Skip to content

Instantly share code, notes, and snippets.

@nitisht

nitisht/federation.md

Last active January 16, 2018 18:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nitisht/18b1b7511c9bb3f701b323f12c26312d to your computer and use it in GitHub Desktop.
Save nitisht/18b1b7511c9bb3f701b323f12c26312d to your computer and use it in GitHub Desktop.
Download ZIP
MSF with Minio and Core DNS
Raw
federation.md

CoreDNS vs kubedns

  • On-the-fly DNSSEC signing of served data in CoreDNS.
  • kube-dns supports only etcd as the backend, CoreDNS on the other hand has several supported backends.
  • kube-dns records do not reflect the state of the cluster. Any query to w-x-y-z.namespace.pod.cluster.local will return an A record with w.x.y.z, even if that IP does not belong to specified namespace or even to the cluster address space. CoreDNS integration offers the option pods verified, which will verify that the IP address w.x.y.z returned is in fact the IP of a pod in the specified namespace.
  • Plugin chaining and pluggable architecture makes CoreDNS better suited to adapt to various backends, as compared to kubedns.

CoreDNS plugins

etcd capabilities

The data in etcd has to be encoded as a struct like this, for CoreDNS etcd plugin to pick it up :

// This *is* the rdata from a SRV record, but with a twist.
// Host (Target in SRV) must be a domain name, but if it looks like an IP
// address (4/6), we will treat it like an IP address.
type Service struct {
	Host     string `json:"host,omitempty"`
	Port     int    `json:"port,omitempty"`
	Priority int    `json:"priority,omitempty"`
	Weight   int    `json:"weight,omitempty"`
	Text     string `json:"text,omitempty"`
	Mail     bool   `json:"mail,omitempty"` // Be an MX record. Priority becomes Preference.
	Ttl      uint32 `json:"ttl,omitempty"`

	// When a SRV record with a "Host: IP-address" is added, we synthesize
	// a srv.Target domain name.  Normally we convert the full Key where
	// the record lives to a DNS name and use this as the srv.Target.  When
	// TargetStrip > 0 we strip the left most TargetStrip labels from the
	// DNS name.
	TargetStrip int `json:"targetstrip,omitempty"`

	// Group is used to group (or *not* to group) different services
	// together. Services with an identical Group are returned in the same
	// answer.
	Group string `json:"group,omitempty"`

	// Etcd key where we found this service and ignored from json un-/marshalling
	Key string `json:"-"`
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment