Static pods have host's resolv.conf after HA Installation with kubeadm


#1

How do you guys solve this. I want to access a service (admission controller) in the cluster from the api-server static pod. The api-server’s resolv.conf is the same as the host’s where it is running on.

Cheers Rene


#2

There are a couple of options:
Option 1) is to use Service IP should be reachable from api-server if kube-proxy is running on it. I believe the validating webhooks would use the service IP to establish the connection to the webhook.

Option 2) if you want to have service name resolvable, one can run dnsmasq on the API server instance. then the pods can be launched with dnsPolicy: ClusterFirstWithHostNet (ref DNS for Services and Pods - Kubernetes). Provided either kubelet flag --cluster-dns points to instanceIP,kubednsSvcIP, example --cluster-dns=10.0.80.0,100.64.0.10. Or you also use pod spec DNS config to specify custom DNS resolvers DNS for Services and Pods - Kubernetes

In the dnsmasq, have a rule to route to cluster.local to kubedns svc IP, rest to follows the Instance DNS resolver. Something like this

–server=/cluster.local/100.64.0.10

I believe the above thing can be done with coredns as well. ( this dnsmasq/coredns is different from the kubedns stuff )


Kind - Is it possible to supply a custom /etc/docker/daemon.json to the kind container?
#3

thx vnandha, I will try option2. I let you know of my success or failure :slight_smile:


#4

Option 2 works well, thx