Coredns for Kubernetes Service Discovery

I. Introduction of COREDNS

Kubernetes includes the DNS server Kube-dns for service discovery. The DNS server leverages Skydns's libraries to provide DNS requests for kubernetes pods and services. SkyDNS2 's author, Miek Gieben, created a new DNS server, Coredns, which was built with a more modular, extensible framework. Infoblox has partnered with Miek to use this DNS server as a substitute for kube-dns.

COREDNS leverages the server framework developed as part of the Web server caddy. The framework has a very flexible and extensible model for passing requests through various middleware components. These middleware components provide different actions depending on the request, such as logging, redirection, modification, or maintenance. Although it started as a Web server, Caddy was not specifically targeted at the HTTP protocol, but rather built an ideal framework based on COREDNS.

Adding support for kubernetes in this flexible model is equivalent to creating a kubernetes middleware. The middleware uses the Kubernetes API to satisfy DNS requests for specific kubernetes pods or services. And since Kube-dns as another service of kubernetes, there is no tight binding between Kubelet and Kube-dns. You only need to pass the IP address and domain name of the DNS service to Kubelet, and Kubernetes does not care who is actually processing the IP request.

II. acts supported by Coredns

The 1.0.0 version mainly follows the current behavior of Kube-dns. Coredns's 005 and later versions enable complete specifications and more.

• A record (the normal service is assigned a DNS a record named My-svc.my-namespace.svc.cluster.local. This resolves the cluster IP of the service)
• The service "headless" (without the cluster IP) is also assigned a DNS a record named My-svc.my-namespace.svc.cluster.local. Unlike normal services, this resolves a set of IPs for which the service has chosen pods. The customer expects to consume the collection from this IP collection or use a standard loop selection.
• SRV records created for ports that are named normal or headless services, for each named port, the format of the SRV record is _my-port-name._ My-port-protocol.my-svc.my-namespace.svc.cluster.local. for General Service, this resolves to the port number and cname:my-svc.my-namespace.svc.cluster.local; for headless services, this solves multiple answers, one for each pod that supports the service, and contains the port number and format auto-generated-name.my-svc.my-namespace.svc.cluster.local The CNAME of the pod. SRV records contain the "Svc" segment in them and are not supported for legacy CNAME that omit the "Svc" segment.
• A record of endpoints as part of the service (e.g. "pets" record)
• The a record described in the pod spec
• There is also the TXT record used to discover the version of the DNS schema being used

Pod A record support is not required in all clusters and is disabled by default. In addition, COREDNS support for this use case is beyond the standard behavior found in Kube-dns.

In Kube-dns, these records do not reflect the state of the cluster, for example, Any query to W-x-y-z.namespace.pod.cluster.local will return a record with w.x.y.z (IP), even if the IP does not belong to the specified namespace, not even the cluster address space. The initial idea was to enable the use of a wildcard SSL certificate for Domains such as *. namespace.pod.cluster.local.

Coredns integrates the option to provide pod authentication, verifying that the IP address returned w.x.y.z is actually the IP of the pod in the specified namespace. He prevents the spoofing of DNS names in namespaces. However, it does greatly increase the memory footprint of the Coredns instance, because now it needs to observe the pods, not just the service endpoints.

Iii. deployment of Coredns in Kubernetes

1. Download the COREDNS deployment package:

Https://github.com/coredns/deployment/tree/master/kubernetes

There are several main files:

Deploy.sh is a handy script that generates a checklist for running Coredns on a cluster that is currently running standard Kube-dns. Using the coredns.yaml.sed file as a template, it creates a configmap and a coredns deployment, and then updates the Kube-dns service selector to use COREDNS deployment. Service requests are not interrupted by re-using existing services.

The script does not remove KUBE-DNS deployment or replication controller-you must do it manually:

kubectl delete --namespace=kube-system deployment kube-dns

To use it, simply place them in the same directory and run the deploy.sh script to pass it to your service CIDR (10.3.0.0/24). This will generate configmap with the necessary corefile. It will also look for the cluster IP of the existing Kube-dns service. For example, run:

10.3. 0.0/ cluster.local

In fact, 10.3.0.0/24 and cluster.local are replaced by the variables inside the coredns.yaml.sed.

The contents of the coredns.yaml.sed before executing the script are as follows (the contents of the Red section will be replaced after the script executes):

ApiVersion:v1kind:ConfigMapmetadata:name:corednsnamespace: kube-Systemdata:corefile:|    .: -{Errors Log stdout health kubernetes cluster_domain SERVICE_CIDR Proxy. /etc/resolv.conf Cache -    }---apiversion:extensions/V1beta1kind:Deploymentmetadata:name:corednsnamespace: kube-system labels:k8s-App:coredns Kubernetes.io/cluster-service:"true"Kubernetes.io/name:"Coredns"Spec:replicas:1selector:matchLabels:k8s-App:coredns template:metadata:labels:k8s-App:coredns Annotations:scheduler.alpha.kubernetes.io/critical-pod:"'Scheduler.alpha.kubernetes.io/tolerations:'[{"Key": "Criticaladdonsonly", "operator": "Exists"}]'spec:containers:-Name:coredns Image:coredns/coredns:latest imagepullpolicy:always args: ["-conf","/etc/coredns/corefile"] Volumemounts:-name:config-Volume Mountpath:/etc/Coredns Ports:-Containerport: -Name:dns protocol:udp-Containerport: -Name:dns-TCP protocol:tcp LivenessProbe:httpGet:path:/Health Port:8080scheme:http initialdelayseconds: -timeoutseconds:5Successthreshold:1FailureThreshold:5dnspolicy:default Volumes:-name:config-Volume ConfigMap:name:coredns items:-key:corefile Path:corefile---ApiVersion:v1kind:Servicemetadata:name:kube-DNSnamespace: kube-system labels:k8s-App:coredns Kubernetes.io/cluster-service:"true"Kubernetes.io/name:"Coredns"spec:selector:k8s-app:coredns clusterip: cluster_dns_ip ports:-Name:dns Port: -protocol:udp-name:dns-TCP port: -protocol:tcp

Coredns for Kubernetes Service Discovery