I'd like to use Cloudflare's 1.1.1.1 and 1.0.0.1 nameservers in Kubernetes, alongside DNS over TLS. It looks like I can do it using core-dns. I need to setup the following somehow:
1.1.1.1 and 1.0.0.12606:4700:4700::1111 and 2606:4700:4700::1001tls.cloudflare-dns.comWhat should my ConfigMap look like? I've started it below:
apiVersion: v1
kind: ConfigMap
data:
upstreamNameservers: |
["1.1.1.1", "1.0.0.1"]You can configure your core-dns kubectl -n kube-system edit configmap coredns and add to end of corefile:
. {
forward . tls://1.1.1.1 tls://1.0.0.1 {
tls_servername cloudflare-dns.com
health_check 5s
}
cache 30
}
and than save new configuration and restart core-dns pods.
kubectl get pod -n kube-system | grep core-dns | cut -d " " -f1 - | xargs -n1 -P 10 kubectl delete pod -n kube-systemThis is copied straight from Azure AKS releases.
With kube-dns, there was an undocumented feature where it supported two config maps allowing users to perform DNS overrides/stub domains, and other customizations. With the conversion to CoreDNS, this functionality was lost - CoreDNS only supports a single config map. With the hotfix above, AKS now has a work around to meet the same level of customization. Here is the equivalent ConfigMap for CoreDNS:
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-custom
namespace: kube-system
data:
azurestack.server: |
azurestack.local:53 {
forward . tls://1.1.1.1 tls://1.0.0.1 {
tls_servername cloudflare-dns.com
health_check 5s
}
cache 30
}
After create the config map, you will need to delete the CoreDNS deployment to force-load the new config.
kubectl -n kube-system delete po -l k8s-app=kube-dns