GitHub EN PT

K8s by Example: DNS & Service Discovery

Kubernetes runs CoreDNS for internal name resolution. Every Service gets a DNS A record automatically. Pods resolve Service names to ClusterIPs without hardcoding addresses.
service.yaml

Services automatically get DNS records. This Service gets DNS: my-app.production.svc.cluster.local with an A record pointing to the ClusterIP.

 
apiVersion: v1
kind: Service
metadata:
  name: my-app
  namespace: production
spec:
  ports:
    - port: 80
  selector:
    app: my-app
terminal

DNS resolution from shortest to FQDN. Same namespace: just service name. Cross-namespace: service.namespace. With svc suffix: service.namespace.svc. Full FQDN (rarely needed): service.namespace.svc.cluster.local.

 
$ curl http://my-app
Hello from my-app!

$ curl http://my-app.other-namespace
Hello from my-app!

$ curl http://my-app.other-namespace.svc

$ curl http://my-app.other-namespace.svc.cluster.local
terminal

Services also get SRV records for named ports. SRV records contain port information, useful for dynamic port discovery.

 
$ nslookup my-app.default.svc.cluster.local
Server:    10.96.0.10
Address:   10.96.0.10#53

Name:      my-app.default.svc.cluster.local
Address:   10.96.0.100

$ nslookup -type=SRV _http._tcp.my-app.default.svc.cluster.local
_http._tcp.my-app.default.svc.cluster.local   SRV 0 100 80 my-app.default.svc.cluster.local
headless-service.yaml

Headless Services (clusterIP: None) return Pod IPs directly instead of a ClusterIP. DNS returns all matching Pod IPs. Essential for StatefulSets and client-side load balancing.

 
apiVersion: v1
kind: Service
metadata:
  name: my-db
spec:
  clusterIP: None
  ports:
    - port: 5432
  selector:
    app: postgres
terminal

StatefulSet Pods get stable, predictable DNS names via headless Services. Each Pod gets its own A record: pod-name.service.namespace.svc.cluster.local.

 
$ nslookup my-db-0.my-db.default.svc.cluster.local
Address: 10.244.1.5

$ nslookup my-db-1.my-db.default.svc.cluster.local
Address: 10.244.2.8

$ nslookup my-db-2.my-db.default.svc.cluster.local
Address: 10.244.3.12

$ psql -h my-db-0.my-db.default.svc.cluster.local
pod-dns-config.yaml

Pod DNS policy controls how Pods resolve names. ClusterFirst is default. Use None with custom dnsConfig for special cases. Options: Default, ClusterFirst, ClusterFirstWithHostNet, None.

 
spec:
  dnsPolicy: ClusterFirst
  dnsConfig:
    nameservers:
      - 8.8.8.8
    searches:
      - my-namespace.svc.cluster.local
    options:
      - name: ndots
        value: "5"
terminal

CoreDNS configuration is in a ConfigMap in kube-system. Customize for external DNS forwarding, custom domains, or caching. Pods get /etc/resolv.conf configured by kubelet.

 
$ kubectl get configmap coredns -n kube-system -o yaml
apiVersion: v1
kind: ConfigMap
data:
  Corefile: |
    .:53 {
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
        }
        forward . /etc/resolv.conf
        cache 30
    }

$ kubectl exec my-pod -- cat /etc/resolv.conf
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
terminal

Debug DNS issues by checking CoreDNS pods, testing resolution from within the cluster, and verifying Service endpoints exist. Common issue: ndots setting causes external lookups to fail.

 
$ kubectl run dns-test --rm -it --image=busybox:1.28 -- sh
/ # nslookup my-app
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name:      my-app
Address 1: 10.96.0.100

/ # nslookup kubernetes.default
Name:      kubernetes.default
Address 1: 10.96.0.1

$ kubectl logs -n kube-system -l k8s-app=kube-dns
[INFO] 10.244.0.5:53842 - 12345 "A IN my-app.default.svc.cluster.local."

$ kubectl get pods -n kube-system -l k8s-app=kube-dns
NAME                       READY   STATUS    AGE
coredns-5644d7b6d9-abc12   1/1     Running   10d
coredns-5644d7b6d9-def34   1/1     Running   10d
pod-dns-optimized.yaml

The default ndots: 5 causes performance issues. Names with fewer than 5 dots try all search domains first. api.example.com triggers 4+ DNS queries before resolving.

 
spec:
  dnsConfig:
    options:
      - name: ndots
        value: "1"

For Alpine/musl-based images, add single-request-reopen to prevent 5-second DNS delays caused by parallel A/AAAA queries.

 
spec:
  dnsConfig:
    options:
      - name: ndots
        value: "1"
      - name: single-request-reopen
  containers:
    - name: app
      image: myapp:alpine
terminal

Scale CoreDNS for large clusters. Recommended: 1 CoreDNS pod per 10-20 nodes. Monitor CPU usage and increase replicas or resources if queries are slow.

 
$ kubectl top pods -n kube-system -l k8s-app=kube-dns
NAME                      CPU(cores)   MEMORY
coredns-abc123            180m         50Mi

$ kubectl scale deploy coredns -n kube-system --replicas=5

Index | Use arrow keys to navigate