kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Correct misleading wording in Pod DNS Policies 

A debugging rabbit hole lead me to digging around kublet's behavior
regarding certain DNS Policies.

This commit updates some potentially misleading wordings to more
correctly convey kubelet's behavior which was discovered after some
rabbit hole debugging of DNS Policies.

The ClusterFirst policy documentation would imply that the resolve.conf
of a Pod would contain a fallback to the Node's nameserver. This is not
the cause, [kubelet explicitly
mentions](4276ed3628/pkg/kubelet/network/dns/dns.go (L403-L407))
that the fallback is handled by whatever system is running kube-dns or
coredns which dramatically changes the behavior of the system when the
cluster's DNS is unavailable.

The ClusterFirstWithHostNet policy is lacking any amount of detail as to
why one would desire to use it. This commit doesn't go into complete
detail but adds an important note about the behavior of `hostNetwork`
when not using the `ClusterFirstWIthHostNet` Policy.
pull/38002/head
Chris Seto 2022-11-21 15:39:30 -05:00
parent 5509b7dad1
commit e2c34dff6c
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/en/docs/concepts/services-networking/dns-pod-service.md
View File

@ -220,13 +220,15 @@ following Pod-specific DNS policies. These policies are specified in the
See [related discussion](/docs/tasks/administer-cluster/dns-custom-nameservers)
for more details.
- "`ClusterFirst`": Any DNS query that does not match the configured cluster
domain suffix, such as "`www.kubernetes.io`", is forwarded to the upstream
nameserver inherited from the node. Cluster administrators may have extra
domain suffix, such as "`www.kubernetes.io`", is forwarded to an upstream
nameserver by the DNS server. Cluster administrators may have extra
stub-domain and upstream DNS servers configured.
See [related discussion](/docs/tasks/administer-cluster/dns-custom-nameservers)
for details on how DNS queries are handled in those cases.
- "`ClusterFirstWithHostNet`": For Pods running with hostNetwork, you should
explicitly set its DNS policy "`ClusterFirstWithHostNet`".
explicitly set its DNS policy to "`ClusterFirstWithHostNet`". Otherwise, Pods
running with hostNetwork and `"ClusterFirst"` will fallback to the behavior
of the `"Default"` policy.
- Note: This is not supported on Windows. See [below](#dns-windows) for details
- "`None`": It allows a Pod to ignore DNS settings from the Kubernetes
environment. All DNS settings are supposed to be provided using the