Comments (8)
@krmayankk : I guess @chrisohaver will not be able to answer today. I have no example of that configuration.
But the readme of this plugin is here : https://github.com/coredns/coredns/blob/master/plugin/kubernetes/README.md
I can propose the following operations (but I did not tested directly .. they may need a little tuning):
1- you should insert too lines in the kubernetes option of your Corefile.
Corefile is updated by the Configmap named "kube-dns"
kubectl edit configmap/kube-dns namespace=kube-system
You need to add 2 lines under the kubernetes
stanza
endpoint https://<k8s-endpoint:8443>
tls <cert-file> <key-file> <cacert-file>
You would need to ensure your configuration looks like:
Corefile |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
endpoint https://<k8s-endpoint:8443>
tls <cert-file> <key-file> <cacert-file>
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . <maybe-some-upstream-servers-here>
cache 30
reload
}
2- Then you wait few minutes that the Configmap update Corefile on CoreDNS pod, and that CoreDNS reload itself.
(you may also just delete the pod such it is restarted by k8s).
NOTE: you need that the certificates files are located on the CoreDNS pod.
Hope that help.
from deployment.
I guess it is covered by this issue : coredns/coredns#1965
from deployment.
I guess it is covered by this issue : coredns/coredns#1965
Not really. It's related, but not in a "blocker" sense. coredns/coredns#1965 is a feature request for convenience.
@krmayankk, You may be able to connect using the endpoint
and tls
options in the kubernetes plugin. Those options are normally used for out-of-cluster connections, but should also work from in cluster (though I have not tested it).
from deployment.
@chrisohaver could you provide an example ? i dont think this option of kubeconfig is super hard to add since the client-go you use already supports it. I can easily add it , just dont know how to plumb it through your corefile or command line options. I am currently blocked since kube-dns doesnt provide the ip and reverse ip lookups for pods of deployments and coredns i cannot use because my cluster doesnt support service accounts, but my kubeconfig file has all the cert information. thanks for your help
from deployment.
@krmayankk : I guess @chrisohaver will not be able to answer today. I have no example of that configuration.
But the readme of this plugin is here : https://github.com/coredns/coredns/blob/master/plugin/kubernetes/README.md
I can propose the following operations (but I did not tested directly .. they may need a little tuning):
1- you should insert too lines in the kubernetes option of your Corefile.
Corefile is updated by the Configmap named "kube-dns"
kubectl edit configmap/kube-dns namespace=kube-system
You need to add 2 lines under the
kubernetes
stanzaendpoint https://<k8s-endpoint:8443> tls <cert-file> <key-file> <cacert-file>
You would need to ensure your configuration looks like:
Corefile | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { endpoint https://<k8s-endpoint:8443> tls <cert-file> <key-file> <cacert-file> pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 proxy . <maybe-some-upstream-servers-here> cache 30 reload }
2- Then you wait few minutes that the Configmap update Corefile on CoreDNS pod, and that CoreDNS reload itself.
(you may also just delete the pod such it is restarted by k8s).NOTE: you need that the certificates files are located on the CoreDNS pod.
Hope that help.
what about run coredns with kubeconfig? I use coreconf with endpoint and kubeconfig specified,but it errored with:
plugin/kubernetes: ./coreconf:6 - Error during parsing: Wrong argument count or unexpected line ending after '/root/huangyang/coredns/client.conf'
from deployment.
Please share your Corefile.
from deployment.
plugin/kubernetes: ./coreconf:6 - Error during parsing: Wrong argument count or unexpected line ending after
set like this:
kubeconfig /etc/coredns/kubeconfig coredns-context
from deployment.
probably the version of CoreDNS you are using. that option was added in 1.2.2
from deployment.
Related Issues (20)
- Enable github pages for gh-pages branch HOT 5
- MIssing update in CoreDNS-k8s_version.md HOT 3
- Update CoreDNS-k8s_version.md for recent K8S versions 1.21 and 1.22
- Warnings During Package Build HOT 1
- Debian/Ubuntu Package Service Fails to Start HOT 1
- open /var/lib/kubernetes/ca.pem: no such file or directory HOT 1
- Is there an easy way to build a specific version? HOT 4
- Unmet Build Dependency: dh-systemd (Missing on 22.04 LTS Ubuntu) HOT 2
- coredns is stuck in ContainerCreating status HOT 1
- CoreDNS's default configuration cause information Leaks and DoS in kubernetes HOT 8
- How to install CoreDNS in a fresh cluster, running no kube-dns? HOT 1
- 不小心删除了coredns 的deployment,怎么恢复 HOT 2
- Deprecate Kubernetes deployment scripts
- $ symbol escape
- Update to v1.10.1 please HOT 4
- Issue on debian, invalid characters in version number
- Coredns in Debian repository
- oilers stuck ContainerCreating
- CoreDNS DNS Server Failed
- Update the compatibility matrix for coreDNS deployment HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deployment.