CoreDNS in Thalassa Cloud Kubernetes
CoreDNS is the default DNS service in Thalassa Cloud Kubernetes, providing service discovery and name resolution for workloads running in the cluster. It ensures that applications can reliably communicate using service names instead of IP addresses, enabling a dynamic and scalable networking environment.
Thalassa Cloud pre-installs and fully manages CoreDNS, ensuring seamless operation without requiring user intervention. This component is essential for handling DNS-based service discovery within the cluster.
How CoreDNS Works
CoreDNS acts as the Kubernetes cluster DNS server, resolving internal service names into their corresponding IP addresses. When a Pod queries a service, CoreDNS translates the request using its configuration and returns the correct endpoint.
Key Functions of CoreDNS:
- Service Discovery: Resolves Kubernetes Services using
ClusterIP. - Pod DNS Resolution: Provides DNS-based access to Pods via headless services.
- Forwarding External Queries: Forwards external DNS queries to upstream resolvers (e.g., public DNS servers).
- Configurable Plugins: Extensible architecture allowing additional DNS functionality (e.g., caching, load balancing).
Example: Resolving a Kubernetes Service
If a Service named backend exists in the default namespace, CoreDNS allows Pods to reach it using:
nslookup backend.default.svc.cluster.localThis resolves to the Service’s ClusterIP, directing traffic to the correct backend Pods.
Key Features
| Feature | Description |
|---|---|
| Built-in Service Discovery | Resolves Kubernetes service names within the cluster. |
| Automated Pod DNS Resolution | Enables Pod-to-Pod communication using DNS. |
| Forwarding External Queries | Routes non-cluster DNS queries to upstream resolvers. |
| Fully Managed by Thalassa Cloud | Pre-installed and maintained for seamless cluster operation. |
Network Connectivity Requirements for CoreDNS
For Pods to resolve DNS names within the cluster, they must be able to communicate with CoreDNS. This requires proper network connectivity to the CoreDNS service running in the kube-system namespace. If network policies are used to restrict traffic, ensure that DNS queries are explicitly allowed.
Example Network Policies for CoreDNS
Allow Pods to Query CoreDNS (Egress Policy)
This policy allows Pods in a namespace to send DNS queries to CoreDNS over UDP/TCP on port 53:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-dns-egress
namespace: my-namespace
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- protocol: UDP
port: 53
- protocol: TCP
port: 53Allow CoreDNS to Receive Queries (Ingress Policy)
This policy ensures CoreDNS can accept incoming DNS requests from Pods:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-dns-ingress
namespace: kube-system
spec:
podSelector:
matchLabels:
k8s-app: kube-dns
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector: {}
ports:
- protocol: UDP
port: 53
- protocol: TCP
port: 53By applying these network policies, Pods in restricted environments will be able to successfully query CoreDNS while maintaining security controls.
Deployment and Configuration
CoreDNS is deployed as a Deployment in the kube-system namespace, running on multiple nodes for redundancy.
Checking if CoreDNS is Running
To verify the status of CoreDNS in your cluster, run:
kubectl get pods -n kube-system | grep corednsA healthy cluster should return active CoreDNS pods.
Troubleshooting CoreDNS Issues
If CoreDNS is not resolving queries as expected:
- Check logs for errors:
kubectl logs -n kube-system -l k8s-app=kube-dns - Ensure Pods have the correct DNS configuration:
kubectl exec -it <pod-name> -- cat /etc/resolv.conf - Restart CoreDNS if necessary:
kubectl delete pod -n kube-system -l k8s-app=kube-dns