Last week I created a guide for our users to set up an NGINX service as an API Gateway with Qovery. The API gateway must redirect the incoming traffic to the appropriate service with the correct port. My problem is that the API Gateway does not know the ports exposed for every service. In this post, I will show you a quick tip on finding the port of a Kubernetes service with a single DNS request. Let's go!
As you probably know, DNS service runs on Kubernetes to resolve the local service names. When your app A needs access to an app B from the same namespace, you will use it as a root domain "app-b.svc". Then your app will look at the nameserver to target (the one running on Kubernetes) and request to resolve "app-b.svc" into an IP address. For your application, it is transparent.
I don't want to make it too long, so here is the DNS request to get the port of a Kubernetes service:
dig +answer srv *._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local
You should get an output similar to this one:
; <<>> DiG 9.16.22 <<>> +answer srv *._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12263
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 9f7c41b86a20fb70 (echoed)
;; QUESTION SECTION:
;*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. IN SRV
;; ANSWER SECTION:
*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN SRV 0 100 80 app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local.
;; ADDITIONAL SECTION:
app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN A 172.20.46.46
;; Query time: 4 msec
;; SERVER: 172.20.0.10#53(172.20.0.10)
;; WHEN: Mon Jan 24 12:13:15 UTC 2022
;; MSG SIZE rcvd: 295
Not clear enough? Here is a request to get only the port
dig +noall +answer srv \*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local | awk '{print $7}'
80
Yes, the port is 80!
A DNS service is a database of records. You can see it as a KV store (it is a bit more complex, of course). You can store and return much more than just the IP address. This is what happens here. By asking the DNS service to resolve the SRV record of "*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local" I get the following answer.
;; ANSWER SECTION:
*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN SRV 0 100 80 app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local.
The SRV record is used as a Service Discovery record. The structure is the following: "IN SRV 0 100
This trick is directly used in my API Gateway run.sh script and is super helpful for our customers. You know how to get the port of one of Kubernetes services right from one of your apps now.
Romaric founded Qovery to make Kubernetes accessible to every engineering team. He writes about platform strategy, developer experience, and the future of cloud infrastructure.
Qovery ensures every agent action is scoped, audited, and policy-checked. Start deploying in under 10 minutes.