Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kubeadm: update implementation-details.md about CoreDNS #8829

Merged
merged 1 commit into from
Jun 6, 2018
Merged

kubeadm: update implementation-details.md about CoreDNS #8829

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 11 additions & 7 deletions content/en/docs/reference/setup-tools/kubeadm/implementation-details.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ The cluster that `kubeadm init` and `kubeadm join` set up should be:
- using secure communication between the control plane components
- using secure communication between the API server and the kubelets
- lock-down the kubelet API
- locking down access to the API for system components like the kube-proxy and kube-dns
- locking down access to the API for system components like the kube-proxy and CoreDNS
- locking down what a Bootstrap Token can access
- etc.
- **Easy to use**: The user should not have to run anything more than a couple of commands:
Expand Down Expand Up @@ -448,16 +448,20 @@ A ServiceAccount for `kube-proxy` is created in the `kube-system` namespace; the

#### DNS

A ServiceAccount for `kube-dns` is created in the `kube-system` namespace.
Note that:

Deploy the kube-dns Deployment and Service:
- The CoreDNS service is named `kube-dns`. This is done to prevent any interruption
in service when the user is switching the cluster DNS from kube-dns to CoreDNS or vice-versa
- In Kubernetes version 1.11 and later, CoreDNS is the default DNS server and you must
invoke kubeadm with `--feature-gates=CoreDNS=false` to install kube-dns instead
- In Kubernetes version 1.10 and earlier, you must enable CoreDNS with `--feature-gates=CoreDNS=true`

- It's the upstream kube-dns deployment relatively unmodified
- The `kube-dns` ServiceAccount is bound to the privileges in the `system:kube-dns` ClusterRole
A ServiceAccount for CoreDNS/kube-dns is created in the `kube-system` namespace.

Please note that:
Deploy the `kube-dns` Deployment and Service:

1. If kubeadm is invoked with `--feature-gates=CoreDNS`, CoreDNS is installed instead of `kube-dns`
- It's the upstream CoreDNS deployment relatively unmodified
- The `kube-dns` ServiceAccount is bound to the privileges in the `system:kube-dns` ClusterRole

### (Optional and alpha in v1.9) self-hosting

Expand Down