@@ -13,7 +13,7 @@ This page provides hints on diagnosing DNS problems.
1313{{% capture prerequisites %}}
1414* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
1515* Kubernetes version 1.6 and above.
16- * The cluster must be configured to use the ` coredns ` (or ` kube-dns ` ) addons .
16+ * The cluster must be configured to use the ` kube-dns ` addon .
1717{{% /capture %}}
1818
1919{{% capture steps %}}
@@ -68,7 +68,7 @@ nameserver 10.0.0.10
6868options ndots:5
6969```
7070
71- Errors such as the following indicate a problem with the coredns/ kube-dns add-on or
71+ Errors such as the following indicate a problem with the kube-dns add-on or
7272associated Services:
7373
7474```
@@ -93,17 +93,6 @@ nslookup: can't resolve 'kubernetes.default'
9393
9494Use the ` kubectl get pods ` command to verify that the DNS pod is running.
9595
96- For CoreDNS:
97- ``` shell
98- kubectl get pods --namespace=kube-system -l k8s-app=kube-dns
99- NAME READY STATUS RESTARTS AGE
100- ...
101- coredns-7b96bf9f76-5hsxb 1/1 Running 0 1h
102- coredns-7b96bf9f76-mvmmt 1/1 Running 0 1h
103- ...
104- ```
105-
106- Or for kube-dns:
10796``` shell
10897kubectl get pods --namespace=kube-system -l k8s-app=kube-dns
10998NAME READY STATUS RESTARTS AGE
@@ -118,26 +107,8 @@ have to deploy it manually.
118107
119108### Check for Errors in the DNS pod
120109
121- Use ` kubectl logs ` command to see logs for the DNS containers .
110+ Use ` kubectl logs ` command to see logs for the DNS daemons .
122111
123- For CoreDNS:
124- ``` shell
125- for p in $( kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) ; do kubectl logs --namespace=kube-system $p ; done
126- ```
127-
128- Here is an example of a healthy CoreDNS log:
129-
130- ```
131- .:53
132- 2018/08/15 14:37:17 [INFO] CoreDNS-1.2.2
133- 2018/08/15 14:37:17 [INFO] linux/amd64, go1.10.3, 2e322f6
134- CoreDNS-1.2.2
135- linux/amd64, go1.10.3, 2e322f6
136- 2018/08/15 14:37:17 [INFO] plugin/reload: Running configuration MD5 = 24e6c59e83ce706f07bcc82c31b1ea1c
137- ```
138-
139-
140- For kube-dns, there are 3 sets of logs:
141112``` shell
142113kubectl logs --namespace=kube-system $( kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1)
143114
@@ -146,8 +117,8 @@ kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system
146117kubectl logs --namespace=kube-system $( kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1)
147118```
148119
149- See if there are any suspicious error messages in the logs. In kube-dns, a '` W ` ', '` E ` ' or '` F ` ' at the beginning
150- of a line represents a Warning, Error or Failure. Please search for entries that have these
120+ See if there is any suspicious log. Letter '` W ` ', '` E ` ', '` F ` ' at the beginning
121+ represent Warning, Error and Failure. Please search for entries that have these
151122as the logging level and use
152123[ kubernetes issues] ( https://github.com/kubernetes/kubernetes/issues )
153124to report unexpected errors.
@@ -164,8 +135,6 @@ kube-dns ClusterIP 10.0.0.10 <none> 53/UDP,53/TCP 1h
164135...
165136```
166137
167-
168- Note that the service name will be "kube-dns" for both CoreDNS and kube-dns deployments.
169138If you have created the service or in the case it should be created by default
170139but it does not appear, see
171140[ debugging services] ( /docs/tasks/debug-application-cluster/debug-service/ ) for
@@ -189,83 +158,20 @@ For additional Kubernetes DNS examples, see the
189158[ cluster-dns examples] ( https://github.com/kubernetes/examples/tree/master/staging/cluster-dns )
190159in the Kubernetes GitHub repository.
191160
192-
193- ### Are DNS queries being received/processed?
194-
195- You can verify if queries are being received by CoreDNS by adding the ` log ` plugin to the CoreDNS configuration (aka Corefile).
196- The CoreDNS Corefile is held in a ConfigMap named ` coredns ` . To edit it, use the command ...
197-
198- ```
199- kubectl -n kube-system edit configmap coredns
200- ```
201-
202- Then add ` log ` in the Corefile section per the example below.
203-
204- ```
205- apiVersion: v1
206- kind: ConfigMap
207- metadata:
208- name: coredns
209- namespace: kube-system
210- data:
211- Corefile: |
212- .:53 {
213- log
214- errors
215- health
216- kubernetes cluster.local in-addr.arpa ip6.arpa {
217- pods insecure
218- upstream
219- fallthrough in-addr.arpa ip6.arpa
220- }
221- prometheus :9153
222- proxy . /etc/resolv.conf
223- cache 30
224- loop
225- reload
226- loadbalance
227- }
228-
229- ```
230-
231- After saving the changes, it may take up to minute or two for Kubernetes to propagate these changes to the CoreDNS pods.
232-
233- Next, make some queries and view the logs per the sections above in this document. If CoreDNS pods are receiving the queries, you should see them in the logs.
234-
235- Here is an example of a query in the log.
236-
237- ```
238- .:53
239- 2018/08/15 14:37:15 [INFO] CoreDNS-1.2.0
240- 2018/08/15 14:37:15 [INFO] linux/amd64, go1.10.3, 2e322f6
241- CoreDNS-1.2.0
242- linux/amd64, go1.10.3, 2e322f6
243- 2018/09/07 15:29:04 [INFO] plugin/reload: Running configuration MD5 = 162475cdf272d8aa601e6fe67a6ad42f
244- 2018/09/07 15:29:04 [INFO] Reloading complete
245- 172.17.0.18:41675 - [07/Sep/2018:15:29:11 +0000] 59925 "A IN kubernetes.default.svc.cluster.local. udp 54 false 512" NOERROR qr,aa,rd,ra 106 0.000066649s
246-
247- ```
248-
249161## Known issues
250162
251- Some Linux distributions (e.g. Ubuntu), use a local DNS resolver by default (systemd-resolved).
252- Systemd-resolved moves and replaces ` /etc/resolv.conf ` with a stub file that can cause a fatal forwarding
253- loop when resolving names in upstream servers. This can be fixed manually by using kubelet's ` --resolv-conf ` flag
254- to point to the correct ` resolv.conf ` (With ` systemd-resolved ` , this is ` /run/systemd/resolve/resolv.conf ` ).
255- kubeadm 1.11 automatically detects ` systemd-resolved ` , and adjusts the kubelet flags accordingly.
256-
257- Kubernetes installs do not configure the nodes' ` resolv.conf ` files to use the
258- cluster DNS by default, because that process is inherently distribution-specific.
163+ Kubernetes installs do not configure the nodes' resolv.conf files to use the
164+ cluster DNS by default, because that process is inherently distro-specific.
259165This should probably be implemented eventually.
260166
261167Linux's libc is impossibly stuck ([ see this bug from
2621682005] ( https://bugzilla.redhat.com/show_bug.cgi?id=168253 ) ) with limits of just
263- 3 DNS ` nameserver ` records and 6 DNS ` search ` records. Kubernetes needs to
264- consume 1 ` nameserver ` record and 3 ` search ` records. This means that if a
169+ 3 DNS ` nameserver ` records and 6 DNS ` search ` records. Kubernetes needs to
170+ consume 1 ` nameserver ` record and 3 ` search ` records. This means that if a
265171local installation already uses 3 ` nameserver ` s or uses more than 3 ` search ` es,
266- some of those settings will be lost. As a partial workaround, the node can run
172+ some of those settings will be lost. As a partial workaround, the node can run
267173` dnsmasq ` which will provide more ` nameserver ` entries, but not more ` search `
268- entries. You can also use kubelet's ` --resolv-conf ` flag.
174+ entries. You can also use kubelet's ` --resolv-conf ` flag.
269175
270176If you are using Alpine version 3.3 or earlier as your base image, DNS may not
271177work properly owing to a known issue with Alpine.
0 commit comments