1
00:00:00,940 --> 00:00:06,760
In this lecture we will discuss how Kubernetes implements DNS in

2
00:00:06,760 --> 00:00:07,630
the cluster.

3
00:00:07,660 --> 00:00:13,690
In the previous lecture we saw how you can address a service or pod from another pod. In this lecture

4
00:00:13,690 --> 00:00:17,020
we will see how kubernetes makes that possible.

5
00:00:17,080 --> 00:00:20,120
Say you were given two pods with two IP addresses.

6
00:00:20,140 --> 00:00:21,640
How would you do it.

7
00:00:21,790 --> 00:00:25,270
Based on what we learned in the prerequisite lectures on DNS,

8
00:00:25,300 --> 00:00:32,860
an easy way to get them to resolve each other is to add an entry into each of their /etc/hosts files. On

9
00:00:32,860 --> 00:00:33,850
the first pod

10
00:00:33,910 --> 00:00:39,330
I would say the second pod web is at 10.244.2.5

11
00:00:39,520 --> 00:00:45,520
and on the second pod I would say the first pod test is at 10.244.1.5.

12
00:00:45,670 --> 00:00:50,290
But of course, when you have 1000s of PODs in the cluster, and 100s of them being created and

13
00:00:50,290 --> 00:00:51,520
deleted every minute.

14
00:00:51,520 --> 00:00:53,890
This is not a suitable solution.

15
00:00:53,890 --> 00:01:00,430
So we move these entries into a central DNS server. We then point these PODs to the DNS server by

16
00:01:00,430 --> 00:01:07,390
adding an entry into their /etc/resolv.conf file specifying that the nameserver is at the IP address

17
00:01:07,390 --> 00:01:11,460
of the DNS server, which happens to be 10.96.0.10

18
00:01:11,470 --> 00:01:18,760
in this case. Every time a new pod is created, we add a record in the DNS server for that pod so that

19
00:01:18,880 --> 00:01:25,810
other pods can access the new POD, and configure the /etc/resolv.conf file in the POD to

20
00:01:25,810 --> 00:01:28,470
the DNS server so that the pod can resolve

21
00:01:28,570 --> 00:01:30,910
other pods in the cluster.

22
00:01:30,910 --> 00:01:37,220
This is kind of how kubernetes does it. Except that it does not create similar entries for PODs to map podname

23
00:01:37,300 --> 00:01:40,870
to its IP address as we have seen in the previous lecture.

24
00:01:40,870 --> 00:01:49,090
It does that for services. For pods it forms host names by replacing dots with dashes in the IP address

25
00:01:49,090 --> 00:01:56,260
of the pod. Kubernetes implements DNS in the same way. It deploys a DNS server within the cluster.

26
00:01:56,830 --> 00:02:04,730
Prior to version v1.12 the DNS implemented by kubernetes was known as kube-dns. With Kubernetes

27
00:02:04,840 --> 00:02:13,110
version 1.12 the recommended DNS server is CoreDNS. We took a brief look at a core DNS in one of

28
00:02:13,110 --> 00:02:15,120
the prerequisite lectures.

29
00:02:15,120 --> 00:02:18,120
So how is the core DNS setup in the cluster.

30
00:02:18,120 --> 00:02:24,330
The CoreDNS server is deployed as a POD in the kube-system namespace in the kubernetes cluster.

31
00:02:24,360 --> 00:02:29,200
Well they are deployed as two pods  for redundancy, as part of a replicaset.

32
00:02:29,520 --> 00:02:35,120
they are actually a replicaset within a deployment. But it doesn’t really matter. We’ll just see

33
00:02:35,120 --> 00:02:38,280
CoreDNS as a POD in this lecture.

34
00:02:38,280 --> 00:02:45,360
This POD runs the coreDNS executable, the same executable that we ran when we deployed CoreDNS

35
00:02:45,420 --> 00:02:46,630
ourselves.

36
00:02:46,740 --> 00:02:49,880
CoreDNS requires a configuration file. In our case

37
00:02:49,920 --> 00:02:54,080
we used a file named Corefile. So does kubernetes.

38
00:02:54,150 --> 00:03:00,730
It uses a file named Corefile located at /etc/coredns. Within this file

39
00:03:00,740 --> 00:03:07,760
you have a number of plugins configured. The ones highlighted in <c> orange. Plugins are configured for handling

40
00:03:07,820 --> 00:03:14,210
errors, reporting health, monitoring metrics, cache etc. The plugin that makes CoreDNS work with

41
00:03:14,210 --> 00:03:19,760
Kubernetes, is the kubernetes plugin. And this is where the top level domain name for the cluster

42
00:03:19,850 --> 00:03:28,340
is set. In this case  cluster.local. So every record in the coredns DNS server falls under this

43
00:03:28,340 --> 00:03:30,800
domain. Within the kubernetes plugin

44
00:03:30,800 --> 00:03:32,460
there are multiple options.

45
00:03:32,620 --> 00:03:39,220
The pods option you see here, is what is responsible for creating a record for PODs in the cluster.

46
00:03:39,230 --> 00:03:44,570
Remember we talked about a record being created for each POD by converting their IPs into a dashed

47
00:03:44,570 --> 00:03:47,320
format that's disabled by default.

48
00:03:47,480 --> 00:03:50,840
But it can be enabled with this entry here.

49
00:03:50,840 --> 00:03:57,620
Any record that this DNS server can’t solve, for example say a POD tries to reach www.google.com

50
00:03:57,770 --> 00:04:04,810
it is forwarded to the nameserver specified in the coredns pods /etc/resolv.conf file. The

51
00:04:04,820 --> 00:04:09,290
/etc/resolv.conf file is set to use the nameserver from the kubernetes

52
00:04:09,290 --> 00:04:18,450
Node. Also note, that this core file is passed into the pod has a configMap object.  That way if you

53
00:04:18,450 --> 00:04:23,240
need to modify this configuration you can edit the ConfigMap object.

54
00:04:23,310 --> 00:04:28,590
We now have the coredns pod up and running using the appropriate kubernetes plugin.

55
00:04:28,740 --> 00:04:36,180
It watches the kubernetes cluster for new PODs or services, and every time a pod or a service is created it

56
00:04:36,300 --> 00:04:39,510
adds a record for it in its database.

57
00:04:39,510 --> 00:04:43,530
Next step is for the pod to point to the coreDNS server.

58
00:04:43,830 --> 00:04:50,570
What address do the PODs use to reach the DNS server? When we deploy CoreDNS solution,

59
00:04:50,570 --> 00:04:55,550
It also creates a service to make it available to other components within a cluster.

60
00:04:55,550 --> 00:05:02,640
The service is named as kube-dns by default. The IP address of this service is configured as

61
00:05:02,640 --> 00:05:04,480
nameserver on the PODs.

62
00:05:04,500 --> 00:05:09,340
Now you don’t have to configure this yourself. The DNS configurations on PODs are done by kubernetes

63
00:05:09,350 --> 00:05:12,720
automatically when the PODs are created.

64
00:05:12,720 --> 00:05:17,720
Want to guess which kubernetes component is responsible for that? The kubelet.

65
00:05:17,910 --> 00:05:24,190
If you look at the config file of the kubelet you will see the IP of the DNS server and domain in it.

66
00:05:24,270 --> 00:05:30,090
Once the pods are configured with the right nameserver, you can now resolve other pods and services.

67
00:05:30,540 --> 00:05:36,130
You can access the web-service using just web-service, or web-service.default or web-service.default.svc or web-service.default.svc.cluster.local.

68
00:05:36,210 --> 00:05:41,220
You can access the web-service using just web-service, or web-service.default or web-service.default.svc or web service.default.svc.cluster.local.

69
00:05:41,460 --> 00:05:47,310
If you try to manually lookup the web-service using nslookup or the host command web-service command, it

70
00:05:47,310 --> 00:05:53,130
will return the fully qualified domain name of the web-service, which happens to be web-service.default.svc.cluster.local.

71
00:05:53,130 --> 00:05:55,440
will return the fully qualified domain name of the web-service, which happens to be web-service.default.svc.cluster.local.

72
00:05:55,740 --> 00:05:58,980
But you didn't ask for that you just set up service.

73
00:05:58,980 --> 00:06:01,520
So how did it look up for the full name.

74
00:06:01,530 --> 00:06:07,730
It so happens, the resolv.conf file also has <c> a search entry which is set to default.svc.cluster.local

75
00:06:07,730 --> 00:06:13,770
as well as svc.cluster.local and cluster.local.

76
00:06:13,770 --> 00:06:19,590
This allows you to find the service using any name. web-service or web-service.default or web-service.default.svc.

77
00:06:19,590 --> 00:06:21,090
This allows you to find the service using any name. web-service or web-service.default or web-service.default.svc.

78
00:06:21,090 --> 00:06:27,990
However, notice that it only has search entries for service . So you won’t be able to reach a pod the same

79
00:06:27,990 --> 00:06:28,440
way.

80
00:06:28,500 --> 00:06:33,280
For that you need to specify the full FQDN of the pod.

81
00:06:33,300 --> 00:06:35,160
Well that's it for this lecture.

82
00:06:35,160 --> 00:06:41,620
Head over to the practice test and practice working with DNS on our kubernetes cluster. I will see you

83
00:06:41,860 --> 00:06:42,820
in the next lecture.