How to change the cluster.local default domain on kubernetes 1.9 deployed with kubeadm?

kubernetes kubeadm kube-dns
Marcus picture Marcus · Jan 18, 2018 · Viewed 8k times · Source

I would like to resolve the kube-dns names from outside of the Kubernetes cluster by adding a stub zone to my DNS servers. This requires changing the cluster.local domain to something that fits into my DNS namespace.

The cluster DNS is working fine with cluster.local. To change the domain I have modified the line with KUBELET_DNS_ARGS on /etc/systemd/system/kubelet.service.d/10-kubeadm.conf to read:

Environment="KUBELET_DNS_ARGS=--cluster-dns=x.y.z --cluster-domain=cluster.mydomain.local --resolv-conf=/etc/resolv.conf.kubernetes"

After restarting kubelet external names are resolvable but kubernetes name resolution failed.

I can see that kube-dns is still running with:

/kube-dns --domain=cluster.local. --dns-port=10053 --config-dir=/kube-dns-config --v=2

The only place I was able to find cluster.local was within the pods yaml configuration which reads:

  containers:
  - args:
    - --domain=cluster.local.
    - --dns-port=10053
    - --config-dir=/kube-dns-config
    - --v=2

After modifying the yaml and recreating the pod using

kubectl replace --force -f kube-dns.yaml

I still see kube-dns gettings started with --domain=cluster.local.

What am I missing?

Answer

simon picture simon · Jun 8, 2018

I had a similar problem where I have been porting a microservices based application to Kubernetes. Changing the internal DNS zone to cluster.local was going to be a fairly complex task that we didn't really want to deal with.

In our case, we switched from KubeDNS to CoreDNS, and simply enabled the coreDNS rewrite plugin to translate our our.internal.domain to ourNamespace.svc.cluster.local.

After doing this, the corefile part of our CoreDNS configmap looks something like this:

data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        rewrite name substring our.internal.domain ourNamespace.svc.cluster.local
        proxy . /etc/resolv.conf
        cache 30

    }

This enables our kubernetes services to respond on both the default DNS zone and our own zone.

Related questions

How to completely uninstall kubernetes

I installed kubernetes cluster using kubeadm following this guide. After some period of time, I decided to reinstall K8s but run into troubles with removing all related files and not finding any docs on official site how to remove …

Read More
How to add roles to nodes in Kubernetes?

When I provision a Kubernetes cluster using kubeadm and I get my nodes tagged as none. It's a know bug in Kubernetes and currently a PR is in-progress. However, I would like to know if there is an option to …

Read More
Container runtime network not ready: cni config uninitialized

I'm installing kubernetes(kubeadm) on centos VM running inside Virtualbox, so with yum I installed kubeadm, kubelet and docker. Now while trying to setup cluster with kubeadm init --pod-network-cidr=192.168.56.0/24 --apiserver-advertise-address=192.168.56.33/32 i run into the following error : Unable to update cni …

Read More