This topic describes how GKE on AWS interacts with Domain Name Services (DNS) on both your AWS Virtual Private Cloud (VPC) and clusters.
AWS VPC DNS
This section describes how you can configure a VPC for GKE on AWS.
Configuring VPC DNS
GKE on AWS supports a variety of DNS configurations in your AWS VPC. You configure your VPC's DNS settings when you Create a DHCP options set. For more information, see DNS support for your VPC.
You can configure the following options:
- DNS Hostnames
- This sets whether EC2 instances with public IP addresses get corresponding
public DNS hostnames. You set this value using the
enableDNSHostnames
field in your VPC's DHCP option set. For more information, see VPC DNS Hostnames and DHCP options sets for your VPC. - EC2 DNS Hostnames
- This sets whether EC2 instances receive a default DNS hostname or a custom DNS hostname.
- DNS server
- Whether your VPC's DHCP options set uses either the AWS Route53 DNS server
(with the
AmazonProvidedDNS
option), or a hosted DNS server.
Using hosted DNS
To use a hosted DNS, your control plane and node pool security groups must allow outbound traffic on TCP and UDP port 53.
Supported VPC DNS configurations
The following table includes DNS configurations supported by GKE on AWS:
Enable DNS hostnames | EC2 DNS hostnames | DNS server | Supported? |
---|---|---|---|
true |
Default | AWS Route53 | Yes |
false |
Default | AWS Route53 | Yes |
true |
Custom | AWS Route53 | Yes |
false |
Custom | AWS Route53 | Yes |
true |
Custom | Hosted | Yes |
false |
Custom | Hosted | Yes |
true |
Default | Hosted | No |
false |
Default | Hosted | No |
Service discovery
Service discovery is the process where workloads discover services without knowing the service's IP address. This section describes how GKE on AWS implements service discovery and managed DNS.
Kubernetes automatically generates service names that use the following specification:
service.namespace.svc.cluster.local
Where:
service
: your service's namenamespace
: your service's Namespace
Workloads also access external services— for example example.net
—
using DNS names. For more information on the behavior of DNS in Kubernetes, see
DNS for Services and Pods.
CoreDNS
GKE on AWS uses
CoreDNS
to resolve DNS names within clusters. CoreDNS runs as a redundant, scaled
Deployment
in the kube-system
namespace. The CoreDNS deployment has a
Service that groups the CoreDNS Pods
and gives them a single IP address. The CoreDNS Deployment scales with the
cluster's size and usage.
NodeLocal DNSCache
GKE on AWS uses NodeLocal DNSCache to improve DNS lookup performance. NodeLocal DNSCache runs as a DaemonSet on each node in your cluster. When a Pod makes a DNS request, the request first goes to the DNS cache on the same node. If the cache can't resolve the DNS request, the cache forwards the request to either:
- CoreDNS for an internal name— for example
foo.bar.svc.cluster.local
- The
Amazon DNS server,
for an external name— for example
example.net
What's next
- Read about AWS DNS support for your VPC.
- For an overview of how DNS is used in Kubernetes clusters, see DNS for Services and Pods.