Sharing what I know

MaheshNotes

,

Understanding CoreDNS in Kubernetes

Published by

Mahesh Yadav

on

Introduction

Kubernetes has become the go-to platform for orchestrating containerized applications. One of its crucial components is DNS resolution, which ensures that services and pods within a cluster can easily find and communicate with each other. CoreDNS, the default DNS provider in Kubernetes, plays a vital role in this process. This blog will delve into how CoreDNS works for internal service discovery and resolving public domain names.

What is CoreDNS?

CoreDNS is a DNS server that provides service discovery and name resolution in Kubernetes. It was introduced as the default DNS provider starting with Kubernetes version 1.13, replacing Kube-DNS. Thanks to its plugin-based architecture, CoreDNS is known for its flexibility, performance, and extensibility.

Key Functions of CoreDNS in Kubernetes

  1. Service Discovery: CoreDNS resolves the names of Kubernetes services to their corresponding IP addresses, allowing pods to communicate with services by name.
  2. Pod DNS: It provides DNS resolution for pods, enabling inter-pod communication by resolving pod names to their IP addresses.
  3. Custom DNS Records: Administrators can configure custom DNS records within CoreDNS, offering additional name resolution rules.
  4. Health Checks: CoreDNS can be configured to check the health of services and pods, ensuring DNS records point to healthy endpoints.
  5. Load Balancing: It can distribute traffic among multiple service instances, providing load balancing.
  6. Plugin-Based Architecture: CoreDNS uses plugins to extend its functionality, such as forwarding queries to upstream servers, caching, or providing metrics.

How CoreDNS Works in Kubernetes

Deployment and Configuration

CoreDNS runs as a deployment within the Kubernetes cluster, typically managed by the cluster’s control plane. Its behavior is defined in a configuration file known as the Corefile. This file specifies various plugins and rules for DNS resolution.

CoreDNS Resolution Process

  1. DNS Query Reception: A pod sends a DNS query to CoreDNS to resolve a service name (e.g., myservice.default.svc.cluster.local). The CoreDNS server listens on port 53 (the default DNS port).
  2. Configuration Parsing: CoreDNS uses it Corefile to determine how to handle the query.
  3. Kubernetes Plugin Invocation: The Kubernetes plugin is configured to handle DNS names that conform to the cluster’s internal DNS naming convention (e.g., *.svc.cluster.local for services). If the query matches a Kubernetes service or pod DNS name pattern, the Kubernetes plugin in CoreDNS queries the Kubernetes API server for the relevant information. For a service name query (e.g., myservice.default.svc.cluster.local), CoreDNS looks up the service in the default namespace.
  4. Record Construction: CoreDNS constructs the DNS response based on the information retrieved from the Kubernetes API. For a service, this typically involves returning the cluster IP address of the service. If the service has multiple endpoints (pods), CoreDNS may use load balancing to distribute the queries among the available endpoints.
  5. Cache and Forwarding: For non-Kubernetes queries, CoreDNS uses other plugins like forward to send the query to upstream DNS servers.
  6. Response Delivery: CoreDNS sends the constructed DNS response back to the querying pod.

Example Corefile

.:53 {
    errors
    health
    kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    }
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
}

In this example:

  • errors: Logs errors.
  • health: Exposes a health check endpoint.
  • kubernetes: Handles DNS records for Kubernetes services and pods.
  • forward: Forwards non-Kubernetes DNS queries to the upstream DNS servers specified in /etc/resolv.conf.
  • cache: Caches DNS responses for 30 seconds.
  • loop: Prevents DNS query loops.
  • reload: Automatically reloads the Corefile if it changes.
  • loadbalance: Balances DNS responses among multiple endpoints.

Example DNS Resolution:

For a query to resolve myservice.default.svc.cluster.local:

  1. The query is received by CoreDNS.
  2. The kubernetes plugin matches the query to the cluster.local domain.
  3. The plugin queries the Kubernetes API for the myservice service in the default namespace.
  4. CoreDNS retrieves the cluster IP of myservice.
  5. The response is constructed with the IP address of myservice.
  6. CoreDNS sends the response back to the querying pod.

This process ensures efficient and accurate DNS name resolution within a Kubernetes cluster, leveraging CoreDNS’s capabilities and integration with the Kubernetes API.

Resolving Publicly Exposed Domain Names

CoreDNS also handles DNS queries for publicly exposed domain names by forwarding them to upstream DNS servers. Here’s how this process works:

  1. DNS Query Reception: A pod queries CoreDNS to resolve a public domain name (e.g., example.com).
  2. Configuration Parsing: CoreDNS uses its Corefile to handle the query.
  3. Forwarding Decision: CoreDNS uses the forward plugin to forward the query to an upstream DNS server, as the query does not match any internal Kubernetes DNS names.
  4. Query Forwarding: CoreDNS forwards the query to an external DNS server (e.g., Google DNS, Cloudflare DNS).
  5. Response Handling: The external DNS server processes the query and returns the response to CoreDNS. The response contains the resolved IP address for the public domain name (e.g., example.com).
  6. Cache (Optional): CoreDNS may cache the response for improved performance.
  7. Response Delivery: CoreDNS sends the DNS response back to the querying pod. The pod receives the resolved IP address and can use it to communicate with the public domain.

Example of Corefile for Public DNS Resolution

:53 {
    errors
    health
    kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    }
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
}

Conclusion

CoreDNS is a powerful and flexible DNS server that is essential for the smooth operation of Kubernetes clusters. Its ability to provide robust service discovery, internal DNS resolution, and handle queries for public domain names makes it a cornerstone of Kubernetes networking. Understanding how CoreDNS works and how to configure it can greatly enhance the reliability and performance of your Kubernetes deployments.

Leave a comment

Hello,

I’m Mahesh

Welcome to MaheshNotes, a space on the internet where I like to share my knowledge and experience as a software engineer.

Let’s connect

Join the fun!

Stay updated with my latest updated and ideas by joining our newsletter.

Recent posts