Since a few months we’ve been heavily focused on Kubernetes (K8S) here at Valkyrie and after some trial and error we put together some sweet deployment scripts that combine Terraform, Ansible, kubeadm to roll out K8S clusters on digitalocean.
This article is not about the entire deployment system, but will focus on one addition that we did that dramatically speeds up upstream DNS for the KubeDNS layer that kubeadm installs.
There’s a new kid on the block when it comes to superfast DNS, CloudFlare’s 126.96.36.199 (which is on general 2X faster than Google’s 188.8.131.52 DNS service)
What is KubeDNS?
Before we go into the nitty gritty, let’s first look at KubeDNS and how it works in a nutshell. (For a more in-depth article, please visit : DNS for Services and Pods )
Kubernetes assigns each service a virtual static IP address routable within the cluster, so any connection that reaches this IP address will be automatically routed to one of the containers in the group.
KubeDNS is a layer that is part of the kube-system namespace which handles DNS lookups both in the cluster and to the outside world.
It does this by assigning A/SRV records for each service’s static IP address.
In the cluster it sets up a DNS server that handles these internal and cross-namespace lookups, for example:
- mysql0.data.svc.cluster.local : Looks up the service called mysql0 in the data namespace.
- mongo0 : looks up the service called mongo0 in the same namespace
The svc.cluster.local means that we are talking to a ‘service’ object in the local cluster. At the time of writing ‘svc’ is the only registered prefix, but the reason it was added is to allow for future extension without breaking current setups.
In case a record is not found in the local DNS service (for example : facebook.com ) it will contact the upstream nameservers defined in KubeDNS.
By default KubeDNS first does a lookup to see if the url we’re trying to each is an internal one. In case it isn’t the case (such as facebook.com) it will contact the upstream nameservers that are defined.
By default KubeDNS inherits these from the local machine’s /etc/resolv.conf file. For example on my local arch system those look like:
In case you wanted to know what these servers are, by default they are those of your ISP ( such as digitalocean, or in my case Telenet )
These are the DNS servers that will do ‘external’ lookups for names that are not defined in your own cluster.
Supercharging your DNS
However, in most cases there are faster nameservers on the market, we all know that for example 184.108.40.206 ( Google DNS ) is one of the fastest out there. But is that really the only solution?
There’s a new kid on the block in regards to supercharged DNS and it was recently opened by CloudFlare. There’s a very interesting vlog about this on youtube that I urge everyone to check out :
To apply this new magical 220.127.116.11 DNS to our KubeDNS setup we simply need to write a configmap that overrides the defaults of KubeDNS :
And afterwards apply it with the following command :
That’s it! Enjoy your supercharged DNS :D