61.130:6443
TLS: Used to specify the relevant certificate to connect to the remote Kubernetes API. Example:
tls admin.pem admin-key.pem ca.pem
- Pods: Specify Pod-mode with the following three types:
- Disabled: Default
- Insecure: Returns an IP for the a record, but does not check whether the pod currently exists for that IP. This option is primarily intended for compatibility with Kube-dns
- Verified: The recommended way to return a record is to ensure that the pod for the corresponding IP is present. It consumes more memory than the insecure.
Upstream: Defines the address of the external domain name resolution forwarding, which can be an IP address or a resolv.conf file. Example:
upstream 8.8.8.8:53 8.8.4.4:53
TTL: Default 5s, Max 3600s
Example
A complete example of the configuration:
# /opt/coredns/cfg/Corefile.:53 { kubernetes wh01 { resyncperiod 10s endpoint https://10.1.61.175:6443 tls admin.pem admin-key.pem ca.pem pods verified endpoint_pod_names upstream /etc/resolv.conf } health log /var/log/coredns.log prometheus :9153 proxy . /etc/resolv.conf cache 30 reload 10s}
You can also use the following notation:
wh01 { kubernetes { resyncperiod 10s endpoint https://10.1.61.129:6443 tls admin.pem admin-key.pem ca.pem pods verified endpoint_pod_names upstream /etc/resolv.conf } health log errors prometheus :9153 proxy . /etc/resolv.conf cache 30 reload 10s}
Other configurations are also described simply as follows:
- Health: Plug-in to detect whether the current configuration is alive, default listener HTTP 8080 port, configurable
- LOG: Plug-in to print logs to standard output
- Errors: Printing errors to standard output
- Prometheus: Plug-in for Prometheus monitoring
- Domain name resolution outside of PROXY:WH01 is implemented by proxy at the address specified by proxy
- Cache: Plug-in for caching DNS resolution in memory, in units of S
- Reload: plugin, unit s, automatically reload interval if configuration file changes
Start Coredns:
nohup /opt/coredns/bin/coredns -conf /opt/coredns/cfg/Corefile &
Start Coredns with Systemd
# cat /lib/systemd/system/coredns.service[Unit]Description=CoreDNSDocumentation=https://coredns.io[Service]ExecStart=\ -conf /opt/coredns/cfg/CorefileRestart=on-failureRestartSec=5[Install]WantedBy=multi-user.targe# systemctl start coredns# systemctl enable coredns
Coredns configuring Kubernetes as Back-end