[cka] CoreDNS in Kubernetes

1. Identify the DNS solution implemented in this cluster.

controlplane ~ ✖ kubectl get pods -n kube-system 
NAME                                   READY   STATUS    RESTARTS   AGE
coredns-768b85b76f-4h4xf               1/1     Running   0          2m15s
coredns-768b85b76f-rcj77               1/1     Running   0          2m15s
etcd-controlplane                      1/1     Running   0          2m30s
kube-apiserver-controlplane            1/1     Running   0          2m32s
kube-controller-manager-controlplane   1/1     Running   0          2m30s
kube-proxy-rwchx                       1/1     Running   0          2m15s
kube-scheduler-controlplane            1/1     Running   0          2m30s

 

answer : CoreDNS

 

2. How many pods of the DNS server are deployed?

 

answer : 2

 

3. What is the name of the service created for accessing CoreDNS?

controlplane ~ ➜  k get svc -n kube-system
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   5m51s

 

answer : kube-dns

 

 

4. What is the IP of the CoreDNS server that should be configured on PODs to resolve services?

 

answer : 10.96.0.10

 

 

5. Where is the configuration file located for configuring the CoreDNS service?

controlplane ~ ➜  kubectl -n kube-system describe deployments.apps coredns | grep -A2 Args | grep Corefile
      /etc/coredns/Corefile

 

answer : /etc/coredns/Corefile

 

6. How is the Corefile passed into the CoreDNS POD?

controlplane ~ ➜  k get configmaps -n kube-system 
NAME                                                   DATA   AGE
coredns                                                1      17m
extension-apiserver-authentication                     6      17m
kube-apiserver-legacy-service-account-token-tracking   1      17m
kube-proxy                                             2      17m
kube-root-ca.crt                                       1      16m
kubeadm-config                                         1      17m
kubelet-config                                         1      17m

 

controlplane ~ ➜  k get cm -n kube-system coredns -o yaml | grep Corefile
  Corefile: |
      {"apiVersion":"v1","data":{"Corefile":".:53 {\n    errors\n    health {\n       lameduck 5s\n    }\n    ready\n    kubernetes cluster.local in-addr.arpa ip6.arpa {\n       pods insecure\n       fallthrough in-addr.arpa ip6.arpa\n       ttl 30\n    }\n    prometheus :9153\n    forward . /etc/resolv.conf {\n       max_concurrent 1000\n    }\n    cache 30\n    loop\n    reload\n    loadbalance\n}\n"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"coredns","namespace":"kube-system"}}

 

answer : Configured as a ConfigMap object

 

8. What is the name of the ConfigMap object created for Corefile?

 

answer : coredns

 

9. What is the root domain/zone configured for this kubernetes cluster?

 

controlplane ~ ➜  kubectl describe configmap coredns -n kube-system
Name:         coredns
Namespace:    kube-system
Labels:       <none>
Annotations:  <none>

Data
====
Corefile:
----
.:53 {
    errors
    health {
       lameduck 5s
    }
    ready
    kubernetes cluster.local in-addr.arpa ip6.arpa {
       pods insecure
       fallthrough in-addr.arpa ip6.arpa
       ttl 30
    }
    prometheus :9153
    forward . /etc/resolv.conf {
       max_concurrent 1000
    }
    cache 30
    loop
    reload
    loadbalance
}


BinaryData
====

Events:  <none>

 

answer : cluster.local

 

9. We have deployed a set of PODs and Services in the default and payroll namespaces. Inspect them and go to the next question.

 

10. What name can be used to access the hr web server from the test Application? You can execute a curl command on the test pod to test. Alternatively, the test Application also has a UI. Access it using the tab at the top of your terminal named test-app.

 

answer : web-service

 

--- 문제 이해 필요.

11. Which of the names CANNOT be used to access the HR service from the test pod?

...??

 

 

12. Which of the below name can be used to access the payroll service from the test application?

controlplane ~ ➜  k get svc -n payroll
NAME          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
web-service   ClusterIP   10.107.43.140   <none>        80/TCP    46m

 

answer :  web-service.payroll

 

13. Which of the below name CANNOT be used to access the payroll service from the test application?

 

이 문제는 Kubernetes의 DNS 이름 규칙에 관한 것입니다. Kubernetes에서는 서비스에 접근할 때 DNS 이름을 사용할 수 있습니다. 일반적으로 DNS 이름은 다음과 같은 형식을 따릅니다:

 

1. 서비스 이름: web-service

2. 네임스페이스: payroll

3. 서비스 타입: svc

4. 클러스터 도메인: cluster.local

 

따라서 완전한 DNS 이름은 다음과 같이 구성됩니다:

 

<서비스 이름>.<네임스페이스>.svc.<클러스터 도메인>

 

각 옵션 분석:

 

• web-service.payroll.svc.cluster.local: 올바른 형식입니다.

• web-service.payroll.svc.cluster: 이 형식도 작동할 수 있습니다. cluster.local 도메인을 생략했지만, 기본적으로 cluster.local이 추가됩니다.

• web-service.payroll.svc: 올바른 형식입니다. cluster.local이 생략되었지만, 기본적으로 추가됩니다.

• web-service.payroll: 이 형식은 잘못되었습니다. 네임스페이스까지는 맞지만 svc와 cluster.local이 생략되었으며, 이 상태로는 올바른 서비스 DNS 이름으로 인식되지 않습니다.

 

answer : web-service.payroll.svc.cluster

 

14. We just deployed a web server - webapp - that accesses a database mysql - server. However the web server is failing to connect to the database server. Troubleshoot and fix the issue. They could be in different namespaces. First locate the applications. The web server interface can be seen by clicking the tab Web Server at the top of your terminal.

 

kubectl edit deploy webapp

...
    spec:
      containers:
      - env:
        - name: DB_Host
          value: mysql ## -> mysql.payroll 로 변경
        - name: DB_User
          value: root
        - name: DB_Password
          value: paswrd
        image: mmumshad/simple-webapp-mysq

 

 

15. From the hr pod nslookup the mysql service and redirect the output to a file /root/CKA/nslookup.out

controlplane ~ ➜  kubectl exec -it hr -- nslookup mysql.payroll > /root/CKA/nslookup.out