Skip to content
Snippets Groups Projects
Select Git revision
  • 3a0a1a752906aa0e3904d1480df84bdc52f00d0b
  • master default protected
  • v1.15.1
  • v1.15.0
  • v1.14.7
  • v1.14.6
  • v1.14.5
  • v1.14.4
  • v1.14.3
  • v1.14.2
  • v1.14.1
  • v1.14.0
  • v1.13.2
  • v1.13.1
  • v1.13.0
  • v1.12.1
  • v1.12.0
  • v1.11.1
  • v1.11.0
  • v1.10.0
  • v1.9.2
  • v1.9.1
22 results

README-server.md

Blame
    • dns-stack.md 7.70 KiB

    K8s DNS stack by Kubespray

    For K8s cluster nodes, Kubespray configures a Kubernetes DNS cluster add-on to serve as an authoritative DNS server for a given dns_domain and its svc, default.svc default subdomains (a total of ndots: 5 max levels).

    Other nodes in the inventory, like external storage nodes or a separate etcd cluster node group, considered non-cluster and left up to the user to configure DNS resolve.

    DNS variables

    There are several global variables which can be used to modify DNS settings:

    ndots

    ndots value to be used in /etc/resolv.conf

    It is important to note that multiple search domains combined with high ndots values lead to poor performance of DNS stack, so please choose it wisely. The dnsmasq DaemonSet can accept lower ndots values and return NXDOMAIN replies for bogus internal FQDNS before it even hits the kubedns app. This enables dnsmasq to serve as a protective, but still recursive resolver in front of kubedns.

    searchdomains

    Custom search domains to be added in addition to the cluster search domains (default.svc.{{ dns_domain }}, svc.{{ dns_domain }}).

    Most Linux systems limit the total number of search domains to 6 and the total length of all search domains to 256 characters. Depending on the length of dns_domain, you're limitted to less then the total limit.

    Please note that resolvconf_mode: docker_dns will automatically add your systems search domains as additional search domains. Please take this into the accounts for the limits.

    nameservers

    This variable is only used by resolvconf_mode: host_resolvconf. These nameservers are added to the hosts /etc/resolv.conf after upstream_dns_servers and thus serve as backup nameservers. If this variable is not set, a default resolver is chosen (depending on cloud provider or 8.8.8.8 when no cloud provider is specified).

    upstream_dns_servers

    DNS servers to be added after the cluster DNS. Used by all resolvconf_mode modes. These serve as backup DNS servers in early cluster deployment when no cluster DNS is available yet. These are also added as upstream DNS servers used by dnsmasq (when deployed with dns_mode: dnsmasq_kubedns).

    DNS modes supported by Kubespray

    You can modify how Kubespray sets up DNS for your cluster with the variables dns_mode and resolvconf_mode.

    dns_mode

    dns_mode configures how Kubespray will setup cluster DNS. There are four modes available:

    dnsmasq_kubedns

    This installs an additional dnsmasq DaemonSet which gives more flexibility and lifts some limitations (e.g. number of nameservers). Kubelet is instructed to use dnsmasq instead of kubedns/skydns. It is configured to forward all DNS queries belonging to cluster services to kubedns/skydns. All other queries are forwardet to the nameservers found in upstream_dns_servers or default_resolver

    kubedns (default)

    This does not install the dnsmasq DaemonSet and instructs kubelet to directly use kubedns/skydns for all queries.

    coredns

    This does not install the dnsmasq DaemonSet and instructs kubelet to directly use CoreDNS for all queries.

    coredns_dual

    This does not install the dnsmasq DaemonSet and instructs kubelet to directly use CoreDNS for all queries. It will also deploy a secondary CoreDNS stack

    manual

    This does not install dnsmasq or kubedns, but allows you to specify manual_dns_server, which will be configured on nodes for handling Pod DNS. Use this method if you plan to install your own DNS server in the cluster after initial deployment.