CoreDNS
This feature is an Enterprise feature. See our pricing plans or contact our sales team for more information.
Separate CoreDNS​
Each vCluster has its own DNS service (CoreDNS by default) so that pods and services can locate each other by hostnames. The vCluster syncer ensures that the intuitive naming logic of Kubernetes DNS names for services applies. Users can connect to these DNS names, which map to the IP address of the synchronized services that are present in the host cluster. However, this also means that you can't directly access host services from inside the virtual cluster via DNS. Host cluster pods can only access virtual cluster services by their synced name.
Customize the CoreDNS deployment if you need to pull the CoreDNS image from a private registry.
See DNS for Services and Pods for details on Kubernetes DNS.
A normal vCluster deployment consists of two pods per vCluster instance:
- vCluster Pod
- API server container
- Syncer container
- CoreDNS Pod
vCluster's CoreDNS service listens on port 1053 instead of the default DNS port 53 to avoid conflicts with DNS on the host cluster.
If you're running vCluster on EKS or another cloud provider with strict network policies, you must allow traffic on port 1053 between nodes to avoid DNS resolution issues.
For more deails, see the Networking documentation.
Integrated CoreDNS​
(Pro) The integrated CoreDNS feature lets you run CoreDNS as part of the syncer, which saves the overhead of an external CoreDNS pod.
- vCluster Pod
- API server container
- Syncer and CoreDNS container
Key benefits to this approach include:
- Avoiding cluster max pods limit
- Optimizing resource allocation
Config reference​
| Deprecated Field | New Field |
|---|---|
coredns.config | coredns.overwriteConfig |
coredns.manifests | coredns.overwriteManifests |
coredns required object ​
CoreDNS defines everything related to the coredns that is deployed and used within the vCluster.
coredns required object ​enabled required boolean true ​
Enabled defines if coredns is enabled
enabled required boolean true ​embedded required boolean false ​
Embedded defines if vCluster will start the embedded coredns service within the control-plane and not as a separate deployment. This is a PRO feature.
embedded required boolean false ​security required object ​
Security defines pod or container security context.
security required object ​service required object ​
Service holds extra options for the coredns service deployed within the virtual cluster
service required object ​deployment required object ​
Deployment holds extra options for the coredns deployment deployed within the virtual cluster
deployment required object ​image required string ​
Image is the coredns image to use
image required string ​replicas required integer 1 ​
Replicas is the amount of coredns pods to run.
replicas required integer 1 ​nodeSelector required object {} ​
NodeSelector is the node selector to use for coredns.
nodeSelector required object {} ​affinity required object {} ​
Affinity is the affinity to apply to the pod.
affinity required object {} ​tolerations required object[] [] ​
Tolerations are the tolerations to apply to the pod.
tolerations required object[] [] ​resources required object ​
Resources are the desired resources for coredns.
resources required object ​pods required object ​
Pods is additional metadata for the coredns pods.
pods required object ​annotations required object {} ​
Annotations are extra annotations for this resource.
annotations required object {} ​labels required object {} ​
Labels are extra labels for this resource.
labels required object {} ​topologySpreadConstraints required object[] [map[labelSelector:map[matchLabels:map[k8s-app:vcluster-kube-dns]] maxSkew:1 topologyKey:kubernetes.io/hostname whenUnsatisfiable:DoNotSchedule]] ​
TopologySpreadConstraints are the topology spread constraints for the CoreDNS pod.
topologySpreadConstraints required object[] [map[labelSelector:map[matchLabels:map[k8s-app:vcluster-kube-dns]] maxSkew:1 topologyKey:kubernetes.io/hostname whenUnsatisfiable:DoNotSchedule]] ​overwriteConfig required string ​
OverwriteConfig can be used to overwrite the coredns config
overwriteConfig required string ​overwriteManifests required string ​
OverwriteManifests can be used to overwrite the coredns manifests used to deploy coredns
overwriteManifests required string ​priorityClassName required string ​
PriorityClassName specifies the priority class name for the CoreDNS pods.
priorityClassName required string ​