This topic describes how to set the dnsPolicy parameter to configure a DNS policy for each pod in a Container Service for Kubernetes (ACK) cluster. This topic also describes how to use the HostAliases
parameter to configure a pod to resolve a domain name to the specified IP address.
Prerequisites
An ACK managed cluster or ACK Serverless cluster is created. For more information, see Create an ACK managed cluster and ACK Serverless quick start.
The kubeconfig file of your cluster is obtained and a kubectl client is connected to your cluster.
Background information
For more information about how DNS resolution works in ACK clusters, see DNS overview.
By default, ACK deploys a set of workloads in a cluster to run CoreDNS. A Service named kube-dns is deployed to expose these workloads to DNS queries in the cluster. Two backend pods named coredns are deployed for CoreDNS. DNS queries in the cluster are sent to the DNS server that is specified in the coredns pod configuration.
You can run the following command to query information about the kube-dns Service:
kubectl get svc kube-dns -n kube-system
You can run the following command to query information about the coredns pods:
kubectl get deployment coredns -n kube-system
Set the dnsPolicy parameter to configure a DNS policy for a pod
You can use the dnsPolicy parameter to specify a DNS policy for a pod. ACK clusters support the following DNS policies:
ClusterFirst: This policy indicates that a pod uses CoreDNS to resolve domain names. This is the default DNS policy. The /etc/resolv.conf file contains the address of the DNS server that is provided by CoreDNS, which is kube-dns.
None: This policy indicates that a pod ignores the DNS settings of the ACK cluster. You must customize the DNS settings by using the dnsConfig parameter. Otherwise, the pod cannot resolve any domain name.
Default: This policy indicates that a pod inherits the DNS resolution settings from the node where the pod is deployed. In an ACK cluster, nodes are created based on Elastic Compute Service (ECS) instances. Therefore, a pod directly uses the /etc/resolv.conf file of the ECS-based node where the pod is deployed. This file contains the address of a DNS server that is provided by Alibaba Cloud DNS.
ClusterFirstWithHostNet: This policy indicates that a pod in HostNetwork mode uses the ClusterFirst policy. If you do not specify a policy for a pod, the pod uses the Default policy.
You can use the preceding DNS policies to meet business requirements in various scenarios.
Scenario 1: Use CoreDNS provided by ACK clusters to resolve domain names
In this scenario, you must specify dnsPolicy: ClusterFirst
for the DNS policy settings. Example:
apiVersion: v1
kind: Pod
metadata:
name: alpine
namespace: default
spec:
containers:
- image: alpine
command:
- sleep
- "10000"
imagePullPolicy: Always
name: alpine
dnsPolicy: ClusterFirst
Scenario 2: Customize DNS settings for a pod
To customize DNS settings for a Deployment, you must specify dnsPolicy: None
for the DNS policy settings. Example:
apiVersion: v1
kind: Pod
metadata:
name: alpine
namespace: default
spec:
containers:
- image: alpine
command:
- sleep
- "10000"
imagePullPolicy: Always
name: alpine
dnsPolicy: None
dnsConfig:
nameservers: ["169.254.xx.xx"]
searches:
- default.svc.cluster.local
- svc.cluster.local
- cluster.local
options:
- name: ndots
value: "2"
The following table describes the parameters in the dnsConfig section.
Parameter | Description |
nameservers | A list of IP addresses of DNS servers for the pod. You can specify up to three IP addresses. If you set dnsPolicy to |
searches | A list of DNS search domains for hostname lookup in the pod. This parameter is optional. The listed DNS search domains will be added to the list of base search names that are generated based on the specified DNS policy. Duplicate domain names are removed. You can specify up to six search domains. Note If the DNS Server is unreachable, only the first search domain is attempted. |
options | A list of optional items. Each item can contain a name (required) and a value (optional). The specified items will be added to the list of optional items that are generated based on the specified DNS policy. Duplicate items are removed. For more information about options, see DNS resolution and caching policies. |
For more information, see DNS for Services and Pods.
Scenario 3: Use the DNS settings of an ECS instance
If your application pods do not need to access other Services deployed in the ACK cluster, you can specify dnsPolicy: Default
for the DNS policy settings. In this scenario, DNS resolution is performed by Alibaba Cloud DNS and CoreDNS is not required. Example:
apiVersion: v1
kind: Pod
metadata:
name: alpine
namespace: default
spec:
containers:
- image: alpine
command:
- sleep
- "10000"
imagePullPolicy: Always
name: alpine
dnsPolicy: Default
Scenario 4: Enable pods in HostNetwork mode to access Services in an ACK cluster
If you specify hostNetwork:true for the network settings of your application pods, your application pods can directly use the host network. In this case, the default DNS policy for a pod is Default. As a result, your application pods cannot access Services deployed in the ACK cluster. If you want to enable pods in HostNetwork mode to access Services deployed in the ACK cluster, you must specify dnsPolicy: ClusterFirstWithHostNet
for the DNS policy settings. Example:
apiVersion: v1
kind: Pod
metadata:
name: alpine
namespace: default
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- image: alpine
command:
- sleep
- "10000"
imagePullPolicy: Always
name: alpine
Use the hostAliases
parameter to configure a pod to resolve a domain name to the specified IP address
You can use one of the following methods to resolve a domain name to the specified IP address:
Global configuration (all pods resolve the domain name to the specified IP address): To configure all pods to resolve a domain name to the specified IP address, enable the hosts plug-in for CoreDNS. For more information, see Configure extended features based on CoreDNS.
Individual pod configuration: To configure a pod to resolve a domain name to the specified IP address, use the HostAliases parameter to modify the /etc/hosts file of the pod. Example:
apiVersion: v1 kind: Pod metadata: name: hostaliases-pod spec: hostAliases: - ip: "127.0.**.**" hostnames: - "foo.local" - "bar.local" - ip: "10.1.**.**" hostnames: - "foo.remote" containers: - name: cat-hosts image: busybox:1.28 command: - cat args: - "/etc/hosts"
The following code block shows the content of the initialized /etc/hosts file after you add the
hostAliases
parameter to the spec section of the pod:# Kubernetes-managed hosts file. 127.0.**.** localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet fe00::0 ip6-mcastprefix fe00::1 ip6-allnodes fe00::2 ip6-allrouters 10.200.**.** hostaliases-pod # Entries added by HostAliases. 127.0.**.** foo.local bar.local 10.1.**.** foo.remote bar.remote
The foo.local, bar.local, and foo.remote domain names are mapped to specific IP addresses.
References
For more information about how to optimize DNS settings, see Best practices for DNS services.
For more information about DNS resolution policies and caching policies, see DNS resolution policies and caching policies.