Cluster principle of DNS
Cluster DNS strategy
- ClusterFirst
In this way, the DNS in Pod prefered to use the DNS service in K8S cluster, that is, kubedns or CoreDNS for domain name resolution. If the resolution fails, the host’s DNS configuration is used for the resolution.
- Default
This way, kubelet decides which DNS policy to use for DNS inside the Pod. Kubelet’s default mode is to use the host’s /etc/resolv.conf file for resolution. Kubelet –resolv-conf=/etc/resolv.conf — kubelet –resolv-conf=/etc/resolv.conf In general, you need to set dnsPolicy to Default instead of ClusterFirst. Otherwise, the upstream resolution address of the DNS Service will become the ClusterIP of its own Service (I resolve myself) and the domain name cannot be resolved.
- None
This approach, as the name implies, does not use the DNS policies of the cluster and host. It is used in conjunction with dnsConfig to customize the DNS configuration.
- ClusterFirstWithHostNet
When a Pod shares a network with the HOST in HOST mode, hostNetwork: If you want to continue using the k8S DNS server in POD, you can use the k8S DNS server in POD. You need to set dnsPolicy to ClusterFirstWithHostNet.
Schematic diagram of Cluster
Some key differences in resource consumption and performance between CoreDNS and KubeDNS
- CoreDNS uses only one container per instance, whereas KubeDNS uses three.
- KubeDNS uses single-threaded MASQ cache cluster internal domain names, while CoreDNS uses multi-threaded (GO coroutines).
- CoreDNS caches upstream domain names while KubeDNS does not.
CoreDNS works as a plug-in, while KubeDNS requires the cooperation of dnSMasq, KubeDNS, and Sidecar. The addition of each instance container inevitably increases the basic memory requirements, since communication between containers also adds some performance overhead. For KubeDNS, DNsmasq is highly optimized in C, but it is single-threaded, meaning only one core can be used per instance. Another aspect, CoreDNS, allows caching of upstream domain names, which will help with external domain names.
memory
Both CoreDNS and KubeDNS maintain caches of Servcie and Endpoint in memory, so the memory stress on each DNS Pod increases as services and endpoints are added. CoreDNS should use less memory than KubeDNS. Because CoreDNS Pod has only one container and KubeDNS has three.
The CPU has
- KubeDNS is about 10% better at internal domain resolution than CoreDNS, probably because DNsmasq is better optimized for memory caching.
- CoreDNS is about 3 times better than KubeDNS at external domain name resolution because KubeDNS does not have external domain name caching enabled. However, enabling external domain resolution in KubeDNS does not provide significant performance improvement, so the performance improvement should be elsewhere.
Kubernetes version 1.2 was used for the above tests.
reference
- Hansedong. Making. IO / 2018/11/22 /…
- zhuanlan.zhihu.com/p/39782114
- Coredns. IO / 2018/11/27 /…