Skip to main content
Version: main 🚧

CoreDNS

Enterprise-Only Feature

This feature is an Enterprise feature. See our pricing plans or contact our sales team for more information.

Separate CoreDNS​

Each vCluster has its own DNS service (CoreDNS by default) so that pods and services can locate each other by hostnames. The vCluster syncer ensures that the intuitive naming logic of Kubernetes DNS names for services applies. Users can connect to these DNS names, which map to the IP address of the synchronized services that are present in the host cluster. However, this also means that you can't directly access host services from inside the virtual cluster via DNS. Host cluster pods can only access virtual cluster services by their synced name.

Customize the CoreDNS deployment if you need to pull the CoreDNS image from a private registry.

See DNS for Services and Pods for details on Kubernetes DNS.

A normal vCluster deployment consists of two pods per vCluster instance:

  • vCluster Pod
    • API server container
    • Syncer container
  • CoreDNS Pod
CoreDNS listens on port 1053

vCluster's CoreDNS service listens on port 1053 instead of the default DNS port 53 to avoid conflicts with DNS on the host cluster.

If you're running vCluster on EKS or another cloud provider with strict network policies, you must allow traffic on port 1053 between nodes to avoid DNS resolution issues.

For more deails, see the Networking documentation.

Integrated CoreDNS​

(Pro) The integrated CoreDNS feature lets you run CoreDNS as part of the syncer, which saves the overhead of an external CoreDNS pod.

  • vCluster Pod
    • API server container
    • Syncer and CoreDNS container

Key benefits to this approach include:

  • Avoiding cluster max pods limit
  • Optimizing resource allocation

Config reference​

Deprecated FieldNew Field
coredns.configcoredns.overwriteConfig
coredns.manifestscoredns.overwriteManifests

coredns required object pro​

CoreDNS defines everything related to the coredns that is deployed and used within the vCluster.

enabled required boolean true pro​

Enabled defines if coredns is enabled

embedded required boolean false pro​

Embedded defines if vCluster will start the embedded coredns service within the control-plane and not as a separate deployment. This is a PRO feature.

security required object pro​

Security defines pod or container security context.

podSecurityContext required object {} pro​

PodSecurityContext specifies security context options on the pod level.

containerSecurityContext required object {} pro​

ContainerSecurityContext specifies security context options on the container level.

service required object pro​

Service holds extra options for the coredns service deployed within the virtual cluster

spec required object map[type:ClusterIP] pro​

Spec holds extra options for the coredns service

annotations required object {} pro​

Annotations are extra annotations for this resource.

labels required object {} pro​

Labels are extra labels for this resource.

deployment required object pro​

Deployment holds extra options for the coredns deployment deployed within the virtual cluster

image required string pro​

Image is the coredns image to use

replicas required integer 1 pro​

Replicas is the amount of coredns pods to run.

nodeSelector required object {} pro​

NodeSelector is the node selector to use for coredns.

affinity required object {} pro​

Affinity is the affinity to apply to the pod.

tolerations required object[] [] pro​

Tolerations are the tolerations to apply to the pod.

resources required object pro​

Resources are the desired resources for coredns.

limits required object map[cpu:1000m memory:170Mi] pro​

Limits are resource limits for the container

requests required object map[cpu:20m memory:64Mi] pro​

Requests are minimal resources that will be consumed by the container

pods required object pro​

Pods is additional metadata for the coredns pods.

annotations required object {} pro​

Annotations are extra annotations for this resource.

labels required object {} pro​

Labels are extra labels for this resource.

annotations required object {} pro​

Annotations are extra annotations for this resource.

labels required object {} pro​

Labels are extra labels for this resource.

topologySpreadConstraints required object[] [map[labelSelector:map[matchLabels:map[k8s-app:vcluster-kube-dns]] maxSkew:1 topologyKey:kubernetes.io/hostname whenUnsatisfiable:DoNotSchedule]] pro​

TopologySpreadConstraints are the topology spread constraints for the CoreDNS pod.

overwriteConfig required string pro​

OverwriteConfig can be used to overwrite the coredns config

overwriteManifests required string pro​

OverwriteManifests can be used to overwrite the coredns manifests used to deploy coredns

priorityClassName required string pro​

PriorityClassName specifies the priority class name for the CoreDNS pods.