Nemlig.com's Multi-Cluster DNS Setup

Transcript

1. Nemlig.com’s Multi-Cluster DNS Setup

2. Agenda Meet Lars & Guy Nemlig’s DNS Challenges The Solution

   How they did it?

3. Meet Our Speakers Guy Menahem Solution Architect Komodor Lars Bengtsson

   Lead DevOps Engineer Nemlig.com &

4. Nemlig’s Challenges • Getting a DNS record took up to

   4 days • Static DNS configuration which requires manual configuration • DNS record is aware/dependant of the app location

5. The Goals • From 4 days to create a DNS

   record to immediate self-serve for devs • Manage DNS dynamically. Hands-off fashion when apps are deployed • Abstract away the specific Kubernetes cluster any app is running on

6. Kubernetes DNS Basics

7. Why Every Cluster Has an Internal DNS? • Internal Dynamic

   Resolution • Service Discovery • Cache • Upstream Forwarding

8. Internal Cluster Resolution Flow I need the credit card service,

   where is it? Credit Card SVC Billing Service Pod

9. Internal Cluster Resolution Flow I need the credit card service,

   where is it? Credit Card SVC Pod Pod Pod Cluster Core-DNS etcd Billing Service Pod

10. External Cluster Resolution Flow I need the bank service, where

    is it? Cluster Core-DNS 8.8.8.8 / org DNS Billing Service Pod

11. Can We Resolve in the Other Direction? Cluster Core-DNS 8.8.8.8

    / org DNS Where is the billing service? Cluster Core-DNS Cluster Core-DNS

12. How Did Nemlig Solve it?

13. Nemlig’s K8s Architecture

14. Nemlig’s K8s Architecture Give me the IP formysvc.prod.tld Active Directory

    DNS Zone Spec K8s gateway CoreDNS >> looks up mysync.env.tld on the cluster >> returns NXDMAIN downstream cluster X Prod. Management Cluster downstream cluster y AD looks up Auth DNS for prod tld >> forwards to the exposed Auth. DNS instance (Fanout) (Fanout) User Authoritative DNS instance K8s gateway CoreDNS >> looks up mysync.env.tld on the cluster >> returns the external lPv4 of the svc

15. Q&A