Essential DNS Tools for Kubernetes CoreDNS and ExternalDNS

Introduction

CoreDNS and ExternalDNS are two essential components commonly used in Kubernetes clusters for DNS management. They serve different purposes but can work together to provide a seamless DNS experience in a Kubernetes environment. Here's an overview of each and how they can be used together:

See also: Automating SSL/TLS Certificate Rotation in AKS

CoreDNS

CoreDNS is the default DNS server for Kubernetes. It is responsible for service discovery within the cluster. CoreDNS translates Kubernetes Service names into IP addresses, allowing pods to communicate with each other using service names.

Key Functions of CoreDNS:

• Service Discovery: Resolves internal Kubernetes service names to their corresponding ClusterIP. • Pod DNS: Resolves pod names to their IP addresses within the cluster. • Custom DNS Configuration: Can be configured to forward DNS queries to external DNS servers or provide custom DNS zones.

CoreDNS Configuration Example:

The CoreDNS configuration is typically found in the ConfigMap associated with the kube-system namespace. Here's an example of a CoreDNS Corefile:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health {
          lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
          ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }

ExternalDNS

ExternalDNS is a Kubernetes add-on that synchronizes Kubernetes service and ingress resources with external DNS providers. While CoreDNS handles internal DNS resolution, ExternalDNS manages DNS entries with external DNS providers like AWS Route 53, Google Cloud DNS, or Azure DNS.

Key Functions of ExternalDNS:

• Automatic DNS Record Management: Creates, updates, or deletes DNS records in external DNS providers based on the state of Kubernetes resources like services or ingresses. • Supports Multiple DNS Providers: Works with various cloud DNS providers and even traditional DNS servers. • Works with Ingress Controllers: Automatically manages DNS records for ingress resources, which is particularly useful for dynamically exposed services.

See also: AI DevOps Ansible Community on Skool

CoreDNS and ExternalDNS

In a typical Kubernetes setup, CoreDNS handles internal DNS resolution, while ExternalDNS manages external DNS entries. Here’s how you might set up both in an AKS (Azure Kubernetes Service) cluster:

1. Deploy CoreDNS (Usually Installed by Default in AKS)

In AKS, CoreDNS is installed by default as the cluster’s DNS server. You generally don't need to deploy it separately unless you're using a custom Kubernetes setup.

2. Deploy ExternalDNS in Your Cluster

To set up ExternalDNS in an AKS cluster, follow these steps:

Step 1: Install ExternalDNS Using Helm

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install externaldns bitnami/external-dns \
  --set provider=azure \
  --set azure.resourceGroup=<Resource-Group-Name> \
  --set azure.subscriptionId=<Azure-Subscription-ID> \
  --set azure.tenantId=<Azure-Tenant-ID> \
  --set azure.aadClientId=<Azure-Client-ID> \
  --set azure.aadClientSecret=<Azure-Client-Secret> \
  --set domainFilters={example.com} \
  --set txtOwnerId=<Owner-ID>

Replace the placeholders with your specific Azure and DNS configuration details.

Step 2: Grant Permissions to ExternalDNS

ExternalDNS needs permissions to create, update, and delete DNS records in Azure DNS. Ensure you have a service principal with the necessary permissions.

You can assign the DNS Zone Contributor role to your service principal for the Azure DNS zone:

az role assignment create \
  --assignee <Azure-Client-ID> \
  --role "DNS Zone Contributor" \
  --scope /subscriptions/<Azure-Subscription-ID>/resourceGroups/<Resource-Group-Name>/providers/Microsoft.Network/dnszones/<DNS-Zone-Name>

Step 3: Configure Kubernetes Resources to Use ExternalDNS

Create Kubernetes services or ingresses that ExternalDNS will manage. For example, an ingress might look like this:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    external-dns.alpha.kubernetes.io/hostname: "example.com"
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: example-service
            port:
              number: 80

ExternalDNS will pick up the annotation and automatically create or update the DNS record in Azure DNS for example.com.

3. Verify the Setup

After deploying both CoreDNS and ExternalDNS: • CoreDNS should be handling internal service name resolution within your cluster. • ExternalDNS should be managing external DNS records in your DNS provider.

You can verify the DNS records in your external DNS provider and ensure that they point to the correct external IP addresses of your services or ingress controllers.

Conclusion

CoreDNS and ExternalDNS serve complementary roles in a Kubernetes environment: • CoreDNS handles internal DNS resolution for services and pods. • ExternalDNS automates the management of external DNS records based on your Kubernetes resources.

Together, they provide a robust DNS solution that spans both internal Kubernetes networking and external, publicly accessible DNS.

See also: AAP 2.6 Cloud Automation: AWS, Azure, and GCP with Ansible

Related Articles

• Ansible roles guide • automating AWS with Ansible • loop_control in Ansible