Kubernetes service discovery with CoreDNS¶
Kubernetes service discovery is the process by which applications (services) within a cluster locate and communicate with one another.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md] In Kubernetes, this mechanism is essential because Pods are ephemeral; their IP addresses change dynamically when they are restarted or rescheduled.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
To solve the problem of locating dynamic resources, Kubernetes introduces an abstraction layer:
- Service: A logical abstraction that defines a stable endpoint and uses labels to select a group of Pods.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
- Cluster Network: A virtual network that assigns a fixed "Cluster IP" to the Service, ensuring a stable access point even if backend Pods change.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
The CoreDNS addon is responsible for managing the mapping between these Service names and their Cluster IPs, acting as the DNS server for the cluster.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
Why Service Discovery is Needed¶
In a distributed environment, services exhibit high dynamism, frequent updates, and require support for automatic scaling.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md] Because a Pod's IP is not permanent, clients cannot rely on hard-coded IP addresses. Instead, they query a stable name (e.g., nginx-dp), which the DNS system resolves to the Service's fixed Cluster IP.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
CoreDNS Architecture¶
CoreDNS is typically deployed within the kube-system namespace and functions through several key components:
- Deployment: A
Deploymentresource manages the CoreDNS Pods (often withreplicas: 1or more for availability).^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md] - Service: A
Serviceresource exposes CoreDNS with a fixed Cluster IP (commonly192.168.0.2in standard setups).^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md] - ConfigMap: The
Corefileconfiguration is stored in a ConfigMap, defining DNS behavior such as zones, caching, and plugin settings.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md] - RBAC: ServiceAccounts, ClusterRoles, and ClusterRoleBindings grant CoreDNS the necessary permissions to read Services, Endpoints, and Pods metadata from the Kubernetes API.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
DNS Resolution Flow¶
When a Pod attempts to connect to a service, the standard DNS query format follows the pattern: <service-name>.<namespace>.svc.cluster.local.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
For example, to resolve the nginx-dp service in the kube-public namespace, the system queries the DNS server at 192.168.0.2 (the CoreDNS Service IP).^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md] The DNS record returns the Cluster IP, which then load balances traffic to the backend Pods via kube-proxy.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
Configuration Example¶
CoreDNS behavior is defined in the Corefile, located within the ConfigMap. A typical configuration includes the following plugins:^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
- kubernetes: Handles service discovery for the
cluster.localzone (e.g.,192.168.0.0/16). - forward: Forward external DNS queries to a designated resolver (e.g.,
10.4.7.11). - cache: Enables caching of DNS responses (e.g., for 30 seconds) to improve performance.
- loadbalance: Provides round-robin DNS load balancing.
This setup allows services within the cluster to be discovered automatically using standard DNS protocols.^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]
Sources¶
^[400-devops__06-Kubernetes__k8s-paas__03.k8s集群.md]