Service discovery and DNS

This page describes how Google Kubernetes Engine (GKE) implements service discovery and managed DNS.

For a general overview of how DNS is used in Kubernetes clusters, see DNS for Services and Pods.

Managed DNS for GKE

GKE provides the following managed DNS options to resolve service names and external names:

  • kube-dns: a cluster add-on that is deployed by default in all GKE clusters.
  • NodeLocal: an optional add-on that can be used with kube-dns or Cloud DNS.
  • Cloud DNS: a cloud-managed DNS infrastructure that replaces kube-dns in the cluster.

Service discovery and the kube-dns add-on

In Kubernetes, service discovery is implemented with autogenerated service names that map to the service's IP address. Service names follow a standard specification: Pods can also access external services, like, through their names. See DNS for Services and Pods for more information on the behavior of DNS in Kubernetes.

kube-dns runs as a Deployment that schedules kube-dns replica Pods to nodes in the cluster. The kube-dns Pods are in the kube-system namespace. The kube-dns deployment is accessed through a corresponding Service that groups the kube-dns Pods and gives them a single IP address. By default, all Pods in a cluster use this service to resolve DNS queries.

A diagram of the relationship between Pods and the kube-dns service, as described in the previous paragraph

kube-dns scales to serve the DNS demands of the cluster. This scaling is controlled by the kube-dns-autoscaler which is deployed by default in all GKE clusters. kube-dns-autoscaler adjusts the number of replicas in the kube-dns deployment based on the number of nodes and cores in the cluster.

How Pod DNS is configured

The kubelet agent running on each Node configures the Pod's etc/resolv.conf to use the kube-dns service's ClusterIP. An example of this configuration is shown below, in this example the IP address of the kube-dns service is (this IP address will be different in other clusters):

# cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local google.internal
options ndots:5

kube-dns is the authoritative name server for the cluster domain (cluster.local) and it recursively resolves external names. Short names that are not fully qualified, like myservice, are completed first with local search paths. For example, myservice.default.svc.cluster.local, myservice.svc.cluster.local, myservice.cluster.local,, and

What's next