richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
772 Commits
33 Branches
82 Tags
152 MiB
Tree: 429b08a408
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '429b08a408'
${ noResults }
kubespray/docs/dns-stack.md

47 lines
2.5 KiB
Raw Normal View History

Make dnsmasq daemon set optional Change additional dnsmasq opts: - Adjust caching size and TTL - Disable resolve conf to not create loops - Change dnsPolicy to default (similarly to kubedns's dnsmasq). The ClusterFirst should not be used to not create loops - Disable negative NXDOMAIN replies to be cached - Make its very installation as optional step (enabled by default). If you don't want more than 3 DNS servers, including 1 for K8s, disable it. - Add docs and a drawing to clarify DNS setup. - Fix stdout logs for dnsmasq/kubedns app configs - Add missed notifies to resolvconf -u handler - Fix idempotency of resolvconf head file changes Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix docs and dns servers placement order - Update docs and a drawing to clarify DNS setup. - Change order of nameservers placement to match changes in https://github.com/kubespray/kargo/pull/501 Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Make dnsmasq daemon set optional Change additional dnsmasq opts: - Adjust caching size and TTL - Disable resolve conf to not create loops - Change dnsPolicy to default (similarly to kubedns's dnsmasq). The ClusterFirst should not be used to not create loops - Disable negative NXDOMAIN replies to be cached - Make its very installation as optional step (enabled by default). If you don't want more than 3 DNS servers, including 1 for K8s, disable it. - Add docs and a drawing to clarify DNS setup. - Fix stdout logs for dnsmasq/kubedns app configs - Add missed notifies to resolvconf -u handler - Fix idempotency of resolvconf head file changes Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix docs and dns servers placement order - Update docs and a drawing to clarify DNS setup. - Change order of nameservers placement to match changes in https://github.com/kubespray/kargo/pull/501 Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Make dnsmasq daemon set optional Change additional dnsmasq opts: - Adjust caching size and TTL - Disable resolve conf to not create loops - Change dnsPolicy to default (similarly to kubedns's dnsmasq). The ClusterFirst should not be used to not create loops - Disable negative NXDOMAIN replies to be cached - Make its very installation as optional step (enabled by default). If you don't want more than 3 DNS servers, including 1 for K8s, disable it. - Add docs and a drawing to clarify DNS setup. - Fix stdout logs for dnsmasq/kubedns app configs - Add missed notifies to resolvconf -u handler - Fix idempotency of resolvconf head file changes Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix docs and dns servers placement order - Update docs and a drawing to clarify DNS setup. - Change order of nameservers placement to match changes in https://github.com/kubespray/kargo/pull/501 Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
  1. K8s DNS stack by Kargo
  2. ======================
  4. Here is an approximate picture of how DNS things working and
  5. being configured by Kargo ansible playbooks:
  7. ![Image](figures/dns.jpeg?raw=true)
  9. Note that an additional dnsmasq daemon set is installed by Kargo
  10. by default. Kubelet will configure DNS base of all pods to use the
  11. given dnsmasq cluster IP, which is defined via the ``dns_server`` var.
  12. The dnsmasq forwards requests for a given cluster ``dns_domain`` to
  13. Kubedns's SkyDns service. The SkyDns server is configured to be an
  14. authoritative DNS server for the given cluser domain (and its subdomains
  15. up to ``ndots:5`` depth). Note: you should scale its replication controller
  16. up, if SkyDns chokes. These two layered DNS forwarders provide HA for the
  17. DNS cluster IP endpoint, which is a critical moving part for Kubernetes apps.
  19. Nameservers are as well configured in the hosts' ``/etc/resolv.conf`` files,
  20. as the given DNS cluster IP merged with ``nameservers`` values. While the
  21. DNS cluster IP merged with the ``upstream_dns_servers`` defines additional
  22. nameservers for the aforementioned nsmasq daemon set running on all hosts.
  23. This mitigates existing Linux limitation of max 3 nameservers in the
  24. ``/etc/resolv.conf`` and also brings an additional caching layer for the
  25. clustered DNS services.
  27. You can skip the dnsmasq daemon set install steps by setting the
  28. ``skip_dnsmasq: true``. This may be the case, if you're fine with
  29. the nameservers limitation. Sadly, there is no way to work around the
  30. search domain limitations of a 256 chars and 6 domains. Thus, you can
  31. use the ``searchdomains`` var to define no more than a three custom domains.
  32. Remaining three slots are reserved for K8s cluster default subdomains.
  34. When dnsmasq skipped, Kargo redefines the DNS cluster IP to point directly
  35. to SkyDns cluster IP ``skydns_server`` and configures Kubelet's
  36. ``--dns_cluster`` to use that IP as well. While this greatly simplifies
  37. things, it comes by the price of limited nameservers though. As you know now,
  38. the DNS cluster IP takes a slot in the ``/etc/resolv.conf``, thus you can
  39. specify no more than a two nameservers for infra and/or external use.
  40. Those may be specified either in ``nameservers`` or ``upstream_dns_servers``
  41. and will be merged together with the ``skydns_server`` IP into the hots'
  42. ``/etc/resolv.conf``.
  44. Kargo has yet ways to configure Kubedns addon to forward requests SkyDns can
  45. not answer with authority to arbitrary recursive resolvers. This task is left
  46. for future. See [official SkyDns docs](https://github.com/skynetservices/skydns)
  47. for details.