Introducing container-native Cloud DNS: Global DNS for Kubernetes
Mark Church
Product Manager, Google Cloud
Karthik Balakrishnan
Cloud DNS Product Manager
Kubernetes networking almost always starts with a DNS request. DNS has broad impacts on your application and cluster performance, scalability, and resilience. That is why we are excited to announce the release of container-native Cloud DNS—the native integration of Cloud DNS with Google Kubernetes Engine (GKE) to provide in-cluster Service DNS resolution with Cloud DNS, our scalable and full-featured DNS service.
Several new capabilities are introduced when using Cloud DNS as the cluster DNS provider:
Managed DNS that removes the need for in-cluster DNS Pods
DNS resolution local to every GKE node for high throughput, horizontally scalable DNS performance
Multi-regional, cross-cluster service discovery for GKE Services
Integration with Google Cloud's operations suite for DNS monitoring and logging
Container-native Cloud DNS lowers the operational burden on the cluster administrator by obviating the need for clusters to allocate resources for managing DNS. It also scales transparently—you no longer need to worry about bottlenecks due to increased demand for name resolutions.
It provides capabilities for public and private DNS resolution for GKE applications outside of the cluster. This flexibility opens up many service discovery use-cases which reduce friction introduced by cluster boundaries.
Finally, existing tooling, monitoring, and logging for Cloud DNS can be extended for all DNS resolution inside GKE as well without separate monitoring systems for containers and VMs. All in all, Cloud DNS provides a highly-available, globally distributed DNS infrastructure, managed entirely by Google
With Cloud DNS, every new Service creates a DNS record that can be resolved locally on the GKE node using the Cloud DNS dataplane. Cloud DNS local caching and resolution ensures that DNS requests don’t need to go across the network, improving performance dramatically.
Cluster-scope DNS
With a new mode of operation called cluster-scope DNS, each GKE cluster gets its own private DNS zone. You can only resolve Services within the scope of this DNS zone, and VMs or Pods outside the cluster have no visibility to the DNS records of that cluster. This allows GKE clusters using kube-dns to transparently migrate to Cloud DNS without having to make application changes. The records are automatically synced between Cloud DNS with the ClusterIP or Pod IPs depending on the type of Service:
VPC-scope DNS
Thanks to its global, multi-regional scale, Cloud DNS enables a new mode of operation in GKE called VPC-scope DNS. This enables GKE DNS records to be resolvable within the entire VPC for truly global, multi-cluster service discovery.
With the new ability to customize the cluster DNS domain, GKE can now provide unique domains for each cluster, allowing them to be uniquely resolved from a GKE cluster in a different region, a VM that isn’t part of GKE, or even an on-premises client that has access across a VPN.
VPC-scope DNS creates a single service discovery domain across all your GKE clusters and clients in the network. This seamless service discovery is completely automatic and can easily be enabled on a per-cluster basis.
Between global service discovery, local DNS resolution on every node, and integration with Google Cloud’s operations suite and observability, container-native Cloud DNS vastly improves the operator experience while greatly improving application performance. Give it a try today and see for yourself how much your team can benefit!