Use unmanaged CoreDNS in an ACS cluster - Container Compute Service

In specific scenarios, you must manually manage and maintain CoreDNS due to the highly customized requirements of the business. Alibaba Cloud Container Compute Service (ACS) clusters support unmanaged CoreDNS. This allows you to configure custom CoreDNS configurations. This topic describes how to use the unmanaged CoreDNS plug-in in an ACS cluster.

Prerequisites

An ACS cluster is created. For more information, see Create an ACS cluster. If the CoreDNS plug-in is installed in the ACS cluster, uninstall the managed CoreDNS plug-in by following the installation procedure described in this topic.
When you create an ACS cluster, you must set the Service Discovery parameter to Disable in the Component Configurations section.

Important

The unmanaged CoreDNS plug-in is an open-source standard plug-in. You are responsible for the resource costs and the O&M of the plug-in. You can resolve issues that may arise when your use the CoreDNS plug-in.
By default, the plug-in template provided by ACS uses the anti-affinity mechanism to distribute pods across zones. If you configured a single zone for ACS, only one replica of CoreDNS can run as expected. We recommend that you configure multiple zones to ensure disaster recovery and availability.

Installation procedure

Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Operations > Add-ons.
Optional. Click the Network tab, find CoreDNS (Managed) and click Uninstall. If you cannot find CoreDNS (Managed), skip this step.
Warning
If you uninstall CoreDNS (Managed), the Domain Name System (DNS) resolution feature of the cluster is unavailable. Make sure that business traffic does not exist in the cluster before you uninstall CoreDNS (Managed).
Click the Network tab, find CoreDNS and click Install.
Configure the parameters based on your business requirements. After you confirm the settings, click OK.
Important
If you do not configure the CpuRequest parameter when you install CoreDNS, the available CPU resources of the ACS pods are only 250 millicores. We recommend that you configure the value of the CpuRequest parameter to prevent exceptions caused by excessive performance pressure on pods.

Use kubectl to connect to the cluster and run the following command to query the pod:

kubectl get po -n kube-system|grep coredns

Expected output:

NAMESPACE     NAME                       READY   STATUS    RESTARTS   AGE
kube-system   coredns-85dc775876-sh558   1/1     Running   0          3m35s
kube-system   coredns-85dc775876-xzcpp   1/1     Running   0          3m35s

The CoreDNS pod is started. This indicates that the unmanaged CoreDNS plug-in is installed.

Run the following command in a pod in the ACS cluster to check whether the DNS resolution feature in the cluster works as expected:
```
nslookup kubernetes
```
Expected output:
```
Server:         10.0.0.10
Address:        10.0.0.10#53

Name:   kubernetes.default.svc.cluster.local
Address: 10.0.0.1
```
The output indicates that the domain name resolution is successful and CoreDNS runs as expected.

Custom CoreDNS configurations

You can configure custom CoreDNS configurations by modifying the Corefile configurations, which is stored in the ACS cluster as a ConfigMap. You can directly modify the Corefile configurations to modify the CoreDNS configurations. Example:

Run the following command to modify the Corefile configurations of CoreDNS:
```
kubectl -n kube-system edit cm coredns
```

Modify the Corefile configurations of CoreDNS based on the following content:

Corefile: |
  .:53 {
      errors
      health {
         lameduck 15s
      }
      ready
      kubeapi
      k8s_event {
        level info error warning
      }

      kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods verified
        ttl 30
        fallthrough in-addr.arpa ip6.arpa
      }
      prometheus :9153
      # forward . /etc/resolv.conf {
      # Change the default value of the forward DNS server to 192.168.1.10 in the resolv.conf file.
      forward . 192.168.1.10 {
        prefer_udp
      }
      cache 30
      log
      loop
      reload
      loadbalance
  }

After the modification, CoreDNS automatically forwards non-cluster domain names to the DNS server whose IP address is 192.168.1.10. You can change the IP address of the DNS server based on your business requirements.

References

You can modify the configurations of the unmanaged CoreDNS plug-in based on your business requirements. For more information, see Configure unmanaged CoreDNS.
For more information about how to configure DNS policies and DNS resolution for pods in an ACS cluster, see DNS resolution policies and caching policies.
For more information about how to troubleshoot issues related to CoreDNS, see DNS troubleshooting.