Update nodelocaldns.md with config steps. #18716
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,6 +2,7 @@ | |
| reviewers: | ||
| - bowei | ||
| - zihongz | ||
| - sftim | ||
| title: Using NodeLocal DNSCache in Kubernetes clusters | ||
| content_template: templates/task | ||
| --- | ||
|
|
@@ -47,18 +48,44 @@ This is the path followed by DNS Queries after NodeLocal DNSCache is enabled: | |
| {{< figure src="/images/docs/nodelocaldns.jpg" alt="NodeLocal DNSCache flow" title="Nodelocal DNSCache flow" caption="This image shows how NodeLocal DNSCache handles DNS queries." >}} | ||
|
|
||
| ## Configuration | ||
| {{< note >}} The local listen IP address for NodeLocal DNSCache can be any IP in the 169.254.20.0/16 space or any other IP address that can be guaranteed to not collide with any existing IP. This document uses 169.254.20.10 as an example. | ||
| {{< /note >}} | ||
|
|
||
| This feature can be enabled using the following steps: | ||
|
|
||
| * Prepare a manifest similar to the sample [`nodelocaldns.yaml`](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml) and save it as `nodelocaldns.yaml.` | ||
| * Substitute the variables in the manifest with the right values: | ||
|
|
||
| * kubedns=`kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}` | ||
|
|
||
| * domain=`<cluster-domain>` | ||
|
|
||
| * localdns=`<node-local-address>` | ||
|
|
||
| `<cluster-domain>` is "cluster.local" by default. `<node-local-address>` is the local listen IP address chosen for NodeLocal DNSCache. | ||
|
There was a problem hiding this comment. @prameshj , looking good. Double check that the list items and sub items line up. There was a problem hiding this comment. Thanks Karen! This looks correct when i check the preview in https://github.com/kubernetes/website/blob/67fca6dd44be0eac91b405b11f001436add53809/content/en/docs/tasks/administer-cluster/nodelocaldns.md Does https://deploy-preview-18716--kubernetes-io-master-staging.netlify.com/docs/tasks/administer-cluster/nodelocaldns/ update automatically as well? There was a problem hiding this comment. Thanks Karen! Would you be able to approve this PR? |
||
|
|
||
| * If kube-proxy is running in IPTABLES mode: | ||
|
|
||
| ``` bash | ||
| sed -i "s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/__PILLAR__DNS__SERVER__/$kubedns/g" nodelocaldns.yaml | ||
| ``` | ||
|
|
||
| `__PILLAR__CLUSTER__DNS__` and `__PILLAR__UPSTREAM__SERVERS__` will be populated by the node-local-dns pods. | ||
| In this mode, node-local-dns pods listen on both the kube-dns service IP as well as `<node-local-address>`, so pods can lookup DNS records using either IP address. | ||
|
|
||
| * If kube-proxy is running in IPVS mode: | ||
|
|
||
| ``` bash | ||
| sed -i "s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g" nodelocaldns.yaml | ||
| ``` | ||
| In this mode, node-local-dns pods listen only on `<node-local-address>`. The node-local-dns interface cannot bind the kube-dns cluster IP since the interface used for IPVS loadbalancing already uses this address. | ||
| `__PILLAR__UPSTREAM__SERVERS__` will be populated by the node-local-dns pods. | ||
|
|
||
| * Run `kubectl create -f nodelocaldns.yaml` | ||
| * If using kube-proxy in IPVS mode, `--cluster-dns` flag to kubelet needs to be modified to use `<node-local-address>` that NodeLocal DNSCache is listening on. | ||
| Otherwise, there is no need to modify the value of the `--cluster-dns` flag, since NodeLocal DNSCache listens on both the kube-dns service IP as well as `<node-local-address>`. | ||
|
|
||
| Once enabled, node-local-dns Pods will run in the kube-system namespace on each of the cluster nodes. This Pod runs [CoreDNS](https://github.com/coredns/coredns) in cache mode, so all CoreDNS metrics exposed by the different plugins will be available on a per-node basis. | ||
|
|
||
| You can disable this feature by removing the DaemonSet, using `kubectl delete -f <manifest>` . You should also revert any changes you made to the kubelet configuration. | ||
| {{% /capture %}} | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@prameshj, The
sedcommands are okay. I was wondering why the manifest required further configuration.It would be nice to indent the variables, lines 59 - 65 under the second list item.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have indented lines 59-65, could you take a look again?
The manifest needs further config because some variables are different depending on the environment this is deployed in. There are some developer scripts that substitute the variables in some environments, this doc provides the background to indetify what to substitute.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again, for the review @kbhawkey