coredns azure Complete Configuration and Management Guide

Author

Reads 693

Modern data server room with network racks and cables.
Credit: pexels.com, Modern data server room with network racks and cables.

To set up CoreDNS on Azure, you'll first need to create a new Azure Kubernetes Service (AKS) cluster. This can be done through the Azure portal or using the Azure CLI.

CoreDNS can be installed on AKS using the Helm package manager. You'll need to add the Helm repository for CoreDNS and then install the chart.

The CoreDNS chart can be customized to suit your needs, with options for setting the CoreDNS version, image registry, and pod labels. You can also specify the number of replicas for the CoreDNS pods.

CoreDNS can be configured to use Azure's DNS service, which allows for efficient and scalable DNS resolution within your AKS cluster. This can be done by setting the `dnsPolicy` field to `Default` in the CoreDNS deployment configuration.

Configuration

To configure coredns for Azure, you'll need to reference a configuration file called azure.json. This file should contain an object named azure.json with specific fields, such as tenantId, subscriptionId, and resourceGroup.

Credit: youtube.com, How DNS inside Kubernetes (CoreDNS) functions

The Azure DNS provider expects the configuration file to be at /etc/kubernetes/azure.json by default, but you can override this with the --azure-config-file option when starting ExternalDNS.

Here are the required fields for the azure.json configuration file:

  • tenantId (required) - you can find this by running az account show --query "tenantId" or by selecting Azure Active Directory in the Azure Portal.
  • subscriptionId (required) - you can find this by running az account show --query "id" or by selecting Subscriptions in the Azure Portal.
  • resourceGroup (required) - this is the Resource Group created in a previous step that contains the Azure DNS Zone.
  • aadClientID and aaClientSecret - these are associated with the Service Principal, but are only used with the Service Principal method.
  • useManagedIdentityExtension - this should be set to true if you use either AKS Kubelet Identity or AAD Pod Identities methods.
  • userAssignedIdentityID - this contains the client id from the Managed identity when using the AAD Pod Identities method.

Configuration File

The configuration file is a crucial component in setting up ExternalDNS with Azure. The Azure provider will reference a configuration file called azure.json, which should contain the necessary credentials and settings.

The configuration file should be in the format of a Kubernetes secret, with the secret containing an object named azure.json. This object should have the following fields: tenantId, subscriptionId, resourceGroup, aadClientID, aadClientSecret, useManagedIdentityExtension, and userAssignedIdentityID.

Here are the required fields for the configuration file:

  • TenantId: This can be obtained by running the command `az account show --query "tenantId"` or by selecting Azure Active Directory in the Azure Portal and checking the Directory ID under Properties.
  • SubscriptionId: This can be obtained by running the command `az account show --query "id"` or by selecting Subscriptions in the Azure Portal.
  • ResourceGroup: This is the Resource Group created in a previous step that contains the Azure DNS Zone.
  • AadClientID and aadClientSecret: These are associated with the Service Principal, and are only used with the Service Principal method.
  • UseManagedIdentityExtension: This is set to true if you use either AKS Kubelet Identity or AAD Pod Identities methods.
  • UserAssignedIdentityID: This contains the client id from the Managed identity when using the AAD Pod Identities method.

The Azure DNS provider expects the configuration file to be at /etc/kubernetes/azure.json by default, but this can be overridden with the --azure-config-file option when starting ExternalDNS.

Custom Forward Server

To customize DNS for your network traffic, you can create a ConfigMap to specify a forward server.

Credit: youtube.com, Configure public DNS servers as forwarders

You'll need to create a file named corednsms.yaml and paste the following example configuration. Make sure to replace the forward name and the address with the values for your own environment.

To create the ConfigMap, use the kubectl apply command and specify the name of your YAML manifest. The command should look like this: kubectl apply -f corednsms.yaml

The ConfigMap will be created with a name and namespace specified in the YAML file. In this case, the name is coredns-custom and the namespace is kube-system.

To reload the ConfigMap and enable Kubernetes Scheduler to restart CoreDNS without downtime, perform a rolling restart using kubectl rollout restart. The command to do this is: kubectl -n kube-system rollout restart deployment coredns

Integration

Integration is a crucial step in setting up coredns with Azure. It's essential to verify Azure DNS integration to ensure everything is in place.

To test the integration, you can use the Azure CLI to query the list of DNS entries quickly. Azure Portal can also be consulted to spot DNS entries.

It could take a couple of seconds until the desired A record is displayed. By default, External-DNS runs every minute.

Troubleshooting

Credit: youtube.com, Kubernetes - Debugging CoreDNS

Troubleshooting coredns on Azure can be a challenge, but don't worry, I've got you covered. To troubleshoot DNS issues from within the pod, use the instructions in the following steps.

Verify that the CoreDNS pods are running with the command `kubectl get pods -l k8s-app=kube-dns -n kube-system`.

You can also check whether the CoreDNS pods are overused with the command `$ kubectl top pods -n kube-system -l k8s-app=kube-dns`, which will display the CPU and memory usage of the pods.

If the DNS requests from pods are working when you specify the upstream DNS server explicitly, it's worth verifying the following conditions.

You can use the command `kubectl get pods -n kube-system -l k8s-app=kube-dns -o jsonpath='{.items[*].spec.nodeName}'` to get the nodes that are hosting the CoreDNS pods, and then check the usage of these nodes with the command `kubectl top nodes`.

Troubleshooting Checklist

If DNS resolution is failing, you can use kubectl commands to troubleshoot DNS issues from within the pod.

Credit: youtube.com, Troubleshooting Basics

To start, verify that the CoreDNS pods are running by executing the command kubectl get pods -l k8s-app=kube-dns -n kube-system.

Check whether the CoreDNS pods are overused by running the command kubectl top pods -n kube-system -l k8s-app=kube-dns. Here's an example of what the output might look like:

Verify that the nodes that host the CoreDNS pods aren't overused by getting the nodes that are hosting the CoreDNS pods with the command kubectl get pods -n kube-system -l k8s-app=kube-dns -o jsonpath='{.items[*].spec.nodeName}'.

Check the usage of these nodes with the command kubectl top nodes.

If the DNS requests from pods are working when you specify the upstream DNS server explicitly, verify the following conditions:

Cause: Multiple Destinations

Having multiple destinations for DNS requests can cause issues with resolving custom domains. This is because CoreDNS can select the upstream server at random.

If two custom DNS servers are specified, and the third DNS server is specified as Azure DNS, the node will send requests to the first custom DNS server if it's running and reachable.

Some DNS requests from the pod might be directed to Azure DNS, which can prevent the custom domain from being resolved. This can lead to a failed DNS request.

Pod Management

Credit: youtube.com, Understanding CoreDNS in Kubernetes - John Belamaric, Google & Cricket Liu, Francois Tur, Infoblox

AKS clusters auto scale CoreDNS pods to reduce memory usage per pod, but you may need to modify the coredns-autoscaler ConfigMap to prevent Out of memory issues.

You should note that simply increasing the number of CoreDNS pods without addressing the root cause of the Out of memory issue may only provide a temporary fix.

CoreDNS uses horizontal cluster proportional autoscaler for pod auto scaling, which allows you to configure the scaling logic for the number of CoreDNS pods through the coredns-autoscaler ConfigMap.

The coredns-autoscaler ConfigMap currently supports two control modes: linear and ladder, and you can retrieve it by running the kubectl get configmap coredns-autoscaler -n kube-system -o yaml command.

A minimum of 2 CoreDNS pod replicas per cluster is recommended to prevent failures during operations like cluster upgrade operations.

Increasing the number of CoreDNS pods without adding more memory to the nodes may not help if there is not enough memory available.

Logging and Monitoring

Credit: youtube.com, Azure Logging and Monitoring for ISVs Session 1: Overview - What is Azure Monitor?

Logging and monitoring are crucial for troubleshooting and understanding the behavior of CoreDNS on Azure.

To enable DNS query logging, you'll need to add a configuration to your coredns-custom ConfigMap. This involves specifying the log.override file extension.

You can apply the configuration changes using the command `kubectl apply -f corednsms.yaml`. This will update the ConfigMap with the new logging settings.

To force CoreDNS to reload the ConfigMap, use the command `kubectl -n kube-system rollout restart deployment coredns`. This ensures that the new logging configuration takes effect.

You can view the CoreDNS debug logging using the command `kubectl logs --namespace kube-system -l k8s-app=kube-dns`. This will display the log output, allowing you to monitor and troubleshoot DNS queries.

Theory and Steps

To set up Custom DNS Server as a resolver for your custom domain, you'll need to create a ConfigMap with a specific name 'coredns-custom' in the kube-system namespace. This ConfigMap will be read by CoreDNS and modify the associated Corefile to incorporate the new settings.

Credit: youtube.com, Custom domains using Kubernetes CoreDNS

The 'forward' plugin for CoreDNS is used to set up usage of Custom DNS Server as a resolver for your custom domain. This plugin has replaced the earlier 'proxy' plugin.

To achieve this, you'll need to follow these steps:

  1. Write the ConfigMap to 'forward' queries to the Custom DNS Server (172.16.0.4 in my case) if the requested domain for DNS resolution from the Pod is your custom domain (testabc.com).
  2. Update the custom ConfigMap that the CoreDNS refers to create additional configurations in the CoreFile
  3. Restart the CoreDNS Pods to take in the new configuration

For all other queries, the default configuration of CoreDNS will be used which uses the DNS configuration of the Node.

Steps

To customize your AKS Cluster's DNS settings, you'll need to follow these steps.

First, write a ConfigMap to forward queries to a custom DNS server. This is done by specifying the domain for DNS resolution from the Pod. For example, if you're using the domain "testabc.com", the ConfigMap will forward queries to the custom DNS server 172.16.0.4.

You'll also need to update the custom ConfigMap that the CoreDNS refers to, creating additional configurations in the CoreFile. This will ensure that the CoreDNS Pods use the new configuration.

To complete the process, restart the CoreDNS Pods to take in the new configuration. This will update the request flow to use the custom DNS server for queries related to your custom domain.

Cargo Container Lot
Credit: pexels.com, Cargo Container Lot

Here's a summary of the steps:

  1. Write the ConfigMap to forward queries to the custom DNS server.
  2. Update the custom ConfigMap that the CoreDNS refers to.
  3. Restart the CoreDNS Pods to take in the new configuration.

Remember to verify the customizations have been applied by checking the ConfigMap. You can do this using the kubectl get configmaps command, specifying the name of your ConfigMap.

Some Theory

Modifying CoreDNS in AKS requires creation of a ConfigMap with a specific name 'coredns-custom' in the kube-system namespace.

To do this, you need to create a ConfigMap with the exact name 'coredns-custom' in the correct namespace.

The configuration from this custom ConfigMap is read by CoreDNS and the associated Corefile is modified to incorporate the new settings.

CoreDNS reads the configuration from the custom ConfigMap and updates the Corefile accordingly.

The 'forward' plugin for CoreDNS can be used to setup usage of Custom DNS Server as a resolver for my custom domain (testabc.com).

The 'forward' plugin is the new recommended plugin, replacing the earlier used 'proxy' plugin.

CoreDNS uses the 'forward' plugin to forward DNS requests to a custom DNS server.

Stub Domains

Credit: youtube.com, Day 31/40 - Understanding CoreDNS In Kubernetes

Stub domains are a powerful feature in CoreDNS that allow you to configure custom DNS responses for specific domains. You can create a ConfigMap file named corednsms.yaml to define your custom domains and IP addresses.

To get started, create a file named corednsms.yaml and paste the following example configuration. This configuration defines two custom domains, abc.com and my.cluster.local, with their respective IP addresses. Make sure to update the custom domains and IP addresses with the values for your own environment.

Here's an example of what the configuration might look like:

```html

  1. abc.com

errors

cache 30

forward . 1.2.3.4

}my.cluster.local:53 {

errors

cache 30

forward . 2.3.4.5

}

```

Once you've created the ConfigMap file, you can apply it using the kubectl apply command. To do this, run the following command: kubectl apply -f corednsms.yaml. This will create the ConfigMap in the kube-system namespace.

After applying the ConfigMap, you'll need to reload it to enable the Kubernetes Scheduler to restart CoreDNS without downtime. To do this, run the following command: kubectl -n kube-system rollout restart deployment coredns. This will perform a rolling restart of the CoreDNS deployment.

Frequently Asked Questions

What is CoreDNS used for?

CoreDNS is a flexible and extensible DNS server used to serve as the cluster DNS for Kubernetes. It provides a reliable and scalable way to manage DNS queries within a Kubernetes cluster.

What is CoreDNS in AKS?

CoreDNS is a DNS management and resolution tool used by Azure Kubernetes Service (AKS) for all clusters running 1.12.x and higher versions. It provides efficient and reliable DNS services within AKS clusters.

Is CoreDNS a DaemonSet?

CoreDNS is initially deployed as a DaemonSet, but its configuration can be manually modified. The CoreDNS image version can be adjusted to meet specific demands.

Calvin Connelly

Senior Writer

Calvin Connelly is a seasoned writer with a passion for crafting engaging content on a wide range of topics. With a keen eye for detail and a knack for storytelling, Calvin has established himself as a versatile and reliable voice in the world of writing. In addition to his general writing expertise, Calvin has developed a particular interest in covering important and timely subjects that impact society.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.