dns icon indicating copy to clipboard operation
dns copied to clipboard
verified publisher icon kubernetes

kube-dns doesn't expose service scoped dns names for pod IPs

Open pmalek opened this issue 1 year ago • 13 comments

Problem statement

As described in https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-aaaa-records-1:

Any Pods exposed by a Service have the following DNS resolution available: pod-ipv4-address.service-name.my-namespace.svc.cluster-domain.example

This is not the case for kube-dns. We're using (generating) those dns names from EndpointSlices for inter cluster communication between services. It does work with coredns.

This is relevant for a number of users since GKE by default uses kube-dns.

Usage of service scoped dns names is preferred because it allows for wildcard certificates like *.service-name.my-namespace.svc.cluster-domain.example to be used.

Proposed solution

Serve service scoped dns names.

pmalek avatar May 22 '24 10:05 pmalek

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 20 '24 10:08 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Sep 19 '24 10:09 k8s-triage-robot

/remove-lifecycle rotten

programmer04 avatar Sep 19 '24 12:09 programmer04

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Dec 18 '24 12:12 k8s-triage-robot

/remove-lifecycle stale

pmalek avatar Dec 18 '24 12:12 pmalek

Seems like a bug in the documentation, as according to the DNS specification mentioned in the section linked in the issue, section 2.4.1, it's only provided for headless services (clusterIP: None) and with pod hostnames rather than IP addresses as the subdomain.

Michcioperz avatar Dec 18 '24 15:12 Michcioperz

As @Michcioperz brought up, I wonder if kube-dns is supposed to provide these A records or if it's a bug in the docs. Perhaps a maintainer can comment if kube-dns will ever provide this functionality?

In the meantime, I made a PR to update the docs.

davidxia avatar Jan 22 '25 21:01 davidxia

I'm in favor of changing the behavior to fulfill what OP described, because

thus we're currently in Hyrum's Law to expect this behavior from the K8s cluster as a whole (no matter the underlying DNS and official specs, etc.)

programmer04 avatar Jan 23 '25 13:01 programmer04

Can you provide a repro Deployment+Service where CoreDNS and Cloud DNS do what OP described? I'm pretty confident that, like I said, Cloud DNS only does it for headless services.

Michcioperz avatar Jan 23 '25 14:01 Michcioperz

I made tests and support for the availability of DNS resolution like e.g. 10-96-2-4.example-service.default.svc for Pods exposed by a Service depends on a DNS provider and it looks like that

Cloud DNS Core DNS kube-dns
ClusterIP ✔️
Headless ✔️ ✔️

tested with the below configuration

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-deployment
  labels:
    app: example-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: example-app
  template:
    metadata:
      labels:
        app: example-app
    spec:
      containers:
        - name: example-container
          image: nginx:latest
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: example-service
spec:
  clusterIP: None # To comment/un-comment
  selector:
    app: example-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

programmer04 avatar Jan 23 '25 16:01 programmer04

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Apr 23 '25 16:04 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar May 23 '25 16:05 k8s-triage-robot

/remove-lifecycle rotten

I still want to figure this out in free time

Michcioperz avatar May 23 '25 17:05 Michcioperz

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 21 '25 17:08 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Sep 20 '25 17:09 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Oct 20 '25 17:10 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Oct 20 '25 17:10 k8s-ci-robot