New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable CoreDNS as a DNS plugin for Kubernetes #427

Closed
johnbelamaric opened this Issue Sep 12, 2017 · 51 comments

Comments

@johnbelamaric

johnbelamaric commented Sep 12, 2017

Feature Description

  • One-line feature description (can be used as a release note): Enable CoreDNS as a DNS plugin for Kubernetes
  • Primary contact (assignee): @johnbelamaric
  • Responsible SIGs: sig-network, sig-cluster-lifecycle
  • Design proposal link (community repo): kubernetes/community#1100
  • Reviewer(s) - (for LGTM) recommend having 2+ reviewers (at least one from code-area OWNERS file) agreed to review. Reviewers from multiple companies preferred: @bowei @thockin
  • Approver (likely from SIG/area to which feature belongs): @thockin
  • Feature target (which target equals to which milestone):
    • Alpha release target (1.9)
    • Beta release target (1.10)
    • Stable release target (1.11)
@johnbelamaric

This comment has been minimized.

johnbelamaric commented Sep 12, 2017

@cmluciano

This comment has been minimized.

Member

cmluciano commented Sep 12, 2017

@klausenbusk

This comment has been minimized.

klausenbusk commented Sep 15, 2017

What is the argument behind this switch?

@johnbelamaric

This comment has been minimized.

johnbelamaric commented Sep 15, 2017

Hi Kristian,

Here's a little background. CoreDNS is another CNCF project and is the successor to SkyDNS, which kube-dns is based on. It is a flexible, extensible authoritative DNS server and we have built a direct integration to the Kubernetes API. It can serve as cluster DNS, complying with the dns spec. We started discussions with @thockin, @matchstick and @bowei last year around KubeCon and they are open to it in principle, but of course it needs to be proven to be the right choice.

As for reasons to switch, CoreDNS has fewer moving parts than kube-dns, since it is a single executable and single process. It is written in Go so it is memory-safe (kube-dns includes dnsmasq which is not). It supports a number of use cases that kube-dns doesn't. As a general-purpose authoritative DNS server it has a lot of functionality that kube-dns couldn't reasonably be expected to add.

You may also want to check out the intro or coredns.io. There is also a webinar I did for CNCF a couple months back.

@smarterclayton

This comment has been minimized.

Contributor

smarterclayton commented Sep 16, 2017

I would expect a proposal for this.

@johnbelamaric

This comment has been minimized.

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

johnbelamaric added a commit to johnbelamaric/community that referenced this issue Sep 19, 2017

@johnbelamaric

This comment has been minimized.

johnbelamaric commented Sep 19, 2017

Ok, here is the proposal. Sorry for all those commits referencing this.

kubernetes/community#1100

@kargakis

This comment has been minimized.

Member

kargakis commented Nov 9, 2017

Not sure this was meant to close

/reopen

@johnbelamaric

This comment has been minimized.

johnbelamaric commented May 1, 2018

This has changed now, we need to split into two features: CoreDNS available as an option, and CoreDNS as default. Can we just rename the issue and create a new one for making it default (targeting 1.12)?

@justaugustus justaugustus changed the title from Switch default DNS plugin to CoreDNS to Enable CoreDNS as a DNS plugin for Kubernetes May 7, 2018

@justaugustus

This comment has been minimized.

Member

justaugustus commented May 7, 2018

@johnbelamaric / @cmluciano -- I've renamed the description of this feature and created a new one (#566) around enabling CoreDNS as the default DNS plugin. PTAL and let me know if there are any details I need to update on that feature issue.

@johnbelamaric

This comment has been minimized.

johnbelamaric commented May 8, 2018

@justaugustus thanks!

@idvoretskyi

This comment has been minimized.

Member

idvoretskyi commented May 8, 2018

@justaugustus what's the difference between the current one and #566?

@johnbelamaric

This comment has been minimized.

johnbelamaric commented May 8, 2018

@idvoretskyi the current one does not enable it by default. It just declares it a GA feature that can be enabled. Enabling it by default (on new installs and on upgrades) will come later.

@idvoretskyi

This comment has been minimized.

Member

idvoretskyi commented May 8, 2018

@johnbelamaric it's clear, thanks.

@luxas

This comment has been minimized.

Member

luxas commented May 8, 2018

I'm not sure two feature issues are needed for that though. If CoreDNS is GA in v1.11 it's up to every deployment tool (kubeadm, kops, GKE, AKS, EKS, etc.) to enable it by default in their own pace. You can't dictate a default for an option for all of the installer options, as some of them are unreachable to the OSS world. I'd go with just this one. If you want to track the enabling of CoreDNS as a feature for a specific deployment like GKE, then you might optionally do that in a separate issue.

Does that make sense to you?

@johnbelamaric

This comment has been minimized.

johnbelamaric commented May 8, 2018

@luxas I see your point. However, don't we need to provide a recommendation at some point as to which of the options to use? What if we want to deprecate kube-dns at some point?

This "replace a component" is new territory, so we're trying to figure out the best process.

@luxas

This comment has been minimized.

Member

luxas commented May 8, 2018

When CoreDNS is GA, I'd expect it to be the default for new clusters as it's the new thing.
That's the implicit recommendation from the feature status for me at least.
If CoreDNS is ready to technically be default in all new clusters in v1.11, I'd graduate it to GA now and deprecate kube-dns. kube-dns would be supported as an option for backwards-compability for a year (approx. four releases; until v1.15) though, as of GA: 1 year or 2 releases (whichever is longer) in https://kubernetes.io/docs/reference/deprecation-policy/

@johnbelamaric

This comment has been minimized.

johnbelamaric commented May 9, 2018

@luxas I expect there will be additional features (if there aren't already) in which you choose between several GA options that provide similar functionality. For example, whether to use iptables or ipvs for kube-proxy. I think we need a model for managing those situations.

@AishSundar

This comment has been minimized.

AishSundar commented May 23, 2018

@johnbelamaric I am the CI Signal lead for 1.11 and also work on Conformance testing program for K8s. I see this feature is going to Stable in 1.11.
I also see you have some e2e test changes for this feature. I am following up to see if and which of those tests should we promote to the conformance suite in 1.11.
As part of the process to increase conformance coverage, outlined by Conformance WG and Sig-Arch, we expect features going into stable/GA to have representation in Conformance suite. Your update on the same will help us evaluate this feature better.

@smarterclayton

This comment has been minimized.

Contributor

smarterclayton commented May 24, 2018

@fturib

This comment has been minimized.

fturib commented May 24, 2018

@AishSundar : CoreDNS is replacing kube-dns. As such we ensured already that CoreDNS is conform to existing DNS Conformance test.
We have a suite test for CoreDNS running here : http://k8s-testgrid.appspot.com/sig-network-gce#gci-gce-coredns (that is larger than Conformance)

As such, CoreDNS has already a representation in Conformance suite (the same as kube-dns, the feature it replaces).

We also ensured that CoreDNS is compliant to all DNS test running in e2e. that is why we have some e2e test changes. But those are not part of the conformance suite.

Adapt existing test to CoreDNS, verifying the configuration by Configmap change : kubernetes/kubernetes#63265

Create a new test for DNS, by adding a specific DNS related test on scalability (asked by sig-networking) : kubernetes/kubernetes#63820

Extends all DNS tests for IPv6 use case : kubernetes/kubernetes#59894

@johnbelamaric

This comment has been minimized.

johnbelamaric commented May 24, 2018

@smarterclayton CoreDNS is conformant in the default configuration.

@smarterclayton

This comment has been minimized.

Contributor

smarterclayton commented May 24, 2018

@AishSundar

This comment has been minimized.

AishSundar commented May 24, 2018

Thanks @fturib for the clarification and PR pointers here

@justaugustus

This comment has been minimized.

Member

justaugustus commented Jun 4, 2018

@johnbelamaric --
We're doing one more sweep of the 1.11 Features tracking spreadsheet.
Would you mind filling in any incomplete / blank fields for this feature's line item?

@johnbelamaric

This comment has been minimized.

johnbelamaric commented Jun 4, 2018

@justaugustus I updated it to "Draft". We have several PRs in various states of merged and under review for the docs. There is already a link in there to the tracking issue.

@justaugustus

This comment has been minimized.

Member

justaugustus commented Jun 4, 2018

@johnbelamaric thanks for the update!
Looks like everything is fine on that tracking issue. My only note would be that that tracking issue would be better suited as an issue in k/k or k/website, not the Kubeadm project.

@justaugustus

This comment has been minimized.

Member

justaugustus commented Jun 27, 2018

Closing this as the feature is GA in 1.11. Please feel free to reopen if there is still a need to track this.
/close

justaugustus pushed a commit to justaugustus/features that referenced this issue Sep 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment