$ oc describe dns.operator/default
The DNS Operator deploys and manages CoreDNS to provide a name resolution service to pods, enabling DNS-based Kubernetes Service discovery in OpenShift.
The DNS Operator implements the dns
API from the operator.openshift.io
API
group. The operator deploys CoreDNS using a DaemonSet, creates a Service for
the DaemonSet, and configures the kubelet to instruct pods to use the CoreDNS
Service IP for name resolution.
Every new OpenShift Dedicated installation has a dns.operator
named default
.
Use the oc describe
command to view the default dns
:
$ oc describe dns.operator/default
Name: default
Namespace:
Labels: <none>
Annotations: <none>
API Version: operator.openshift.io/v1
Kind: DNS
...
Status:
Cluster Domain: cluster.local (1)
Cluster IP: 172.30.0.10 (2)
...
1 | The Cluster Domain field is the base DNS domain used to construct fully qualified Pod and Service domain names. |
2 | The Cluster IP is the address pods query for name resolution. The IP is defined as the 10th address in the Service CIDR range. |
You can use DNS forwarding to override the forwarding configuration identified in etc/resolv.conf
on a per-zone basis by specifying which name server should be used for a given zone.
Modify the DNS Operator object named default
:
$ oc edit dns.operator/default
This allows the Operator to create and update the ConfigMap named dns-default
with additional server configuration blocks based on Server
. If none of the servers has a zone that matches the query, then name resolution falls back to the name servers that are specified in /etc/resolv.conf
.
apiVersion: operator.openshift.io/v1
kind: DNS
metadata:
name: default
spec:
servers:
- name: foo-server (1)
zones: (2)
- foo.com
forwardPlugin:
upstreams: (3)
- 1.1.1.1
- 2.2.2.2:5353
- name: bar-server
zones:
- bar.com
- example.com
forwardPlugin:
upstreams:
- 3.3.3.3
- 4.4.4.4:5454
1 | name must comply with the rfc6335 service name syntax. |
2 | zones must conform to the definition of a subdomain in rfc1123 . The cluster domain, cluster.local , is an invalid subdomain for zones . |
3 | A maximum of 15 upstreams is allowed per forwardPlugin . |
If |
View the ConfigMap:
$ oc get configmap/dns-default -n openshift-dns -o yaml
apiVersion: v1
data:
Corefile: |
foo.com:5353 {
forward . 1.1.1.1 2.2.2.2:5353
}
bar.com:5353 example.com:5353 {
forward . 3.3.3.3 4.4.4.4:5454 (1)
}
.:5353 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf {
policy sequential
}
cache 30
reload
}
kind: ConfigMap
metadata:
labels:
dns.operator.openshift.io/owning-dns: default
name: dns-default
namespace: openshift-dns
1 | Changes to the forwardPlugin triggers a rolling update of the CoreDNS DaemonSet. |
For more information on DNS forwarding, see the CoreDNS forward documentation.