BestHub
Sign in
Cloud Native 6 min read

Expose Kubernetes Pod Domains Internally with CoreDNS and etcd

This article outlines a step‑by‑step solution for exposing pod domain names inside a corporate network using CoreDNS with an etcd backend, including server and agent deployment, configuration, verification, and practical usage recommendations.

360 Zhihui Cloud Developer
360 Zhihui Cloud Developer
360 Zhihui Cloud Developer
Expose Kubernetes Pod Domains Internally with CoreDNS and etcd

Technical Solution

1. Use CoreDNS with the etcd plugin for domain name resolution. 2. Deploy a dedicated server that receives domain record requests from agents and writes the data to etcd. 3. Run an agent on each Kubernetes cluster that watches all pods, constructs domain names, and sends the pod name, namespace and IP to the server for storage in etcd. 4. CoreDNS reads the domain records from etcd.

Solution Verification

Validate CoreDNS etcd‑based domain resolution

Environment: a Linux machine with Docker installed (e.g., 10.23.34.16).

Steps:

<code>docker network create app-tier --driver bridge</code><code>docker run -d --name etcd-server --network app-tier --publish 2379:2379 --publish 2380:2380 \
  --env ALLOW_NONE_AUTHENTICATION=yes \
  --env ETCD_ADVERTISE_CLIENT_URLS=http://etcd-server:2379 \
  bitnami/etcd:latest</code>

Download the CoreDNS binary from GitHub and copy it to /usr/bin .

<code>mkdir /etc/coredns</code><code>vi /etc/coredns/dns.conf</code><code>skydns.local {</code><code>    etcd {</code><code>        path /skydns</code><code>        endpoint http://localhost:2379</code><code>    }</code><code>    cache</code><code>}</code><code>k8sqihoo.net {</code><code>    etcd {</code><code>        path /k8sqihoo   # matches the key prefix written to etcd in step 5</code><code>        endpoint http://localhost:2379</code><code>    }</code><code>    cache</code><code>}</code><code>. {</code><code>    forward . /etc/resolv.conf</code><code>    cache</code><code>}</code>

Start CoreDNS:

<code>coredns -conf /etc/coredns/dns.conf &amp;</code>

Write a domain record into etcd:

<code>docker exec -it 118d6cadf1b7 /bin/sh   # enter the etcd container</code><code>etcdctl put /k8sqihoo/net/k8sqihoo/test-bjyt/yctest/pod1 \
  '{"host":"10.216.138.203","ttl":60}'   # creates pod1.yctest.test-bjyt.k8sqihoo.net</code>

Update /etc/resolv.conf on a local or remote machine to use the CoreDNS server.

Test the resolution; a successful ping confirms that the pod domain resolves to the correct IP.

Overall Solution

The domain exposure method is defined; the remaining challenge is writing pod domain‑IP pairs into etcd.

A DNS‑side server must provide APIs for adding, deleting, and updating DNS records.

An agent inside each Kubernetes cluster watches pods, constructs domain names (e.g., using pod name and namespace), and sends the domain‑IP pair to the server for storage in etcd; deletions follow the same process.

Usage Summary

Consider a high‑availability setup for DNS nodes, e.g., using a virtual IP.

To reduce resource waste, the etcd instance in DNS nodes can be shared with the Kubernetes cluster.

If pod churn is high, limit the DNS‑node load by exposing pod domains only for services that need it, using pod annotations for identification.

For convenience, the sub‑domain service can be added to the corporate DNS.

cloud-nativeKubernetesService DiscoveryDNSetcdCoreDNS
360 Zhihui Cloud Developer
Written by

360 Zhihui Cloud Developer

360 Zhihui Cloud is an enterprise open service platform that aims to "aggregate data value and empower an intelligent future," leveraging 360's extensive product and technology resources to deliver platform services to customers.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment