Kubernetes DNS Service

DNS Kayıtları

Fully Qualified Servis İsmi

Örnek 

Bir servisin detayına bakalım

> kubectl describe svc vt-etcd-global-peer
Name:              vt-etcd-global-peer
Namespace:         default
Labels:            etcd.planetscale.com/lockserver=vt-etcd-global
Annotations:       <none>
Selector:          etcd.planetscale.com/lockserver=vt-etcd-global
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                None
IPs:               None
Port:              peer  2380/TCP
TargetPort:        peer/TCP
Endpoints:         172.17.0.4:2380,172.17.0.7:2380,172.17.0.9:2380
Session Affinity:  None
Events:            <none>

Servisin bir çok endpoint'e eşleştiği görülebilir. Ancak name ile belirtilen servis ismi Fully Qualified değildir. Normalde Fully Qualified isim formatı şöyle. Nokta karakteri ile ayrılan 4 kısım

my-svc.my-namespace.svc.cluster-domain.example

veya şöyle

servicename.namespace.svc.cluster.local

Bu ismi görmek için nslookup kullanılabilir. Şöyle yaparız. 

# nslookup api-server
Server:     10.96.0.10
Address:    10.96.0.10#53

Name:   api-server.default.svc.cluster.local
Address: 10.104.225.18

- api-server : servis ismi

- default : servisin içinde bulunduğu namespace ismi

- svc : sabit string

- cluster.local : the default DNS domain for the cluster.

Örnek

Bir başka nslookup çıktısı şöyle

vt-etcd-global-1.vt-etcd-global-peer.default.svc.cluster.local
vt-etcd-global-2.vt-etcd-global-peer.default.svc.cluster.local
vt-etcd-global-3.vt-etcd-global-peer.default.svc.cluster.local

Kube DNS - Kullanmayın

Açıklaması şöyle

Kubernetes provides a built-in DNS service that can be used to resolve the hostnames of services and pods running within the cluster..... The IP address of the DNS service can be obtained using the kubectl get svc kube-dns --namespace kube-system command.

Core DNS

Açıklaması şöyle

Recent Kubernetes versions transitioned from kube-dns to CoreDNS to address security and stability concerns, with CoreDNS introduced in version 1.11. Both implementations function similarly:

Açıklaması şöyle

CoreDNS is a popular DNS server implementation used in Kubernetes for service discovery and DNS resolution. It is the default DNS server for Kubernetes and ensures pods and services have a Fully Qualified Domain Name (FQDN). CoreDNS is a flexible and extensible DNS server that is designed to be easily integrated into Kubernetes clusters and can be customized to support a wide range of use cases. Without CoreDNS the cluster's communication would cease to work.

In Kubernetes, CoreDNS is typically deployed as a pod in the cluster and is responsible for resolving DNS queries for services and pods. CoreDNS uses the Kubernetes API to retrieve information about services and pods and automatically generates DNS records for each of them.

One of the benefits of using CoreDNS in Kubernetes is that it is highly configurable, and can be extended to support custom plugins and DNS providers. For example, you can use CoreDNS plugins to add support for custom DNS zones or to integrate with external DNS providers.

Another benefit of CoreDNS is that it provides better performance and scalability than the previous default DNS server in Kubernetes, kube-dns. CoreDNS is written in Go and is designed to be lightweight and efficient, which makes it well-suited for handling large volumes of DNS queries in high-traffic Kubernetes environments.

To use CoreDNS in your Kubernetes cluster, you can deploy it as a pod using a Kubernetes manifest file or Helm chart. Once deployed, you can configure the CoreDNS server to meet your specific needs, such as by adding custom DNS providers, defining custom DNS zones, or integrating with other Kubernetes components such as Ingress or ExternalDNS.

etc/resolv.conf Dosyası - Resolving Shorter Hostnames and Searching Domains

Açıklaması şöyle

You won’t always need to utilize the whole hostname to access another service because of the search domain suffixes set in the resolv.conf file.

Örnek

Şöyle yaparız

nameserver 10.32.0.10
search namespace.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

Örnek

Açıklaması şöyle

If you’re contacting a service in the same namespace, you may just call it by its name

Şöyle yaparız

other-service

Örnek

Açıklaması şöyle

Add other-service to the query if the service is in a different namespace

Şöyle yaparız

other-service.other-namespace

Örnek

Açıklaması şöyle

You’ll need to utilize at least the following if you’re going after a pod

Şöyle yaparız

pod-ip.other-namespace.pod

Açıklaması şöyle

Only the .svc suffixes are automatically completed in the default resolv.conf file. Therefore, it is essential to specify the settings up to .pod.

SRV records

Açıklaması şöyle

So far we’ve only talked about resolving IP addresses using A-records. Kubernetes also uses SRV (service) records to resolve the port numbers of named services. This allows clients to discover the port numbers of services by querying the DNS server for the appropriate SRV record.

Şöyle yaparız

apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: default
spec:
  ports:
    - port: 80
      name: http

Açıklaması şöyle

In this service, the container port 80 is exposed and is given the name “http”. Because the port is named, Kubernetes will generate an SRV record with the following name: _<port>._<proto>.<service>.<ns>.svc.<zone>.

In this case, the SRV record will be named _http._tcp.nginx.default.svc.cluster.local. A DNS query for this record would return the port number and IP address of the named service:

Açıklaması şöyle

Some services, such as Kerberos, use SRV records for the discovery of the KDC (Key Distribution Center) servers.

Şöyle yaparız

dig +short SRV _http._tcp.nginx.default.svc.cluster.local
0 100 80 10-129-1-26.nginx.default.svc.cluster.local.