Add custom nameserver KubeDNSv17

[Roberto]

Hi, we have an issue in kubernetes and we really appreciate if you can help us. If I'm in the wrong section, please let me know. 

We have a kubernetes cluster deployed in GCE. We have created a VPN to our internal network and it's working ok. Now, we want that all the pods can use a custom dns (an internal one connected through VPN) but it's not working. We don't want to add the dns server manually in /etc/hosts in each pod.  

We've reviewed that pods inherit dns from the host but it's not working. There's a way to modify KubeDNS to add our nameserver?

Thanks.

Regards.

Roberto

[Tim Hockin]

On Mon, Sep 26, 2016 at 4:00 PM, Roberto
<cloud.env...@qualifacts.com> wrote:
> Hi, we have an issue in kubernetes and we really appreciate if you can help
> us. If I'm in the wrong section, please let me know.
>
> We have a kubernetes cluster deployed in GCE. We have created a VPN to our
> internal network and it's working ok. Now, we want that all the pods can use
> a custom dns (an internal one connected through VPN) but it's not working.
> We don't want to add the dns server manually in /etc/hosts in each pod.
>
> We've reviewed that pods inherit dns from the host but it's not working.

What's not working? The fact that it inherits or that this is not
what you want?

> There's a way to modify KubeDNS to add our nameserver?

You can add a --resolv-conf flag to kubelet, which points to a resolve
file from which to inherit, instead of /etc. The problem (maybe) is
that you will now lose access to GCE-internal names, such as VMs and
"metadata".

[Roberto]

Hi, we want that pods can inherit the configuration from the host but when we deploy a new pod it only have the internal dns information. ie nameserver 10.111.x.x (kubedns IP) and search project.svc.cluster.local. 

If we add the --resolv-conf flag, we can add our own nameserver and the kubedns pod and it will continue working?

Thanks.

[Matthias Rampke]

Hi,

this only applies to the DNS pod (technically, any pod with `dnsPolicy: Default`), but since it does the resolution for all the other pods they actually inherit this.

So, first you either set the nameserver you want in /etc/resolv.conf or use a different resolv.conf using the flag. Then restart all kubelets to pick up these settings, and finally reschedule (delete) all kubedns pods. Then they will use your nameserver as upstream. You can check what the resulting resolv.conf is using `kubectl exec`.

/MR

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[Cole Mickens]

Is it also an option to specify the upstream servers directly in the dnsmasq command line inside the kube-dns RC/Deployment?

As in, editing this: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/skydns-rc.yaml.in#L86 to include a `--server` flag (possibly with `--no-resolv`) as documented here: http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

?

On Mon, Sep 26, 2016 at 4:59 PM, Matthias Rampke <m...@soundcloud.com> wrote:

Hi,

this only applies to the DNS pod (technically, any pod with `dnsPolicy: Default`), but since it does the resolution for all the other pods they actually inherit this.

So, first you either set the nameserver you want in /etc/resolv.conf or use a different resolv.conf using the flag. Then restart all kubelets to pick up these settings, and finally reschedule (delete) all kubedns pods. Then they will use your nameserver as upstream. You can check what the resulting resolv.conf is using `kubectl exec`.

/MR

On Mon, Sep 26, 2016 at 11:31 PM Roberto <cloud.environments@qualifacts.com> wrote:

Hi, we want that pods can inherit the configuration from the host but when we deploy a new pod it only have the internal dns information. ie nameserver 10.111.x.x (kubedns IP) and search project.svc.cluster.local. 

If we add the --resolv-conf flag, we can add our own nameserver and the kubedns pod and it will continue working?

Thanks.

On Monday, September 26, 2016 at 6:08:56 PM UTC-5, Tim Hockin wrote:

On Mon, Sep 26, 2016 at 4:00 PM, Roberto

<cloud.env...@qualifacts.com> wrote:
> Hi, we have an issue in kubernetes and we really appreciate if you can help
> us. If I'm in the wrong section, please let me know.
>
> We have a kubernetes cluster deployed in GCE. We have created a VPN to our
> internal network and it's working ok. Now, we want that all the pods can use
> a custom dns (an internal one connected through VPN) but it's not working.
> We don't want to add the dns server manually in /etc/hosts in each pod.
>
> We've reviewed that pods inherit dns from the host but it's not working.

What's not working?  The fact that it inherits or that this is not
what you want?

> There's a way to modify KubeDNS to add our nameserver?

You can add a --resolv-conf flag to kubelet, which points to a resolve
file from which to inherit, instead of /etc.  The problem (maybe) is
that you will now lose access to GCE-internal names, such as VMs and
"metadata".

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.

To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.

Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.

To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.

[Tim Hockin]

Dnsmasq does have a bunch of cool flags, but we have not really qualified them yet.  Use at your own risk, but they look promising.

[Cloud Environments]

Ok, but I can use the same in Google Cloud?, because when I go to Google console, I can create a Kubernetes cluster but don't allow to set up other specific options like --resolv-conf flag, and it creates all the components (kube-dns, kube-proxy, heapster) automatically.

You received this message because you are subscribed to a topic in the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kubernetes-users/bXRxKM8WlWM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kubernetes-users+unsubscribe@googlegroups.com.

To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

--

Cloud environment administrator

Qualifacts

[Tim Hockin]

Yeah, adding flags to kubelets is hard. The work to make that all
ConfigMap driven isn't done yet.

Insult to injury, the work to make DNS config be ConfigMaps isn't done
yet, either. I'm not 100% sure if you change the DNSMasq params in
the DNS ReplicationController that those won't get blown away when
upgrades happen.

>>>>> an email to kubernetes-use...@googlegroups.com.
>>>>> To post to this group, send email to kubernet...@googlegroups.com.

>>>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Kubernetes user discussion and Q&A" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send

>>>> an email to kubernetes-use...@googlegroups.com.
>>>> To post to this group, send email to kubernet...@googlegroups.com.

>>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Kubernetes user discussion and Q&A" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> email to kubernetes-use...@googlegroups.com.
>>> To post to this group, send email to kubernet...@googlegroups.com.

>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/kubernetes-users/bXRxKM8WlWM/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to

>> kubernetes-use...@googlegroups.com.
>> To post to this group, send email to kubernet...@googlegroups.com.

>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Cloud environment administrator
> Qualifacts
>

> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to kubernetes-use...@googlegroups.com.
> To post to this group, send email to kubernet...@googlegroups.com.