Merge pull request #505 from bogdando/rework_dnsstack

Fix docs and dns servers placement order
This commit is contained in:
Smaine Kahlouch 2016-09-23 16:25:20 +02:00 committed by GitHub
commit c7aa6441b2
4 changed files with 41 additions and 15 deletions

View file

@ -4,18 +4,44 @@ K8s DNS stack by Kargo
Here is an approximate picture of how DNS things working and Here is an approximate picture of how DNS things working and
being configured by Kargo ansible playbooks: being configured by Kargo ansible playbooks:
![Image](figures/dns.png?raw=true) ![Image](figures/dns.jpeg?raw=true)
Note that an additional dnsmasq daemon set is installed by Kargo Note that an additional dnsmasq daemon set is installed by Kargo
by default. Kubelet will configure DNS base of all pods to use that by default. Kubelet will configure DNS base of all pods to use the
dnsmasq cluster IP. You can disable it with the ``skip_dnsmasq`` given dnsmasq cluster IP, which is defined via the ``dns_server`` var.
var. This may be the case, if you're fine with Linux limit of max 3 The dnsmasq forwards requests for a given cluster ``dns_domain`` to
nameservers in the ``/etc/resolv.conf``. When skipped and bypassed Kubedns's SkyDns service. The SkyDns server is configured to be an
directly to Kubedns's dnsmasq cluster IP, it greatly simplifies things authoritative DNS server for the given cluser domain (and its subdomains
by the price of limited nameservers though. up to ``ndots:5`` depth). Note: you should scale its replication controller
up, if SkyDns chokes. These two layered DNS forwarders provide HA for the
DNS cluster IP endpoint, which is a critical moving part for Kubernetes apps.
Nameservers are configured in the hosts' ``/etc/resolv.conf`` files Nameservers are as well configured in the hosts' ``/etc/resolv.conf`` files,
from the ``nameservers`` (see also ``searchdomains``) vars. While the as the given DNS cluster IP merged with ``nameservers`` values. While the
``upstream_dns_servers`` will define additional DNS servers for the DNS cluster IP merged with the ``upstream_dns_servers`` defines additional
dnsmasq daemon set running on all hosts (unless bypassed with nameservers for the aforementioned nsmasq daemon set running on all hosts.
``skip_dnsmasq``). This mitigates existing Linux limitation of max 3 nameservers in the
``/etc/resolv.conf`` and also brings an additional caching layer for the
clustered DNS services.
You can skip the dnsmasq daemon set install steps by setting the
``skip_dnsmasq: true``. This may be the case, if you're fine with
the nameservers limitation. Sadly, there is no way to work around the
search domain limitations of a 256 chars and 6 domains. Thus, you can
use the ``searchdomains`` var to define no more than a three custom domains.
Remaining three slots are reserved for K8s cluster default subdomains.
When dnsmasq skipped, Kargo redefines the DNS cluster IP to point directly
to SkyDns cluster IP ``skydns_server`` and configures Kubelet's
``--dns_cluster`` to use that IP as well. While this greatly simplifies
things, it comes by the price of limited nameservers though. As you know now,
the DNS cluster IP takes a slot in the ``/etc/resolv.conf``, thus you can
specify no more than a two nameservers for infra and/or external use.
Those may be specified either in ``nameservers`` or ``upstream_dns_servers``
and will be merged together with the ``skydns_server`` IP into the hots'
``/etc/resolv.conf``.
Kargo has yet ways to configure Kubedns addon to forward requests SkyDns can
not answer with authority to arbitrary recursive resolvers. This task is left
for future. See [official SkyDns docs](https://github.com/skynetservices/skydns)
for details.

BIN
docs/figures/dns.jpeg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 592 KiB

Binary file not shown.

View file

@ -22,7 +22,7 @@
- name: generate nameservers to resolvconf - name: generate nameservers to resolvconf
set_fact: set_fact:
nameserverentries: nameserverentries:
"{{ nameservers|default([]) + dnsmasq_server|default([]) }}" "{{ dnsmasq_server|default([]) + nameservers|default([]) }}"
- name: Remove search and nameserver options from resolvconf head - name: Remove search and nameserver options from resolvconf head
lineinfile: lineinfile:
@ -37,7 +37,7 @@
when: resolvconf.rc == 0 when: resolvconf.rc == 0
notify: Dnsmasq | update resolvconf notify: Dnsmasq | update resolvconf
- name: Add search resolv.conf - name: Add search domains to resolv.conf
lineinfile: lineinfile:
line: "search {{searchentries}}" line: "search {{searchentries}}"
dest: "{{resolvconffile}}" dest: "{{resolvconffile}}"
@ -47,7 +47,7 @@
follow: yes follow: yes
notify: Dnsmasq | update resolvconf notify: Dnsmasq | update resolvconf
- name: Add local dnsmasq to resolv.conf - name: Add nameservers to resolv.conf
blockinfile: blockinfile:
dest: "{{resolvconffile}}" dest: "{{resolvconffile}}"
block: |- block: |-