Jump to Content
Containers & Kubernetes

Introducing container-native Cloud DNS: Global DNS for Kubernetes

June 8, 2021
Mark Church

Product Manager, Google Cloud

Karthik Balakrishnan

Cloud DNS Product Manager

Kubernetes networking almost always starts with a DNS request. DNS has broad impacts on your application and cluster performance, scalability, and resilience. That is why we are excited to announce the release of container-native Cloud DNS—the native integration of Cloud DNS with Google Kubernetes Engine (GKE) to provide in-cluster Service DNS resolution with Cloud DNS, our scalable and full-featured DNS service. 

Several new capabilities are introduced when using Cloud DNS as the cluster DNS provider:

  • Managed DNS that removes the need for in-cluster DNS Pods

  • DNS resolution local to every GKE node for high throughput, horizontally scalable DNS performance

  • Multi-regional, cross-cluster service discovery for GKE Services

  • Integration with Google Cloud's operations suite for DNS monitoring and logging

Container-native Cloud DNS lowers the operational burden on the cluster administrator by obviating the need for clusters to allocate resources for managing DNS. It also scales transparently—you no longer need to worry about bottlenecks due to increased demand for name resolutions. 

It provides capabilities for public and private DNS resolution for GKE applications outside of the cluster. This flexibility opens up many service discovery use-cases which reduce friction introduced by cluster boundaries.

Finally, existing tooling, monitoring, and logging for Cloud DNS can be extended for all DNS resolution inside GKE as well without separate monitoring systems for containers and VMs. All in all, Cloud DNS provides a highly-available, globally distributed DNS infrastructure, managed entirely by Google

With Cloud DNS, every new Service creates a DNS record that can be resolved locally on the GKE node using the Cloud DNS dataplane. Cloud DNS local caching and resolution ensures that DNS requests don’t need to go across the network, improving performance dramatically.

https://storage.googleapis.com/gweb-cloudblog-publish/images/cloud_dns_ctonrol_plane.max-1500x1500.jpg
Click to enlarge

Cluster-scope DNS

With a new mode of operation called cluster-scope DNS, each GKE cluster gets its own private DNS zone. You can only resolve Services within the scope of this DNS zone, and VMs or Pods outside the cluster have no visibility to the DNS records of that cluster. This allows GKE clusters using kube-dns to transparently migrate to Cloud DNS without having to make application changes. The records are automatically synced between Cloud DNS with the ClusterIP or Pod IPs depending on the type of Service:

https://storage.googleapis.com/gweb-cloudblog-publish/images/Cluster-scope_DNS.max-800x800.jpg
Click to enlarge

VPC-scope DNS

Thanks to its global, multi-regional scale, Cloud DNS enables a new mode of operation in GKE called VPC-scope DNS. This enables GKE DNS records to be resolvable within the entire VPC for truly global, multi-cluster service discovery.

With the new ability to customize the cluster DNS domain, GKE can now provide unique domains for each cluster, allowing them to be uniquely resolved from a GKE cluster in a different region, a VM that isn’t part of GKE, or even an on-premises client that has access across a VPN.

https://storage.googleapis.com/gweb-cloudblog-publish/images/virtual_private_cloud.max-1000x1000.jpg
Click to enlarge

VPC-scope DNS creates a single service discovery domain across all your GKE clusters and clients in the network. This seamless service discovery is completely automatic and can easily be enabled on a per-cluster basis.

Between global service discovery, local DNS resolution on every node, and integration with Google Cloud’s operations suite and observability, container-native Cloud DNS vastly improves the operator experience while greatly improving application performance. Give it a try today and see for yourself how much your team can benefit!

Posted in