To use a self-managed DNS service to resolve the domain names of image repositories and other applications, you can specify the custom DNS server in the DNS configuration of the ACS pods. This topic describes how to configure a custom DNS server for a pod in an ACS cluster.
Scenarios
In the following scenarios, you can add annotations to configure a custom DNS server:
Scenario 1: You want to use the
DefaultDNS policy use acs-profile to customize the DNS service for the entire ACS cluster.Scenario 2: You want to use the
ClusterFirstDNS policy and use a self-managed DNS server to resolve the domain name of the image repository.Scenario 3: You want to use the
DefaultDNS policy and use acs-profile to customize the DNS service for the entire ACS cluster. In addition, you want to use a self-managed DNS server to resolve the domain name of the image repository.
This method is not applicable to the following scenarios:
You want to use a DNS server provided by Alibaba Cloud DNS to resolve the domain names of applications and the image repository. In this case, we recommend that you use the
DefaultDNS policy. Do not use custom DNS servers.You want to use a self-managed DNS service to resolve the domain names of applications and use a DNS server provided by Alibaba Cloud DNS to resolve the domain name of the image repository. In this case, we recommend that you use the
NoneDNS policy and set thednsConfigfield in the pod spec to specify the self-managed DNS server. For more information, see Scenario 2: Customize DNS settings for a pod.
Configuration introduction
The following example demonstrates how to specify a custom DNS server by adding annotations. In most cases, acs-profile is used instead of pod annotations to customize the DNS service for the entire cluster.
You can add the network.alibabacloud.com/custom-dnsconfig annotation to the metadata in the configuration file of a pod to use a custom DNS server. The value of this annotation is in the {"servers":["20.1.xx.xx","30.1.xx.xx"],"searches":["xx.com","yy.com"],"options":["ndots:2","edns0"]} format, which is a standard Kubernetes spec.dnsConfig structure.
The following section shows the configuration.
{
"servers": [
"20.1.xx.xx",
"30.1.xx.xx"
],
"searches": [
"xx.com",
"yy.com"
],
"options": [
"ndots:2",
"edns0"
]
}The following table describes the fields.
key | value | Field | Type | Example | Description |
network.alibabacloud.com/custom-dnsconfig |
| servers | []String |
| The IP addresses of DNS servers. You can specify at most two IP addresses. IP addresses that exceed the upper limit are automatically ignored. In addition, the system automatically appends the IP address of the Alibaba Cloud DNS server to the field value to ensure that the system can work as expected. |
searches | []String |
| The search domains. You can specify at most 32 search domains. If you enter an incomplete domain name, the system attempts to use the domain name suffix in the value of the searches field to complement the domain name and then resolves the domain name. | ||
options | []String |
| The DNS resolution options. The options can be multiple key-value pairs. Commonly used options are:
|
You can configure the dnsPolicy field for a pod based on your business requirements. For example, if you want to meet the requirements in Scenario 2, you must set dnsPolicy to ClusterFirst.
If the pod becomes pending and an internal error is thrown after you modify the configuration, check the configuration.
Procedure
The following example uses a stateless application:
Create a file named deploy.yaml and add the following content to the file:
apiVersion: apps/v1 kind: Deployment metadata: labels: app: test name: test-default spec: replicas: 1 selector: matchLabels: app: test template: metadata: annotations: network.alibabacloud.com/custom-dnsconfig: '{"servers":["20.1.XXX.XXX","30.1.X.X"],"searches":["xx.com","yy.com"],"options":["ndots:2","edns0"]}' labels: app: test spec: containers: - image: registry.cn-hangzhou.aliyuncs.com/acs/busybox:v1.29.2 command: ["sh","-c","i=1; while true; do echo $i; i=$((i=i+1)); sleep 1; done;"] name: busybox resources: requests: cpu: "2" memory: "8Gi" limits: cpu: "2" memory: "8Gi" dnsPolicy: DefaultDeploy the application.
kubectl apply -f deploy.yamlCheck the result.
kubectl exec <pod name> cat /etc/resolv.confExpected results:
search xx.com yy.com nameserver 20.1.XXX.XXX nameserver 30.1.XXX.XXX nameserver 100.100.2.136 options ndots:6 edns
Cluster configuration
You can configure pod auto injection in the acs-profile to customize DNS resolution for the entire cluster. The following code block shows the content of the acs-profile that automatically injects custom DNS configurations into all pods in the default namespace. After you apply the acs-profile, you no longer need to add pod annotations. You need only to set dnsPolicy to Default. For more information about the acs-profile, see Configure an acs-profile to automatically inject pod configurations.
apiVersion: v1
kind: ConfigMap
metadata:
name: acs-profile
namespace: kube-system
data:
selectors: |
[
{
"name": "selector-demo1",
"namespaceSelector": {
"matchLabels": {
"kubernetes.io/metadata.name": "default"
}
},
"effect": {
"annotations": {
"network.alibabacloud.com/custom-dnsconfig": "{\"servers\":[\"20.1.XXX.XXX\",\"30.1.X.X\"],\"searches\":[\"xx.com\",\"yy.com\"],\"options\":[\"ndots:2\",\"edns0\"]}"
}
}
}
]