How can I prevent kube-dns from forwarding request to Google's name servers (8.8.8.8:53 and 8.8.4.4:53)? I just want to launch pods only for internal use, which means containers in pods are not supposed to connect to the outside at all. When a Zookeeper client connects to a Zookeeper server using hostname (e.g. zkCli.sh -server zk-1.zk-headless), it takes 10 seconds for the client to change its state from [Connecting] to [Connected]. The reason I suspect kube-dns is that, with pods' IP address, the client gets connected instantly. When I take a look at the log of kube-dns, I found the following two lines:
07:25:35:170773 1 logs.go:41] skydns: failure to forward request "read udp 10.244.0.13:43455->8.8.8.8:53: i/o timeout"
07:25:39:172847 1 logs.go:41] skydns: failure to forward request "read udp 10.244.0.13:42388->8.8.8.8:53: i/o timeout"It was around 07:25:30 when the client starts to connect to the server.
I'm running Kubernetes on a private cluster where internal servers are communicating to internet via http_proxy/https_proxy, which means I cannot connect to 8.8.8.8 for name resolution, AFAIK.
I found the followings from https://github.com/skynetservices/skydns:
I've been initiating Kubernetes using kubeadm and I couldn't find a way to modify the environmental variable and set the property value of skydns.
How can I prevent kube-dns from forwarding request to the outside of an internal Kubernetes cluster which is deployed by kubeadm?
I don't think there is an option to completely prevent the kube-dns addon from forwarding requests. There certainly isn't an option directly in kubeadm for that.
Your best bet is to edit the kube-dns Deployment (e.g. kubectl edit -n kube-system deploy kube-dns) yourself after kubeadmin has started the cluster and change things to work for you.
You may want to try changing the upstream nameserver to something other than 8.8.8.8 that is accessible by the cluster. You should be able to do that by adding --nameservers=x.x.x.x to the args for the kubedns container.