Skip to content




coredns

customizing coredns

https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/

current coredns config (configmap)

kubectl get configmap -n kube-system coredns -o yaml

default configmap

coredns configmap
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health {
            lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods insecure
            fallthrough in-addr.arpa ip6.arpa
            ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }

configuration

https://github.com/coredns/coredns.io/blob/master/content/manual/configuration.md

When updating configuration through flux gitops:

  1. get the backup file by running kubectl get configmap -n kube-system coredns -o yaml > {backup_filename}
  2. (recommended to copy the original backup file and then) edit the coredns Corefile configmap file to apply
  3. place the file on flux kustomization and confirm the result
    • for example, place myconfig.yaml at ./infrastructure/{clustername}/configs/coredns/myconfig.yaml and add coredns/myconfig.yaml to the infra-config kustomization

enable logging

https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#are-dns-queries-being-received-processed

Add log plugin as described in the link above.

custom coredns configmap
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        log
        errors
        health
        ......
        ......

change the forwarder to cloudflare dns using tls

https://github.com/coredns/coredns/issues/1650#issuecomment-377790487

https://stackoverflow.com/a/54519079

Update the forward section.

# send test query using dnsutils pod running on my testbed namespace
kubectl -n testbed exec -i -t dnsutils -- nslookup google.com.

# confirm log
kubectl logs --namespace=kube-system -l k8s-app=kube-dns
custom coredns configmap
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        ......
        ......
        forward . tls://1.1.1.1 tls://1.0.0.1 {
           tls_servername cloudflare-dns.com
           health_check 5s
           max_concurrent 1000
        }
        ......
        ......