Improve CoreDNS configuration

This introduces improvements to the CoreDNS configuration as suggested in coredns/coredns#2593 (comment) The change is to use multiple server directives to avoid expensive lookup from Kubernetes plugin in terms of reverse DNS lookup or expensive regex matching for `ingress.cluster.local` names. * Use the `ready` plugin for readinessProbe https://github.com/coredns/coredns/tree/master/plugin/ready Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
zalando-incubator · Nov 27, 2019 · 46088e8 · 46088e8
1 parent 859dd1f
commit 46088e8
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 12 deletions.
diff --git a/cluster/manifests/coredns-local/configmap-local.yaml b/cluster/manifests/coredns-local/configmap-local.yaml
@@ -7,27 +7,41 @@ metadata:
     application: coredns
 data:
   Corefile: |
-    .:9254 {
-        errors
-        health :9154
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
-            pods insecure
-            upstream
-            fallthrough in-addr.arpa ip6.arpa
-        }
 {{ if eq .ConfigItems.enable_skipper_eastwest "true"}}
-        template IN A ingress.cluster.local  {
+    ingress.cluster.local:9254 {
+        template IN A {
             match "^.*[.]ingress[.]cluster[.]local"
             answer "{{"{{"}} .Name {{"}}"}} 60 IN A 10.3.99.99"
             fallthrough
         }
+        prometheus :9153
+        ready :9155
+    }
 {{ end }}
+
+    # 10.2.0.0/16, 10.3.0.0/16 defines that this server is authority for revese
+    # lookups for these ranges.
+    cluster.local:9254 10.2.0.0/16:9254 10.3.0.0/16:9254 {
+        errors
+        kubernetes {
+            pods insecure
+            upstream
+        }
+        cache 30
 {{ if eq .ConfigItems.coredns_log_svc_names "true"}}
         log svc.svc.cluster.local.
 {{ end }}
+        prometheus :9153
+        ready :9155
+    }
+
+    .:9254 {
+        errors
+        health :9154 # this is global for all servers
+        ready :9155
         prometheus :9153
         forward . /etc/resolv.conf
-        pprof 127.0.0.1:9155
+        pprof 127.0.0.1:9156
         cache 30
         reload
     }
diff --git a/cluster/manifests/coredns-local/daemonset-coredns.yaml b/cluster/manifests/coredns-local/daemonset-coredns.yaml
@@ -115,8 +115,8 @@ spec:
           failureThreshold: 5
         readinessProbe:
           httpGet:
-            path: /health
-            port: 9154
+            path: /ready
+            port: 9155
             scheme: HTTP
           initialDelaySeconds: 10
           timeoutSeconds: 3