Skip to content

DNS optimization

Created by: RolandMa1986

What would you like to be added:

  1. Use ks-apiserver Service Name directly instead of ks-apiserver.kubesphere-system.svc as API's URL.
  2. Add a DNS cache plugin to caching the DNS results, or find a common way to caching the DNS results.

Why is this needed:

  1. Currently NodeJs is used by ks-console to serve the web pages and at the same time it's also using the NodeJs to proxy ks-apiserver. The DNS name 'ks-apiserver.kubesphere-system.svc' was used to discover the ks-apiserver Service. However, it may bring additional performance costs. Kubernetes will add Search Domains to the Pod's DNS config, Such as:
nameserver 169.254.25.10
search kubesphere-system.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

When proxying a request to ks-apiserver, Dns will perform 3 queries to the DNS server. Which increases both client response time and DNS server CPU cost.

/ # nslookup -debug ks-apiserver.kubesphere-system.svc
    QUESTIONS: 
        ks-apiserver.kubesphere-system.svc.kubesphere-system.svc.cluster.local, type = A, class = IN
    QUESTIONS:
        ks-apiserver.kubesphere-system.svc.svc.cluster.local, type = A, class = IN
    QUESTIONS:
        ks-apiserver.kubesphere-system.svc.cluster.local, type = A, class = IN

If we change the Service name to ks-apiserver instead of ks-apiserver.kubesphere-system.svc, DNS can hit the first query directly, we can avoid 2 additional calls.

  1. In NodeJs, DNS requests in node appear asynchronous, but they're actually internally implemented as synchronous calls within node's internal libuv threadpool (which by default has only 4 threads). That means if you do >4 DNS lookups in parallel then you're going to block the libuv threadpool, even though they look like async IO. This will block every other DNS lookup, and also unrelated file IO and various crypto APIs, creating some extremely confusing performance problems. The NodeJs themselves doesn't do any DNS caching at all. All of that is delegated to the OS, out of your control, and every DNS lookup must go to the OS every time. We should consider to add a dns cache plugin, such as dnscache or cache it in the OS layer.