Workloads in a Kubernetes cluster use Domain Name System (DNS) services to resolve domain names. This topic describes how DNS resolution works in Kubernetes clusters. This topic also describes CoreDNS, which is the default DNS resolver that is preinstalled in Container Service for Kubernetes (ACK) clusters. In Kubernetes clusters, CoreDNS implements the service discovery feature, which enables the services in ACK clusters to access each other by service name without using specific IP addresses. CoreDNS uses a plug-in-based architecture, which allows you to configure different plug-ins based on your business requirements to implement various DNS-related features.
How DNS resolution works in Kubernetes clusters
DNS resolution diagram
Number | Description |
① | When a client pod attempts to access Service Nginx, the pod sends a request to the DNS server that is specified in the DNS configuration file /etc/resolv.conf. In this example, the IP address of the DNS server is 172.21.0.10, which is the IP address of Service kube-dns. The result of the resolution is 172.21.0.30. |
② | The client pod sends another request to 172.21.0.30, which is the IP address of Service Nginx. Then, the request is forwarded to the backend pods Nginx-1 and Nginx-2. |
For more information about how DNS resolution works, see DNS policies and domain name resolution.
Domain name resolution configurations
The startup parameters of kubelet in an ACK cluster include --cluster-dns=<dns-service-ip>
and --cluster-domain=<default-local-domain>
. The former specifies the IP address of the DNS server in the cluster, and the latter specifies the suffix of the primary domain name.
By default, ACK deploys a set of workloads in a cluster to run CoreDNS. A Service named kube-dns is deployed to expose these workloads to DNS queries in the cluster. Two pods named coredns are deployed as the backend of CoreDNS. DNS queries in the cluster are sent to the DNS server that is specified in the coredns pod configurations. The DNS configuration file in the pod is /etc/resolv.conf. The file contains the following content:
nameserver xx.xx.0.10
search kube-system.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
Parameter | Description |
nameserver | The IP addresses of the DNS servers. |
search | The suffixes that are used for DNS queries. More suffixes indicate more DNS queries. An ACK cluster matches the following three suffixes: |
options | The options for the DNS configuration file. You can specify multiple key-value pairs. For example, you set this parameter to |
Based on the preceding settings, DNS queries of internal domain names and external domain names are sent to the DNS servers of an ACK cluster for DNS resolution.
CoreDNS overview
CoreDNS is a DNS resolver for ACK clusters. CoreDNS can resolve custom internal domain names and external domain names. CoreDNS provides a variety of plug-ins that you can use to configure custom DNS settings and customize host records, Canonical Name (CNAME) records, and rewrite rules for Kubernetes clusters. CoreDNS is hosted by Cloud Native Computing Foundation (CNCF), which also hosts Kubernetes. For more information about CoreDNS, see CoreDNS: DNS and Service Discovery.
ACK clusters use CoreDNS for service discovery. You can configure and use CoreDNS to improve the DNS query per second (QPS) performance of clusters in different scenarios.
For more information about how to configure CoreDNS in ACK clusters, see DNS policies and domain name resolution.
For more information about how to use CoreDNS to improve the overall DNS query performance for an ACK cluster, see Best practices for DNS services.
You can also configure NodeLocal DNSCache in an ACK cluster to improve the stability and performance of service discovery. NodeLocal DNSCache improves the DNS performance of the cluster by running the DNS cache proxy as a DaemonSet on the cluster nodes. For more information about how to configure NodeLocal DNSCache in a cluster, see Configure NodeLocal DNSCache.