Kubernetes Tips: How to find the Port of a Service with a DNS request
Last week I created a guide for our users to set up an NGINX service as an API Gateway with Qovery. The API gateway must redirect the incoming traffic to the appropriate service with the correct port. My problem is that the API Gateway does not know the ports exposed for every service. In this post, I will show you a quick tip on finding the port of a Kubernetes service with a single DNS request. Let's go!
Romaric Philogène
February 2, 2022 · 2 min read
Romaric Philogène
CEO and co-founder of Qovery. Romaric has 10+ years of experience in R&D. From the Ad-Tech to the financial industry, he has deep expertise in highly-reliable and performant systems.
See all articles#The tip
As you probably know, DNS service runs on Kubernetes to resolve the local service names. When your app A needs access to an app B from the same namespace, you will use it as a root domain "app-b.svc". Then your app will look at the nameserver to target (the one running on Kubernetes) and request to resolve "app-b.svc" into an IP address. For your application, it is transparent.
I don't want to make it too long, so here is the DNS request to get the port of a Kubernetes service:
dig +answer srv *._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.localYou should get an output similar to this one:
; <<>> DiG 9.16.22 <<>> +answer srv *._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12263
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 9f7c41b86a20fb70 (echoed)
;; QUESTION SECTION:
;*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. IN SRV
;; ANSWER SECTION:
*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN SRV 0 100 80 app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local.
;; ADDITIONAL SECTION:
app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN A 172.20.46.46
;; Query time: 4 msec
;; SERVER: 172.20.0.10#53(172.20.0.10)
;; WHEN: Mon Jan 24 12:13:15 UTC 2022
;; MSG SIZE rcvd: 295Not clear enough? Here is a request to get only the port
dig +noall +answer srv \*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local | awk '{print $7}'
80Yes, the port is 80!
#How does it work
A DNS service is a database of records. You can see it as a KV store (it is a bit more complex, of course). You can store and return much more than just the IP address. This is what happens here. By asking the DNS service to resolve the SRV record of "*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local" I get the following answer.
;; ANSWER SECTION:
*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN SRV 0 100 80 app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local.The SRV record is used as a Service Discovery record. The structure is the following: "IN SRV 0 100 <port> <service>.<ns>.svc.<zone>."
#Conclusion
Thanks to Romain Gerard - Software Engineer @ Qovery, for this tip that saves my day 😍
This trick is directly used in my API Gateway run.sh script and is super helpful for our customers. You know how to get the port of one of Kubernetes services right from one of your apps now.
Your Favorite Internal Developer Platform
Qovery is an Internal Developer Platform Helping 50.000+ Developers and Platform Engineers To Ship Faster.
Try it out now!
Your Favorite Internal Developer Platform
Qovery is an Internal Developer Platform Helping 50.000+ Developers and Platform Engineers To Ship Faster.
Try it out now!