Kubernetes Pod DNS Trick

tej-singh-rana · October 22, 2020, 9:01am

Cluster information:

Kubernetes version: v1.19
Installation method: kubeadm
Host OS: Ubuntu
CNI : Weave
CRI : Docker

-------------------------------------------------------------------

$ kubectl get po -n hook
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          6s

$ kubectl get po -owide -n hook
NAME    READY   STATUS    RESTARTS   AGE   IP          NODE     NOMINATED NODE   READINESS GATES
nginx   1/1     Running   0          13s   10.44.0.2   node01   <none>           <none>

$ kubectl get po
NAME   READY   STATUS    RESTARTS   AGE
test   1/1     Running   0          60s

$ kubectl get po -owide -n hook
NAME    READY   STATUS    RESTARTS   AGE     IP          NODE     NOMINATED NODE   READINESS GATES
nginx   1/1     Running   0          2m31s   10.44.0.2   node01   <none>           <none>

$ kubectl exec -it test -- sh
/ # nslookup 10-44-0-2.default.pod.cluster.local
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      10-44-0-2.default.pod.cluster.local
Address 1: 10.44.0.2
/ # nslookup 10-44-0-2.hook.pod.cluster.local
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      10-44-0-2.hook.pod.cluster.local
Address 1: 10.44.0.2

As per k8s docs DNS for Services and Pods | Kubernetes

In general a pod has the following DNS resolution:

pod-ip-address.my-namespace.pod.cluster-domain.example .

For example, if a pod in the default namespace has the IP address 172.17.0.3, and the domain name for your cluster is cluster.local , then the Pod has a DNS name:

172-17-0-3.default.pod.cluster.local .

But in the above scenario, I am able to resolve from default namespace too and again I created a new namespace red. I am able to resolve from that namespace too.

$ kubectl create ns red
namespace/red created
$ kubectl exec -it test -- sh
/ # nslookup 10-44-0-2.red.pod.cluster.local
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      10-44-0-2.red.pod.cluster.local
Address 1: 10.44.0.2
/ #

Any experts can please share their review on this? or am I missing something?

mrbobbytables · October 22, 2020, 12:07pm

DNS is not namespace restricted. You can enumerate them from any part of a cluster. If that is something you wish to do, you can use a CNI driver such as Cilium to lock it down.

tej-singh-rana · October 23, 2020, 3:09pm

Hello, @mrbobbytables
Thanks for your prompt response. Can you please share any blog’s or useful resources regarding this?

Regards,

mrbobbytables · October 23, 2020, 3:33pm

There isn’t really blog posts about it - it’s a part of DNS based service discovery -

tej-singh-rana · October 23, 2020, 3:38pm

Thanks, I will read again.

Topic		Replies	Views
Unable to resolve pod to pod (coredns) General Discussions coredns	3	3411	August 13, 2020
Using minikube: DNS pods running but not ready General Discussions	6	3849	April 19, 2020
CoreDNS and problem with resolving hostnames General Discussions	6	7002	November 1, 2021
Dns not resolving .cluster.local General Discussions coredns , network	5	4255	March 8, 2024
Kubernetes offline installation, kube-dns has no endpoints. Need help to resolve the issue General Discussions development , network	3	2432	September 6, 2022

Kubernetes Pod DNS Trick

Cluster information:

Related Topics