Improve documentation for using Node-local DNS Cache add-on #17944
Conversation
k8s-ci-robot
added
sig/network
| In detail: | ||
|
|
||
| * With the current DNS architecture, it is possible that Pods with the highest DNS QPS have to reach out to a different node, if there is no local kube-dns/CoreDNS instance. | ||
| Having a local cache will help improve the latency in such scenarios. | ||
| * With the current DNS architecture, it is possible that Pods with the | ||
| highest DNS QPS have to reach out to a different node, if there is no | ||
| local kube-dns / CoreDNS instance. | ||
| Having a local cache help improve the latency in such scenarios. | ||
|
|
||
| * Skipping iptables DNAT and connection tracking will help reduce [conntrack races](https://github.com/kubernetes/kubernetes/issues/56903) and avoid UDP DNS entries filling up conntrack table. | ||
| * Skipping iptables DNAT and connection tracking helps to reduce [conntrack races](https://github.com/kubernetes/kubernetes/issues/56903) and to avoid UDP DNS entries filling up conntrack table. | ||
|
|
||
| * Connections from local caching agent to kube-dns servie can be upgraded to TCP. TCP conntrack entries will be removed on connection close in contrast with UDP entries that have to timeout ([default](https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt) `nf_conntrack_udp_timeout` is 30 seconds) | ||
| * Connections from local caching agent to kube-dns servie can be upgraded to TCP. TCP conntrack entries will be removed on connection close in contrast with UDP entries that have to time out ([default](https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt) `nf_conntrack_udp_timeout` is 30 seconds) | ||
|
|
||
| * Upgrading DNS queries from UDP to TCP would reduce tail latency attributed to dropped UDP packets and DNS timeouts usually up to 30s (3 retries + 10s timeout). Since the nodelocal cache listens for UDP DNS queries, applications don't need to be changed. | ||
| * Upgrading DNS queries from UDP to TCP would reduce tail latency attributed to dropped UDP packets and DNS timeouts usually up to 30s (3 retries + 10s timeout). Since the node-local cache container listens for UDP DNS queries, you don't need to change applications. | ||
|
|
||
| * Metrics & visibility into dns requests at a node level. | ||
|
|
||
| * Negative caching can be re-enabled, thereby reducing number of queries to kube-dns service. | ||
|
|
||
| ## Architecture Diagram | ||
| * Negative caching can be re-enabled, thereby reducing number of queries to the kube-dns service. | ||
|
|
||
| This is the path followed by DNS Queries after NodeLocal DNSCache is enabled: |
There was a problem hiding this comment.
As this is a Task page I'm tempted to omit these details, or to move them to the end of the page. What do people think?
|
|
||
| {{< figure src="/images/docs/nodelocaldns.jpg" alt="NodeLocal DNSCache flow" title="Nodelocal DNSCache flow" caption="This image shows how NodeLocal DNSCache handles DNS queries." >}} | ||
| {{< figure src="/images/docs/nodelocaldns.jpg" alt="Node-local DNS Cache query flow" title="Node-local DNS Cache query flow" caption="This image shows how Node-local DNS Cache handles DNS queries." >}} |
There was a problem hiding this comment.
It would be nice, but not essential, to redraw this in SVG. SVG diagrams are much more easy to localize.
|
|
||
| ## Configuration | ||
|
|
||
| This feature can be enabled using the command: | ||
|
|
||
| `KUBE_ENABLE_NODELOCAL_DNS=true go run hack/e2e.go -v --up` |
There was a problem hiding this comment.
I dropped this because the prerequisites don't explain what you need to do (eg: install Golang) to make it work.
|
Deploy preview for kubernetes-io-master-staging ready! Built with commit 6948e83 https://deploy-preview-17944--kubernetes-io-master-staging.netlify.com |
sftim
force-pushed
the
20191204_tweak_node_local_dns_addon_information
branch
from
4b24b52
to
3569dc7
Compare
|
/retest |
sftim
force-pushed
the
20191204_tweak_node_local_dns_addon_information
branch
from
3569dc7
to
3bb8c2c
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@sftim, Would you look into the build failure? Thanks! |
|
I'll rebase this |
k8s-ci-robot
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
sftim
force-pushed
the
20191204_tweak_node_local_dns_addon_information
branch
2 times, most recently
from
03c4a57
to
4818d72
Compare
sftim
force-pushed
the
20191204_tweak_node_local_dns_addon_information
branch
from
4818d72
to
6948e83
Compare
|
/retitle Improve documentation for using Node-local DNS Cache add-on |
k8s-ci-robot
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
#18716 got there first /close |
|
@sftim: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@sftim: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-rebase
The Node-local DNS Cache is a very simple add-on, essentially one DaemonSet and a related ConfigMap.
I haven't used tried using this feature but I did spot that the existing documentation was a bit far from the style guide, so I'm proposing these changes.
I think there's more work needed (what fills in the missing information? what are appropriate values? is link-local autoconfiguration the risk I think it is?); I'm aiming for these changes to be a first set of improvements.
Preview of new page
Reviewers: I've seen various names and capitalizations for this add-on. For documentation, I selected the name “Node-local DNS Cache” because it avoids the risk of looking like a Kubernetes feature flag or object. I don't want readers trying to
kubectl get NodeLocalDNSCache, or even having to make a decision on whether that makes sense.Relevant to #14822
/sig network