How Do I Configure a DNS Policy for a Container?

CCE uses dnsPolicy to identify different DNS policies for each pod. The value of dnsPolicy can be either of the following:

• None: No DNS policy is configured. In this mode, you can customize the DNS configuration, and dnsPolicy needs to be used together with dnsConfig to customize the DNS.
• Default: The pod inherits the name resolution configuration from the node where the pod is running. The container's DNS configuration file is the DNS configuration file that the kubelet's --resolv-conf flag points to. In this case, a cloud DNS is used for CCE clusters.
• ClusterFirst: In this mode, the DNS in the pod uses the DNS service configured in the cluster. That is, the kube-dns or CoreDNS service in the Kubernetes is used for domain name resolution. If the resolution fails, the DNS configuration of the host machine is used for resolution.

If the type of dnsPolicy is not specified, ClusterFirst is used by default.

• If the type of dnsPolicy is set to Default, the name resolution configuration is inherited from the worker node where the pod is running.
• If the type of dnsPolicy is set to ClusterFirst, DNS queries will be sent to the kube-dns service.

  The kube-dns service responds to queries on the domains that use the configured cluster domain suffix as the root. All other queries (for example, www.kubernetes.io) are forwarded to the upstream name server inherited from the node. Before this feature was supported, stub domains were typically introduced by a custom resolver, instead of the upstream DNS. However, this causes the custom resolver itself to be the key path to DNS resolution, where scalability and availability issues can make the DNS functions unavailable to the cluster. This feature allows you to introduce custom resolvers without taking over the entire resolution path.

If a workload does not need to use CoreDNS in the cluster, you can use kubectl or call the APIs to set the dnsPolicy to Default.