* I already post this question in http://stackoverflow.com/questions/42291264/how-to-prevent-kube-dns-from-forwarding-request-to-8-8-8-853
How can I prevent kube-dns from forwarding request to Google's name servers (8.8.8.8:53 and 8.8.4.4:53)? I just want to launch pods only for internal use, which means containers in pods are not supposed to connect to the outside at all. When a Zookeeper client connects to a Zookeeper server using hostname (e.g. zkCli.sh -server zk-1.zk-headless), it takes 10 seconds for the client to change its state from [Connecting] to [Connected]. The reason I suspect kube-dns is that, with pods' IP address, the client gets connected instantly. When I take a look at the log of kube-dns, I found the following two lines: - 07:25:35:170773 1 logs.go:41] skydns: failure to forward request "read udp 10.244.0.13:43455->8.8.8.8:53: i/o timeout" - 07:25:39:172847 1 logs.go:41] skydns: failure to forward request "read udp 10.244.0.13:42388->8.8.8.8:53: i/o timeout" It was around 07:25:30 when the client starts to connect to the server. I'm running Kubernetes on a private cluster where internal servers are communicating to internet via http_proxy/https_proxy, which means I cannot connect to 8.8.8.8 for name resolution, AFAIK. I found the followings from https://github.com/skynetservices/skydns: - The default value of an environmental variable named *SKYDNS_NAMESERVERS* is *"8.8.8.8:53,8.8.4.4:53"* - I could achieve my purpose by setting *no_rec* to *true* I've been initiating Kubernetes using kubeadm and I couldn't find a way to modify the environmental variable and set the property value of skydns. How can I prevent kube-dns from forwarding request to the outside of an internal Kubernetes cluster which is deployed by kubeadm? -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
