Day 31/40 Days of K8s: CoreDNS in Kubernetes !!

Day 31/40 Days of K8s: CoreDNS in Kubernetes !!

❓ How DNS works in k8s?

In Kubernetes, CoreDNS acts as the central DNS server for the cluster. It is deployed as a Deployment and exposed as a ClusterIP service, making it accessible within the cluster network. All pods query the CoreDNS service to resolve the IP addresses of target pods and services, ensuring seamless communication within the cluster using names rather than IP addresses.

CoreDNS ensures network connectivity for:

  1. Pod-to-Pod Communication: CoreDNS resolves pod names to their respective IP addresses, allowing pod to pod communication using names instead of IP addresses.

  2. Pod-to-Service Communication: When a pod wants to communicate with a service, CoreDNS resolves the service name to the service's cluster IP, facilitating seamless communication.

  3. Service-to-Service Communication: CoreDNS also resolves service names to their cluster IPs, whether the services are in the same namespace (using just the service name and port) or in different namespaces (using the FQDN format).

Let's understand how this works with hands on task

  1. Make sure the cluster is ready and nodes are up and running

     kubectl get nodes
    

  2. Create two Pods named nginx and nginx1 using the nginx image with the following commands.

     kubectl run nginx --image=nginx 
     kubectl run nginx1 --image=nginx
    

  3. Expose the Pods as a ClusterIP service using the following commands.

     kubectl expose pod/nginx --port=80 --target-port=80 --name=nginx
     kubectl expose pod/nginx --port=80 --target-port=80 --name=nginx1
    

  4. Pod -- Pod communication (Using Pod name)

    Try exec into the nginx Pod and then curl the Pod name of nginx1.

     kubectl exec -it nginx -- curl nginx1
    

    We can notice that nginx pod is able to talk to nginx1 pod using pod name

  5. Pod -- Pod communication (Using Pod IP address)

    List out the IP addresses of the Pods. Then, attempt to access the nginx1 Pod using its IP address.

     kubectl get pods -o wide
     kubectl exec -it nginx -- curl 192.168.213.69
    

  6. When you create a Kind cluster, CoreDNS is automatically deployed as part of the cluster setup.

    To verify its deployment, check for the existence of the Deployment, Service, and Pods in the kube-system namespace.

     kubectl get pods -n kube-system 
     kubectl get svc -n kube-system 
     kubectl get pods -n kube-system
    

  7. Each pod will query the CoreDNS service to resolve the IP addresses of target pods and services to ensure network connectivity in the cluster.

    Exec into nginx pod and verify how is it happened

    As you can see, /etc/resolv.conf file is automatically generated for every pod and serves as the DNS server configuration. It specifies the central DNS server, pointing to the ClusterIP address of the kube-dns service. This configuration allows each pod to query the CoreDNS server to resolve the IP addresses of services and other pods using their respective names.

    By default, a pod first looks for DNS resolution in the /etc/hosts file. If you need to manually interact with other pods, you can add their IP addresses and DNS entries to this file. However, the central DNS server (CoreDNS) automatically manages DNS resolution using the /etc/resolv.conf file, simplifying the process for all pods in the cluster.

  8. Describe what we have in one of the core-dns pod

     kubectl describe pod coredns-7db6d8ff4d-8dsdz -n kube-system
    

    The CoreDNS pod has two mounts attached: one from the service account and another from the config volume.

    In the volumes section above, the CoreDNS ConfigMap is mounted as a volume to the CoreDNS pod.

  9. List out and then describe the coredns configMaps from kube-system Namespace

     kubectl get cm -n kube-system
    

    The CoreDNS pod contains a Corefile along with several plugins that perform health checks every 5 seconds. It includes a Top-Level Domain (TLD) with both IPv4 and IPv6 addresses, and exposes Prometheus metrics on port 9153.

❓🤔 Wondered how DNS resolution happens within the cluster? Let's break it down step by step.....

❇ DNS Resolution in Kubernetes:

Step 1: Pod's DNS Configuration

  • Each pod in the Kubernetes cluster has a /etc/resolv.conf file.

  • This file tells the pod to use the CoreDNS service (often named kube-dns) for DNS resolution.

Step 2: Pod Sends DNS Query

  • When a pod needs to resolve the name of another pod or service (e.g., service-a), it sends a DNS query to the CoreDNS service.

Step 3: CoreDNS Service Receives and Forwards the Query

  • The CoreDNS service receives the DNS query and routes it to one of the CoreDNS pods running in the cluster.

Step 4: CoreDNS Pod Processes the Query

  • The CoreDNS pod uses its mounted coredns ConfigMap as volume, which contains the Corefile configuration.

  • The Corefile defines how CoreDNS should handle different types of DNS queries.

Step 5: Resolving the IP Address

  • If the query is for a Kubernetes service or pod, CoreDNS queries the Kubernetes API to resolve the name to an IP address.

  • For external domains, CoreDNS can forward the request to upstream DNS servers as specified in the Corefile.

Step 6: Returning the Response

  • Once the IP address is resolved, the CoreDNS pod sends the response back to the CoreDNS service, which then forwards it to the requesting pod.

Step 7: Establishing Network Connectivity

  • With the resolved IP address, the requesting pod can now establish network connectivity with the target pod or service.

These are key steps involved in the DNS resolution process within a Kubernetes cluster, enabling seamless communication between pods and services.

❇ Different Kubernetes networking terms

  1. CNI (Container Network Interface): Typically, CNI plugin is deployed in the cluster and runs as a DaemonSet (DS) on each node.

    Function: It allocates an IP address to each pod and manages pod-to-pod network connectivity within the cluster. If the CNI plugin is not running, pods will not receive IP addresses, which blocks Pod communication.

  2. kube-proxy: kube-proxy acts like a network proxy that runs on each node.

    Function: It maintains network rules on the nodes to allow network traffic to be routed to the correct pods. This includes setting up IPtables or IPVS rules for service discovery and traffic routing, enabling services to communicate with their target pods(Service Discovery).

  3. CoreDNS: CoreDNS is a DNS server that runs as a pod in the kube-system namespace.

    Function: It provides DNS resolution for services and pods, allowing pods to communicate using service names instead of IP addresses. CoreDNS handles name resolution for both pod-to-pod and pod-to-service communication.

  4. Labels and Selectors: These are used for service discovery. Services use labels to select their target pods based on matching criteria.

  5. API Server: The API server manages service resources and allocates IPs for services from the Cluster CIDR range.

Overall, CNI plugin, kube-proxy, and CoreDNS work together to ensure seamless networking in a Kubernetes cluster. If any component is not functioning properly, it can lead to communication issues.

#Kubernetes #DNS #CoreDNS #DNSrecords #40DaysofKubernetes #CKASeries