Skip to main content

Kubernetes DNS: CoreDNS custom Hosts entry (K3s & K8s Version), Deployment with custom Hosts entry; Backup and Restore the CoreDNS ConfigMap; DNS Troubleshooting

918 words·
Kubernetes Kubectl CoreDNS DNS ConfigMap
Table of Contents
Kubernetes-Components - This article is part of a series.
Part 1: Rancher Kubernetes Management Platform: Cert Manager Helm Deployment, Rancher Helm Deployment with Rancher CA certificate, Export Root CA Certificate, Ingress Resource, Access Rancher with TLS Encryption
Part 2: Velero Open-Source Kubernetes Backups: Velero Helm Deployment, Backup and Restore a Kubernetes Namespace from an AWS S3 Bucket
Part 3: Kubernetes Deployment Components: Pods - Multi Container Pod Example, Container Networking Within a Pod; Replication Controller; Services - ClusterIP, NodePort & LoadBalancer Services, Services for Pods, Replication Controllers, External Resources & Deployments
Part 4: Kubernetes Resource Management: Define Resource Requests and Limits; Deploy Kubernetes Metrics Server, Verify Resource Usage with kubectl top
Part 5: Kubernetes Security: Immutable Deployment - Deploy Container with ReadOnly-Filesystem and Writable-Volume
Part 6: Kubernetes Security: Pod Security Admission (PSA) - Overview, Enforce Pod Security Standard at a Namespace; Example Nginx Pod SecurityContext for Restricted PSS
Part 7: Kubernetes Volumes: Nginx Pod and Deployment Examples with NFS Volume, Pod and Deployment Examples with EmptyDir Volume, Deployment Example with PersistentVolume, External Storage Provider with NFS
Part 8: Kubernetes Secrets: Opaque Secret Configuration, Pod Examples with Environment Variable Secrets and Volume Secrets; SSH Authentication Secret with Pod Example
Part 9: Kubernetes Horizontal Pod Autoscaling: Install Kubernetes Metrics Server, Example Deployment with Horizontal Pod Autoscaler (HPA)
Part 10: This Article
Part 11: Kubernetes Liveness & Readiness Probes: TCP Readiness Probes (Single Pod and Multi Pod Dependency), TCP Liveness Probe
Part 12: Kubernetes Network Policies: Ingress and Egress Policy Examples
Part 13: Kubernetes Role Based Access Control (RBAC): RBAC Overview, Create Service Account, Example Role and RoleBinding
Part 14: Kubernetes Kubeconfig: Create example Kubeconfig with new (RBAC) Service Account and ClusterRole / ClusterRole Binding
Part 15: Kubernetes Container Storage Interface (CSI): NFS CSI Driver Example, Dynamically create PersistentVolumes using a CSI StorageClass and PVC
Part 16: Kubernetes Container Storage Interface (CSI): Ceph CSI Driver Example, Dynamically provision RBD Images in a Ceph Storage Pool
Part 17: Kubernetes Container Storage Interface (CSI): Longhorn Distributed Block Storage System - Deploy Longhorn via Helm Chart, Define Custom Storage Mountpoints; StorageClass & PVC Example
Part 18: Kubernetes Container Storage Interface (CSI): Samba - Deploy SMB CSI via Helm, Create example PVC and Pod
Part 19: Kubernetes Etcd Snapshot: Etcd Snapshot and Restore with Etcdctl, Verify Etcd Member Health; Etcdctl Commands
Part 20: Kubernetes Helm Charts: Create a Custom Helm Chart
Part 21: Kubernetes Kustomize: Kustomize Configuration Management Example
Part 22: Kubernetes ReplicaSets & DaemonSets: Overview, Example ReplicaSets and DaemonSets with and without NodeSelector & Node Labeling
Part 23: Kubernetes Jobs: Jobs Overview, Basic Non-parallel & Parallel Job Examples; CronJob & RBAC Example that Restarts a Deployment
Part 24: Kubernetes Commands: Cluster Nodes, Namespaces, LimitRange Resource Limits, Pods, Deployments, Replication Controllers, Services, HPA, Secrets, Cronjobs, Helm, Logs, K9s TUI

CoreDNS
#

Backup and Restore ConfigMap
#

Before changing the CoreDNS ConfigMap settings, create a backup, so that you can restore it, in case you mess it up.

Here are the details on how to backup and restore the CoreDNS ConfigMap:

# Export the current ConfigMap
kubectl get cm coredns -n kube-system -o yaml > coredns-configmap-backup.yaml

# Scale down the deployment to "0"
kubectl scale deployment coredns --replicas=0 -n kube-system

# Delete the original ConfigMap
kubectl delete cm coredns -n kube-system

# Restore the ConfigMap from the backup
kubectl apply -f coredns-configmap-backup.yaml

# Restart / Redeploy CoreDNS
kubectl rollout restart deployment coredns -n kube-system

# Scale down the deployment to "1"
kubectl scale deployment coredns --replicas=0 -n kube-system

Optional: Backup and Restore Deployment
#

If you’re planning to also adopt the deployment, such as to add ConfigMap volumes to it, it’s a good idea to also backup the CoreDNS deployment:

# Create a backup of a Deployment
kubectl get deployment coredns -n kube-system -o yaml > coredns-deployment.yaml

# Delete the Deployment
kubectl delete deployment coredns -n kube-system

# Restore the Deployment
kubectl apply -f coredns-deployment.yaml

Add Hosts Entry to CoreDNS
#

Find the CoreDNS ConfigMap
# 

# List ConfigMaps in "kube-system" namespace
kubectl get cm -n kube-system

List the ConfigMap Details
# 

# List CoreDNS ConfigMap details
kubectl describe cm coredns -n kube-system

Edit the ConfigMap
# 

# Adopt the CoreDNS ConfigMap / configuration
kubectl edit cm coredns -n kube-system

Create Custom DNS Entry: K3s
#

Create a custom DNS / hosts entry for the following hosts:

192.168.30.61 debian-node-1.local
192.168.30.62 debian-node-2.local

The whole ConfigMap looks like this:

apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
        }
        hosts /etc/coredns/NodeHosts {
          ttl 60
          reload 15s
          fallthrough
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
        import /etc/coredns/custom/*.override
    }
    import /etc/coredns/custom/*.server    
  NodeHosts: |
    192.168.30.20 debian-01
    192.168.30.21 debian-02
    192.168.30.22 debian-03
    192.168.30.61 debian-node-1.local # Add custom hosts entry
    192.168.30.62 debian-node-2.local # Add custom hosts entry    
kind: ConfigMap

Create Custom DNS Entry: K8s
#

Create a custom DNS / hosts entry for the following hosts:

192.168.30.61 debian-node-1.local
192.168.30.62 debian-node-2.local

The whole ConfigMap looks like this:

apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors {
        }
        health {
            lameduck 5s
        }
        ready
        kubernetes jkw-k8s.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
        }
        hosts {
            192.168.30.61 debian-node-1.local # Add custom hosts entry
            192.168.30.62 debian-node-2.local # Add custom hosts entry
            fallthrough
        }
        prometheus :9153
        forward . /etc/resolv.conf {
          prefer_udp
          max_concurrent 1000
        }
        cache 30

        loop
        reload
        loadbalance
    }

Restart CoreDNS
# 

# Restart CoreDNS
kubectl rollout restart deployment coredns -n kube-system

# Alternative delete the CoreDNS pods
kubectl delete pod -l k8s-app=kube-dns -n kube-system

Verify CoreDNS Pods, Details and Logs
#

Verify the CoreDNS pods are up and running:

# List pods in the "kube-system" namespace
kubectl get pod -n kube-system

# Shell output:
NAME                                      READY   STATUS      RESTARTS      AGE
...
coredns-6f84c7cff6-fdjd7                  1/1     Running     0             40s

If necessary list the pods details and logs for troubleshooting:

# List CoreDNS pod details
kubectl describe pod coredns-6f84c7cff6-fdjd7 -n kube-system

# List CoreDNS pod logs
kubectl logs coredns-6f84c7cff6-fdjd7 -n kube-system

Test the DNS Resolution
# 

# Run a busybox pod and test the DNS resolution
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- nslookup debian-node-1.local

# Shell output:
Name:   debian-node-1.local
Address: 192.168.30.61

# Alternative run a busybox and open the shell:
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh

# Manually start nslookup
nslookup debian-node.local

Deployment with Hosts Entry
#

Deployment Manifest
# 

# Create a manifest for the deployment
vi hosts-deployment-example.yaml

Define one or more hostnames for an IP:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      hostAliases:
      - ip: "192.168.30.61"
        hostnames:
        - "debian-node-1.local" # Hostname 1
        - "deb1.local" # Hostname 2
      - ip: "192.168.30.62"
        hostnames:
        - "debian-node-3.local"
      containers:
      - name: nginx-container
        image: nginx
        ports:
        - containerPort: 80

# Deploy the manifest
kubectl apply -f hosts-deployment-example.yaml

Test the DNS Resolution
#

Open the container terminal:

# Exec the container terminal
kubectl exec -it $(kubectl get pod -l app=nginx -o jsonpath="{.items[0].metadata.name}") -- /bin/sh

Verify the hosts entries:

# Verify the hosts entry:
cat /etc/hosts

# Shell output:
# Entries added by HostAliases.
192.168.30.61   debian-node-1.local     deb1.local
192.168.30.62   debian-node-3.local

Alternative ping the host:

# Install the packages for ping
apt update && apt install -y iputils-ping

# Run ping
ping deb1.local

# Shell output:
PING debian-node-1.local (192.168.30.61)

Note: Nslookup queries DNS directly and might bypass the /etc/hosts file.


DNS Troubleshooting
#

Find the CoreDNS Cluster IP
# 

# List the CoreDNS cluster IP
kubectl get svc -n kube-system

# Shell output:
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
coredns   ClusterIP   10.233.0.3   <none>        53/UDP,53/TCP,9153/TCP   5d18h

Note: In older Kubernetes versions the name for the cordns ClusterIP service can also be kube-dns.

Verify Pod DNS Resolver
#

Verify if the DNS resolver of a pod:

# Run a busybox pod to test the DNS resolution
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- cat /etc/resolv.conf

# Alternative run a busybox and open the shell:
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh

# List DNS resolver
cat /etc/resolv.conf

Logs
# 

# List CoreDNS logs
kubectl logs -l k8s-app=kube-dns -n kube-system

# List local DNS logs (DNS cache)
kubectl logs -n kube-system -l k8s-app=node-local-dns

Node DNS
#

Verify the DNS resolver:

# Verify the DNS resolver of the Kubernetes Nodes
cat /etc/resolv.conf

Kubelet DNS settings:

# Verify the Kubelet configuration (Debian 12)
cat /var/lib/kubelet/config.yaml
Kubernetes-Components - This article is part of a series.
Part 1: Rancher Kubernetes Management Platform: Cert Manager Helm Deployment, Rancher Helm Deployment with Rancher CA certificate, Export Root CA Certificate, Ingress Resource, Access Rancher with TLS Encryption
Part 2: Velero Open-Source Kubernetes Backups: Velero Helm Deployment, Backup and Restore a Kubernetes Namespace from an AWS S3 Bucket
Part 3: Kubernetes Deployment Components: Pods - Multi Container Pod Example, Container Networking Within a Pod; Replication Controller; Services - ClusterIP, NodePort & LoadBalancer Services, Services for Pods, Replication Controllers, External Resources & Deployments
Part 4: Kubernetes Resource Management: Define Resource Requests and Limits; Deploy Kubernetes Metrics Server, Verify Resource Usage with kubectl top
Part 5: Kubernetes Security: Immutable Deployment - Deploy Container with ReadOnly-Filesystem and Writable-Volume
Part 6: Kubernetes Security: Pod Security Admission (PSA) - Overview, Enforce Pod Security Standard at a Namespace; Example Nginx Pod SecurityContext for Restricted PSS
Part 7: Kubernetes Volumes: Nginx Pod and Deployment Examples with NFS Volume, Pod and Deployment Examples with EmptyDir Volume, Deployment Example with PersistentVolume, External Storage Provider with NFS
Part 8: Kubernetes Secrets: Opaque Secret Configuration, Pod Examples with Environment Variable Secrets and Volume Secrets; SSH Authentication Secret with Pod Example
Part 9: Kubernetes Horizontal Pod Autoscaling: Install Kubernetes Metrics Server, Example Deployment with Horizontal Pod Autoscaler (HPA)
Part 10: This Article
Part 11: Kubernetes Liveness & Readiness Probes: TCP Readiness Probes (Single Pod and Multi Pod Dependency), TCP Liveness Probe
Part 12: Kubernetes Network Policies: Ingress and Egress Policy Examples
Part 13: Kubernetes Role Based Access Control (RBAC): RBAC Overview, Create Service Account, Example Role and RoleBinding
Part 14: Kubernetes Kubeconfig: Create example Kubeconfig with new (RBAC) Service Account and ClusterRole / ClusterRole Binding
Part 15: Kubernetes Container Storage Interface (CSI): NFS CSI Driver Example, Dynamically create PersistentVolumes using a CSI StorageClass and PVC
Part 16: Kubernetes Container Storage Interface (CSI): Ceph CSI Driver Example, Dynamically provision RBD Images in a Ceph Storage Pool
Part 17: Kubernetes Container Storage Interface (CSI): Longhorn Distributed Block Storage System - Deploy Longhorn via Helm Chart, Define Custom Storage Mountpoints; StorageClass & PVC Example
Part 18: Kubernetes Container Storage Interface (CSI): Samba - Deploy SMB CSI via Helm, Create example PVC and Pod
Part 19: Kubernetes Etcd Snapshot: Etcd Snapshot and Restore with Etcdctl, Verify Etcd Member Health; Etcdctl Commands
Part 20: Kubernetes Helm Charts: Create a Custom Helm Chart
Part 21: Kubernetes Kustomize: Kustomize Configuration Management Example
Part 22: Kubernetes ReplicaSets & DaemonSets: Overview, Example ReplicaSets and DaemonSets with and without NodeSelector & Node Labeling
Part 23: Kubernetes Jobs: Jobs Overview, Basic Non-parallel & Parallel Job Examples; CronJob & RBAC Example that Restarts a Deployment
Part 24: Kubernetes Commands: Cluster Nodes, Namespaces, LimitRange Resource Limits, Pods, Deployments, Replication Controllers, Services, HPA, Secrets, Cronjobs, Helm, Logs, K9s TUI