tencent cloud

Tencent Kubernetes Engine

Release Notes and Announcements
Release Notes
Announcements
Release Notes
Product Introduction
Overview
Strengths
Architecture
Scenarios
Features
Concepts
Native Kubernetes Terms
Common High-Risk Operations
Regions and Availability Zones
Service Regions and Service Providers
Open Source Components
Purchase Guide
Purchase Instructions
Purchase a TKE General Cluster
Purchasing Native Nodes
Purchasing a Super Node
Getting Started
Beginner’s Guide
Quickly Creating a Standard Cluster
Examples
Container Application Deployment Check List
Cluster Configuration
General Cluster Overview
Cluster Management
Network Management
Storage Management
Node Management
GPU Resource Management
Remote Terminals
Application Configuration
Workload Management
Service and Configuration Management
Component and Application Management
Auto Scaling
Container Login Methods
Observability Configuration
Ops Observability
Cost Insights and Optimization
Scheduler Configuration
Scheduling Component Overview
Resource Utilization Optimization Scheduling
Business Priority Assurance Scheduling
QoS Awareness Scheduling
Security and Stability
TKE Security Group Settings
Identity Authentication and Authorization
Application Security
Multi-cluster Management
Planned Upgrade
Backup Center
Cloud Native Service Guide
Cloud Service for etcd
TMP
TKE Serverless Cluster Guide
TKE Registered Cluster Guide
Use Cases
Cluster
Serverless Cluster
Scheduling
Security
Service Deployment
Network
Release
Logs
Monitoring
OPS
Terraform
DevOps
Auto Scaling
Containerization
Microservice
Cost Management
Hybrid Cloud
AI
Troubleshooting
Disk Full
High Workload
Memory Fragmentation
Cluster DNS Troubleshooting
Cluster kube-proxy Troubleshooting
Cluster API Server Inaccessibility Troubleshooting
Service and Ingress Inaccessibility Troubleshooting
Common Service & Ingress Errors and Solutions
Engel Ingres appears in Connechtin Reverside
CLB Ingress Creation Error
Troubleshooting for Pod Network Inaccessibility
Pod Status Exception and Handling
Authorizing Tencent Cloud OPS Team for Troubleshooting
CLB Loopback
API Documentation
History
Introduction
API Category
Making API Requests
Elastic Cluster APIs
Resource Reserved Coupon APIs
Cluster APIs
Third-party Node APIs
Relevant APIs for Addon
Network APIs
Node APIs
Node Pool APIs
TKE Edge Cluster APIs
Cloud Native Monitoring APIs
Scaling group APIs
Super Node APIs
Other APIs
Data Types
Error Codes
TKE API 2022-05-01
FAQs
TKE General Cluster
TKE Serverless Cluster
About OPS
Hidden Danger Handling
About Services
Image Repositories
About Remote Terminals
Event FAQs
Resource Management
Service Agreement
TKE Service Level Agreement
TKE Serverless Service Level Agreement
Contact Us
Glossary
DokumentasiTencent Kubernetes EngineApplication ConfigurationComponent and Application Management Add-On ManagementCoreDNS Notes

CoreDNS Notes

PDF
Mode fokus
Ukuran font
Terakhir diperbarui: 2026-04-03 11:34:15

Overview

Component Introduction

CoreDNS is the DNS service component for Kubernetes clusters, responsible for providing DNS resolution services for Services and Pods within the cluster. Built on a plugin chain architecture, it supports flexible DNS configurations including service discovery, caching, forwarding, health checks, and other features. CoreDNS defines DNS service behaviors through Corefile configuration files and enables diverse plugin combinations to meet requirements in various scenarios.
CoreDNS is installed by default when a cluster is created and does not require manual installation.

Default Corefile Configuration

.:53 {
    template ANY HINFO . {
        rcode NXDOMAIN
    }
    errors
    health {
        lameduck 30s
    }
    ready
    kubernetes cluster.local. in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
    }
    prometheus :9153
    forward . /etc/resolv.conf {
        prefer_udp
    }
    cache 30
    reload
    loadbalance
}
Description of Major Plugins:
errors: Output error logs to standard output.
health: Provides a health check endpoint (default port 8080), lameduck 30s indicates that it continues to serve for 30 seconds after a shutdown signal is received.
ready: Provides a readiness check endpoint (default port 8181).
kubernetes: Kubernetes Service discovery plugin, resolves DNS records for Services and Pods within the cluster.
prometheus: Exposes Prometheus metrics on port 9153.
forward: Forwards DNS requests for non-cluster domain names to upstream DNS servers.
cache: DNS record caching with a TTL of 30 seconds.
reload: Supports hot reloading of Corefiles.
loadbalance: Provides round-robin load balancing for DNS records.

Kubernetes Objects Deployed in the Cluster

Kubernetes Object Name
Type
Requesting Resources
Associated Namespace
coredns
Deployment
100 M CPU and 30 Mi memory per instance
kube-system
coredns
ConfigMap
-
kube-system
kube-dns
Service
-
kube-system
coredns
ServiceAccount
-
kube-system
system:coredns
ClusterRole
-
-
system:coredns
ClusterRoleBinding
-
-

Prerequisites

Only supported in Kubernetes clusters of version 1.12 or above.
Kubernetes 1.24+ clusters by default use the CoreDNS v1.11.1-tke.1 image, while lower version clusters use the CoreDNS 1.8.4 image.

Special Notes

CoreDNS is deployed with 2 replicas by default. Pod anti-affinity ensures replicas are distributed across different nodes to avoid a single point of failure.
Supports multi-AZ high availability deployment: controls the strength of zone-level topology distribution constraints via the global.cluster.highAvailability configuration. Ordinary clusters use soft constraints (ScheduleAnyway), while high availability clusters use hard constraints (DoNotSchedule).
To perform a CoreDNS upgrade, it is strongly recommended to configure smooth upgrade first to maximize DNS service availability. For details, see Configuring CoreDNS Smooth Upgrade.

Component Permission Description

Permission Description

The permission of this component is the minimal dependency required for the current feature to operate.

Permission Scenarios

Function
Objects Involved
Involved Operation Permissions
Monitors Service, Pod, Namespace, and Endpoint resources within the cluster to implement service discovery.
endpoints,services,pods,namespaces
list/watch
Monitors EndpointSlice resources (service discovery optimization for Kubernetes 1.21+).
endpointslices
list/watch

Permission Definition

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:coredns
rules:
  - apiGroups:
      - '*'
    resources:
      - endpoints
      - services
      - pods
      - namespaces
    verbs:
      - list
      - watch
  - apiGroups:
      - discovery.k8s.io
    resources:
      - endpointslices
    verbs:
      - list
      - watch

Usage

CoreDNS is installed by default when a cluster is created and does not require manual installation. Parameter configuration is currently not supported on the console page.
To modify the Corefile, directly edit configmap/coredns in the kube-system namespace. After configuration changes, CoreDNS will hot reload automatically without restarting Pods. For detailed configurations, see CoreDNS official documentation.

Parameter Description

Parameter
Description
Type
Default Value
global.image.host
Image repository address
string
ccr.ccs.tencentyun.com
global.kubednsClusterIP
ClusterIP for the kube-dns Service; if empty, it is automatically assigned.
string
""
global.cluster.highAvailability
Whether it is a high availability cluster (controls the strength of zone topology distribution constraints)
bool
false
global.podSpec.tolerations
Additional toleration configurations (appended after the default CriticalAddonsOnly)
list
[]
global.podSpec.priorityClassName
Pod PriorityClass name
string
system-cluster-critical
coredns.replicas
CoreDNS number of replicas
int
2
coredns.hostNetwork
Whether to use the host network
bool
false
coredns.image
Custom image address; if empty, automatically selected based on the Kubernetes version.
string
""
coredns.server.port
DNS service port
int
53
coredns.livenessProbe.port
Liveness probe port
int
8080
coredns.readinessProbe.port
Readiness probe port
int
8181
coredns.resources.requests.cpu
CPU request
string
100m
coredns.resources.requests.mem
memory request
string
30Mi
coredns.resources.limits.cpu
CPU limit. Leave empty to not set.
string
""
coredns.resources.limits.mem
Memory limit
string
2Gi
Topik sebelumnya: Add-On Lifecycle ManagementTopik selanjutnya: CBS-CSI

Bantuan dan Dukungan

Apakah halaman ini membantu?

masukan