4

which service assigns nameservers under /etc/resolv.conf of pods , generally it should pickup from host /etc/resolv.conf , i'm seeing different nameservers under /etc/resolv.conf of pods, is there is any configuration on kbernetes(kubedns) which i can configure so that pods /etc/resolv.conf have 8.8.8.8

venkatesh pakanati
  • 41
  • 1
  • 1
  • 4

5 Answers5

4

I had the same issue over Jenkins deployed on Kubernetes. If you don't mention a nameserver then /etc/resolv.conf shows the default nameserver (ip of k8s). I solved this by modifying the deploy file with

      dnsPolicy: "None"
      dnsConfig:
        nameservers:
          - 8.8.8.8

and applying it.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      containers:
      - name: jenkins
        image: jenkins/jenkins:lts
        ports:
          - name: http-port
            containerPort: 8080
          - name: jnlp-port
            containerPort: 50000
        volumeMounts:
          - name: jenkins-vol
            mountPath: /var/jenkins_vol
      dnsPolicy: "None"
      dnsConfig:
        nameservers:
          - 8.8.8.8    
      volumes:
        - name: jenkins-vol
          emptyDir: {}
Mithlaj
  • 151
  • 1
  • 5
  • 1
    You saved my day :) , tried 2 full day to resolve this error even chat gpt did't solve my solution , now my all outbound are working thanks – Thom Mar 09 '23 at 07:25
3

kube-dns does modify this file (via Kubelet). kube-dns watches API server and observes changes to Service and Endpoints and keeps DNS records up to date. Within Cluster you should use internal Kubernetes DNS.

DNS is add-on controller, you can use any other implementation.

Take a look here.

If you want to override kube-dns

apiVersion: v1
kind: Pod
metadata:
  namespace: default
  name: dns-example
spec:
  containers:
    - name: test
      image: nginx
  dnsPolicy: "None"
  dnsConfig:
    nameservers:
      - 1.2.3.4
    searches:
      - ns1.svc.cluster-domain.example
      - my.dns.search.suffix
    options:
      - name: ndots
        value: "2"
      - name: edns0

DNS Policy

fg78nc
  • 4,774
  • 3
  • 19
  • 32
  • can you provide any information that backs up this theory? never heard of **kube-dns** modifying `/etc/resolv.conf` file. – suren Nov 05 '19 at 11:58
  • @suren Definitely, that is done indirectly through Kubelet. – fg78nc Nov 05 '19 at 14:14
  • I don't think so. I would say you are confusing `kube-dns` with `kube-proxy`. – suren Nov 05 '19 at 14:57
  • I believe kube-proxy (in current implementation) would only modify iptables. – fg78nc Nov 05 '19 at 15:54
  • So, have you read it anywhere that `kube-dns` modifies (directly or indirectly) `resolv.conf` file? Because "Definitely" sounds pretty confident, and it simply doesn't make any sense. – suren Nov 05 '19 at 16:15
  • For example : https://www.digitalocean.com/community/tutorials/an-introduction-to-the-kubernetes-dns-service _italic_ The kube-dns service listens for service and endpoint events from the Kubernetes API and updates its DNS records as needed. These events are triggered when you create, update or delete Kubernetes services and their associated pods. kubelet sets each new pod’s /etc/resolv.conf nameserver option to the cluster IP of the kube-dns service, with appropriate search options to allow for shorter hostnames to be used: _italic_ – fg78nc Nov 05 '19 at 20:53
  • Which, by no means, says that `kube-dns` modifies anything within the pod. `kube-dns` modifies it's own records, as it is logical, since service names need to be resolved. Anyways, I think your post is not answering the question. It just gives general info about `kube-dns`. – suren Nov 06 '19 at 08:35
  • No component modifies anything on a pod. All them write desired state to etcd via API server. – fg78nc Nov 06 '19 at 23:50
  • what has to do the desired state of a pod with dns? That's metadata. Let's leave this here please. – suren Nov 07 '19 at 08:01
  • https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/#why-does-kubelet-manage-the-hosts-file – fg78nc Nov 16 '19 at 02:05
  • Your first copy-paste was already stating that kubelet is the guy managing the file. May be you could edit your answer, which is straight wrong. – suren Nov 16 '19 at 11:57
  • It is not wrong. From Kubernetes.io : Kubernetes DNS schedules a DNS Pod and Service on the cluster, and configures the kubelets to tell individual containers to use the DNS Service’s IP to resolve DNS names... Kubelet manages the hosts file for each container of the Pod to prevent Docker from modifying the file after the containers have already been started. – fg78nc Nov 17 '19 at 04:27
3

You have two options:

1.- To put it in a configMap, and map it to /etc/resolv.conf, in which case it will be replaced by the content in the configMap.

2.- You can do this:

apiVersion: v1
kind: Pod
metadata:
  namespace: default
  name: my-pod
spec:
  containers:
    - name: nginx
      image: nginx
  dnsPolicy: "None"
  dnsConfig:
    nameservers:
      - 8.8.8.8

This way you are mapping whatever is in dnsConfig under /etc/resolv.conf

# cat /etc/resolv.conf
nameserver 8.8.8.8

There is another way actually, by "hacking" kube-dns, for upstreamNameservers:

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  upstreamNameservers: |
    ["8.8.8.8", "8.8.4.4"]

But in this case you wouldn't be doing anything within the pod (so /etc/resolv.conf would not be modified), but kube-dns would use these nameservers to resolve.

suren
  • 7,817
  • 1
  • 30
  • 51
  • Thanks is it possible to add dns configuration under podTemplate(label: label, containers: [ containerTemplate(name: 'maven', image: 'maven:3.5-jdk-8', command: 'cat', ttyEnabled: true) ], – venkatesh pakanati Nov 05 '19 at 17:52
0

Starting with k8s 1.9, if you want to set a specific dns config for a pod, you can use dns policy None.

It allows a Pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec.

by default, The nameserver IP is the Kubernetes service IP of kube-dns

cat /etc/resolv.conf
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

kubectl get service -n kube-system
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP   2d21h

with this configuration in the deployment section:

  dnsConfig:
    nameservers:
      - 8.8.8.8
  dnsPolicy: "None"

cat /etc/resolv.conf nameserver 8.8.8.8

Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37
iliefa
  • 774
  • 4
  • 9
0

@venkatesh I think you are referring to podTemplate() used inside a jenkins file. If thats the case try this

podTemplate( yaml:"""
apiVersion: v1
kind: Pod
metadata:
  name: pod-example
spec:
  containers:
  - name: ubuntu
    image: ubuntu:trusty
    command: ["echo"]
    args: ["Hello World"]
 dnsPolicy: "None"
 dnsConfig:
   nameservers:
   - 8.8.8.8
""")

a yaml file can be used directly inside a jenkins file as a template. More examples are present in https://github.com/jenkinsci/kubernetes-plugin/blob/master/examples/ .

shubham_asati
  • 623
  • 5
  • 14