How can one set up Kubernetes DNS using an IP address that is not host specific to the Kubernetes API?

0
votes

I am having a difficult time finding out how one would get Kubernetes DNS (skydns, now called kube-dns) such that the kube-dns container/pod knows how to connect to the API server using an IP address or host that will work regardless if a master node goes down and another API server is started on a host with a different IP address?

I have tried using the actual Kubernetes service, but it runs on port 443 and the kube-dns (and formerly kube2sky) cannot connect to it.

Is there a more straightforward way other than having a mechanism to delete and recreate the kube-dns pod?

3
kubernetesskydnskube-dns
and by "re-create the kube-dns pod", I meant, restarting the pod when the API server changes it's IP because a host went down and it was brought up elsewhere.user3379574

3 Answers

0
votes

You can use:

kubelet describe svc kubernetes

0
votes

You can query for endpoint and directly look for the one that corresponds to kubernetes. I can get it in two ways. One is directly query for endpoints:

$ kubectl get ep
NAME         ENDPOINTS              AGE
kubernetes   192.168.122.116:8443   15h

Or describe the service kubernetes running in the default namespace:

$ kubectl describe svc kubernetes
Name:                   kubernetes
Namespace:              default
Labels:                 component=apiserver
                        provider=kubernetes
Annotations:            <none>
Selector:               <none>
Type:                   ClusterIP
IP:                     10.0.0.1
Port:                   https   443/TCP
Endpoints:              192.168.122.116:8443
Session Affinity:       ClientIP
Events:                 <none>

Here I get the host IP address and port and it is not running on 443; it's 8443. See if this helps solve your problem.

Or try adding one more port to kubernetes service whose target port is the same.

0
votes

how one would get kubernetes DNS (skydns, now called kube-dns) such that the kube-dns container/pod knows how to connect to the API server using and IP address or host

I don't think kube-dns needs to connect to APIServer in Kubernetes' design.

But if you are trying to find a stable way to connect to APIServer (like you said "regardless if a master node goes down and another API server is started on a host with a different IP address"), you've already done this if you deploy your cluster using kubeadm (more information about kubeadm). And this is implemented through the Kubernetes service. You can check that like this:

$ kubelet describe svc kubernetes
Name:                   kubernetes
Namespace:              default
Labels:                 component=apiserver
                        provider=kubernetes
Selector:               <none>
Type:                   ClusterIP
IP:                     10.96.0.1
Port:                   https   443/TCP
Endpoints:              10.140.0.2:6443
Session Affinity:       ClientIP
No events.

You can access APIServer through either 10.96.0.1:443 (which is ClusterIP) or 10.140.0.2:6443 (which is the pod IP address of the APIServer pod) through:

$ curl https://10.140.0.2:6443/version --cert /etc/kubernetes/pki/apiserver.pem --key /etc/kubernetes/pki/apiserver-key.pem --cacert /etc/kubernetes/pki/ca.pem
{
  "major": "1",
  "minor": "5",
  "gitVersion": "v1.5.4",
  "gitCommit": "7243c69eb523aa4377bce883e7c0dd76b84709a1",
  "gitTreeState": "clean",
  "buildDate": "2017-03-07T23:34:32Z",
  "goVersion": "go1.7.4",
  "compiler": "gc",
  "platform": "linux/amd64"
}