Running coredns on kubernetes doesnt take the apiservers from kubeconfig about deployment HOT 8 CLOSED

@krmayankk : I guess @chrisohaver will not be able to answer today. I have no example of that configuration.

But the readme of this plugin is here : https://github.com/coredns/coredns/blob/master/plugin/kubernetes/README.md

I can propose the following operations (but I did not tested directly .. they may need a little tuning):

1- you should insert too lines in the kubernetes option of your Corefile.

Corefile is updated by the Configmap named "kube-dns"

kubectl edit configmap/kube-dns namespace=kube-system

You need to add 2 lines under the kubernetes stanza

           endpoint https://<k8s-endpoint:8443> 
           tls <cert-file> <key-file> <cacert-file>

You would need to ensure your configuration looks like:

Corefile |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           endpoint https://<k8s-endpoint:8443> 
           tls <cert-file> <key-file> <cacert-file>
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        proxy . <maybe-some-upstream-servers-here>
        cache 30
        reload
  }

2- Then you wait few minutes that the Configmap update Corefile on CoreDNS pod, and that CoreDNS reload itself.
(you may also just delete the pod such it is restarted by k8s).

NOTE: you need that the certificates files are located on the CoreDNS pod.

Hope that help.

from deployment.

I guess it is covered by this issue : coredns/coredns#1965

from deployment.

I guess it is covered by this issue : coredns/coredns#1965

Not really. It's related, but not in a "blocker" sense. coredns/coredns#1965 is a feature request for convenience.

@krmayankk, You may be able to connect using the endpoint and tls options in the kubernetes plugin. Those options are normally used for out-of-cluster connections, but should also work from in cluster (though I have not tested it).

from deployment.

@chrisohaver could you provide an example ? i dont think this option of kubeconfig is super hard to add since the client-go you use already supports it. I can easily add it , just dont know how to plumb it through your corefile or command line options. I am currently blocked since kube-dns doesnt provide the ip and reverse ip lookups for pods of deployments and coredns i cannot use because my cluster doesnt support service accounts, but my kubeconfig file has all the cert information. thanks for your help

from deployment.

@krmayankk : I guess @chrisohaver will not be able to answer today. I have no example of that configuration.

But the readme of this plugin is here : https://github.com/coredns/coredns/blob/master/plugin/kubernetes/README.md

I can propose the following operations (but I did not tested directly .. they may need a little tuning):

1- you should insert too lines in the kubernetes option of your Corefile.

Corefile is updated by the Configmap named "kube-dns"

kubectl edit configmap/kube-dns namespace=kube-system

You need to add 2 lines under the kubernetes stanza

           endpoint https://<k8s-endpoint:8443> 
           tls <cert-file> <key-file> <cacert-file>

You would need to ensure your configuration looks like:

Corefile |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           endpoint https://<k8s-endpoint:8443> 
           tls <cert-file> <key-file> <cacert-file>
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        proxy . <maybe-some-upstream-servers-here>
        cache 30
        reload
  }

2- Then you wait few minutes that the Configmap update Corefile on CoreDNS pod, and that CoreDNS reload itself.
(you may also just delete the pod such it is restarted by k8s).

NOTE: you need that the certificates files are located on the CoreDNS pod.

Hope that help.

what about run coredns with kubeconfig？ I use coreconf with endpoint and kubeconfig specified，but it errored with：

plugin/kubernetes: ./coreconf:6 - Error during parsing: Wrong argument count or unexpected line ending after '/root/huangyang/coredns/client.conf'

from deployment.

Please share your Corefile.

from deployment.

plugin/kubernetes: ./coreconf:6 - Error during parsing: Wrong argument count or unexpected line ending after

set like this:
kubeconfig /etc/coredns/kubeconfig coredns-context

from deployment.

probably the version of CoreDNS you are using. that option was added in 1.2.2

from deployment.