Introduction

In Kubernetes clusters, pods rely on DNS resolution to communicate with other services and external resources. By default, pods use a DNS system within the cluster that operates with private addresses and the domain cluster.local. The DNS server responsible for this resolution is CoreDNS.

Many applications are configured by default for standard Kubernetes setups, which can cause DNS resolution issues when deployed in OpenShift environments. Understanding how CoreDNS works and how to properly configure applications for OpenShift is crucial for ensuring reliable service discovery and communication.

The Problem: Default Kubernetes DNS Configuration

Most applications are configured with default Kubernetes DNS settings:

  1. Default DNS Service Name: coredns
  2. Default Namespace: kube-system
  3. Default Cluster Domain: cluster.local

This configuration works perfectly in standard Kubernetes clusters, but OpenShift has a different DNS setup that can cause applications to fail when trying to resolve internal service names.

How CoreDNS Works in Kubernetes

CoreDNS is deployed as a Pod inside the cluster and acts as the DNS server for all other Pods. Here’s how the DNS resolution process works:

1. Pod DNS Configuration

  • Each node’s kubelet sets the Pod’s /etc/resolv.conf to point to CoreDNS
  • CoreDNS typically runs with a ClusterIP (usually 10.96.0.10)
  • Pods send DNS queries to this ClusterIP address

2. DNS Query Flow

When a pod needs to resolve a service name, the following process occurs:

+----------------------+
|      Pod (nginx)     |
|  resolv.conf -> 10.96.0.10  <- CoreDNS ClusterIP
+----------+-----------+
           |
           v
   +-----------------+
   |    CoreDNS      |
   |  (DNS Pod)      |
   +-----------------+
     |            |
     | Cluster    | External
     v            v
+------------+  +------------------+
| K8s Service|  | Internet DNS     |
| records    |  | (e.g., 8.8.8.8) |
+------------+  +------------------+

3. Step-by-Step Resolution Process

  1. Pod Request: Pod wants to access myservice.default.svc.cluster.local
  2. DNS Query: Pod sends DNS query to CoreDNS (ClusterIP usually 10.96.0.10)
  3. CoreDNS Processing:
    • If the service exists, CoreDNS returns the service ClusterIP
    • If it’s an external domain, CoreDNS forwards the query to an upstream DNS server
  4. Response: Pod receives the resolved IP address and establishes the connection

Where is CoreDNS in OpenShift?

OpenShift uses a different DNS configuration compared to standard Kubernetes:

  • DNS Service Name: dns-default
  • DNS Namespace: openshift-dns
  • Cluster Domain: Still cluster.local (configurable)

This difference is why applications configured with default Kubernetes DNS settings fail in OpenShift environments.

Reconfiguring Your Applications for OpenShift

To make your applications work properly in OpenShift, you need to override the default DNS configuration. Here’s how to do it:

Using Helm Values

If you’re using Helm to deploy your applications, update your values.yaml file:

1
2
3
4

global:
  dnsService: "dns-default"
  dnsNamespace: "openshift-dns"
  # clusterDomain: "cluster.local"  # Usually not needed to change

Direct Pod Configuration

For direct pod configurations, ensure your application’s DNS settings point to:

  • DNS Server: dns-default
  • Namespace: openshift-dns

Application-Specific Configuration

Depending on your application, you might need to:

  1. Update DNS resolvers in application configuration files
  2. Modify environment variables that specify DNS servers
  3. Update service discovery configurations
  4. Adjust health check endpoints to use the correct DNS service

Verification

To verify that your application is using the correct DNS configuration:

  1. Check Pod’s resolv.conf:

    1

    kubectl exec -it <pod-name> -- cat /etc/resolv.conf

  2. Test DNS resolution:

    1

    kubectl exec -it <pod-name> -- nslookup <service-name>

  3. Verify service discovery:

    1

    kubectl exec -it <pod-name> -- nslookup <service-name>.<namespace>.svc.cluster.local

Conclusion

Understanding DNS configuration differences between Kubernetes and OpenShift is essential for successful application deployment. By updating your applications to use the correct DNS service (dns-default in the openshift-dns namespace), you ensure that service discovery works properly and your applications can communicate effectively within the OpenShift cluster.

Remember to test your DNS configuration after making changes and verify that all service-to-service communication is working as expected.