You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/advanced.md
+43Lines changed: 43 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,6 +24,49 @@ By default, K3s uses a single static token for both servers and agents. With car
24
24
It is also possible to enable a second static token that can only be used to join agents, or to create temporary `kubeadm` style join tokens that expire automatically.
25
25
For more information, see the [`k3s token` command documentation](./cli/token.md#k3s-token-1).
26
26
27
+
## Configuring DNS Resolution
28
+
29
+
### Nameserver Viability Checks
30
+
31
+
On startup, each node checks the files at `/etc/resolv.conf` and `/run/systemd/resolve/resolv.conf` for loopback, multicast, or link-local nameservers.
32
+
If any such entries are present, the configuration file is not used, as such entries would not function properly within pods that [inherit name resolution configuration](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) from their node.
33
+
If no usable resolv.conf is found, K3s will print a warning message to the logs, and generate a stub resolv.conf that uses `8.8.8.8` and `2001:4860:4860::8888` as the nameservers.
34
+
35
+
If you want to provide K3s with an alternative resolver configuration without modifying the system configuration files, you may use the `--resolv-conf` option to specify the path to a suitable file.
36
+
Manually selected files are not subejct to viability checks.
37
+
38
+
### CoreDNS Custom Configuration Imports
39
+
40
+
In order to customize the CoreDNS configuration, you may create a ConfigMap named `coredns-custom` in the `kube-system` namespace.
41
+
Keys matching `*.override` will be imported into the `:.53` Server Block.
42
+
Additional Server Blocks may be placed in keys matching `*.server`.
43
+
Additional content (zone files, etc) may also be present, and will be mounted under `/etc/coredns/custom` in the coredns pods.
44
+
45
+
Here is an example ConfigMap that forwards lookups to `example.com` to a nameserver at 10.0.0.1, and serves `example.net` from an [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035#section-5) compliant text file:
46
+
```yaml
47
+
apiVersion: v1
48
+
kind: ConfigMap
49
+
metadata:
50
+
name: coredns-custom
51
+
namespace: kube-system
52
+
data:
53
+
example-com.override: |
54
+
forward example.com 10.0.0.1
55
+
example-net.server: |
56
+
example.net:53 {
57
+
log
58
+
errors
59
+
file /etc/coredns/custom/db.example.net
60
+
}
61
+
db.example.net: |
62
+
$ORIGIN example.net.
63
+
@ 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042745 7200 3600 1209600 3600
64
+
3600 IN NS a.iana-servers.net.
65
+
3600 IN NS b.iana-servers.net.
66
+
www IN A 127.0.0.1
67
+
IN AAAA ::1
68
+
```
69
+
27
70
## Configuring an HTTP proxy
28
71
29
72
If you are running K3s in an environment, which only has external connectivity through an HTTP proxy, you can configure your proxy settings on the K3s systemd service. These proxy settings will then be used in K3s and passed down to the embedded containerd and kubelet. Note that proxy configuration and other environment variables from the host are NOT passed into Pods.
0 commit comments