惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
S
Securelist
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tenable Blog
I
Intezer
G
GRAHAM CLULEY
Spread Privacy
Spread Privacy
T
Tor Project blog
V
Vulnerabilities – Threatpost
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
Schneier on Security
Schneier on Security
MyScale Blog
MyScale Blog
The GitHub Blog
The GitHub Blog
S
Security @ Cisco Blogs
The Register - Security
The Register - Security
酷 壳 – CoolShell
酷 壳 – CoolShell
B
Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
L
LangChain Blog
人人都是产品经理
人人都是产品经理
T
Tailwind CSS Blog
MongoDB | Blog
MongoDB | Blog
小众软件
小众软件
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
U
Unit 42
博客园 - 叶小钗
Attack and Defense Labs
Attack and Defense Labs
Webroot Blog
Webroot Blog
大猫的无限游戏
大猫的无限游戏
Apple Machine Learning Research
Apple Machine Learning Research
H
Hackread – Cybersecurity News, Data Breaches, AI and More
aimingoo的专栏
aimingoo的专栏
T
Troy Hunt's Blog
V
Visual Studio Blog
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
A
Arctic Wolf
T
The Exploit Database - CXSecurity.com
宝玉的分享
宝玉的分享
Vercel News
Vercel News
D
DataBreaches.Net
P
Palo Alto Networks Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

Discovery on CoreDNS: DNS and Service Discovery

CoreDNS and Apache APISIX open new doors for Service Discovery? Scaling CoreDNS in Kubernetes Clusters Migration from kube-dns to CoreDNS Deploying Kubernetes with CoreDNS using kubeadm How Queries Are Processed in CoreDNS Custom DNS Entries For Kubernetes CoreDNS for Minikube Why CNCF for CoreDNS? CoreDNS for Kubernetes Service Discovery, Take 2 CoreDNS for Kubernetes Service Discovery
Cluster DNS: CoreDNS vs Kube-DNS
chris · 2018-11-27 · via Discovery on CoreDNS: DNS and Service Discovery

When compiling data for a resource deployment guide for CoreDNS a few weeks ago, I also collected the same data for kube-dns using the same test environments. Although CoreDNS and Kube-dns ultimately perform the same task, there are some key differences in implementation that affect resource consumption and performance. At a high level, some of these differences are:

  • CoreDNS is a single container per instance, vs kube-dns which uses three.
  • Kube-dns uses dnsmasq for caching, which is single threaded C. CoreDNS is multi-threaded Go.
  • CoreDNS enables negative caching in the default deployment. Kube-dns does not.

These differences affect performance in various ways. The larger number of containers per instance in kube-dns increases base memory requirements, and also adds some performance overhead (as requests/responses need to be passed back and forth between containers). For kube-dns, dnsmasq may be highly optimized in C, but it’s also single threaded so it can only use one core per instance. CoreDNS enables negative caching, which aids in handling external names searches.

Memory

Both CoreDNS and kube-dns maintain a local cache of all Services and Endpoints in the cluster. So as the number of Services and Endpoints scale up, so do the memory requirements for each DNS Pod. At default settings, CoreDNS should be expected to use less memory than kube-dns. This is in part due to the overhead of the three containers used by kube-dns, vs only one container in CoreDNS.

The chart below shows the estimated memory required to run a single instance of CoreDNS or Kube-dns based on the number of Services and Endpoints.

CoreDNS vs Kube-DNS estimated memory at scale

The sources of the above data are from Kubernetes e2e scale tests, in conjunction with small cluster QPS load tests. The Kubernetes e2e scale tests provide testing on very large clusters, but do not apply any QPS load. To account for additional memory needed while handling a QPS load, the chart adds in the memory deltas observed when applying maximal QPS load during the CPU tests (below). This was about 58Mi for kube-dns, and 5Mi for CoreDNS.

CPU

In terms of CPU performance, CoreDNS performs much better for external names (e.g. infoblox.com), and slightly worse for internal names (e.g. kubernetes).

DNS Server Query Type QPS Avg Latency (ms)
CoreDNS external 6733 12.02
CoreDNS internal 33669 2.608
Kube-dns external 2227 41.585
Kube-dns internal 36648 2.639

Take aways:

  • Kube-dns performed about 10% better for internal names. This is probably due to dnsmasq being more optimized than CoreDNS’s built-in caching.
  • CoreDNS performed about 3X better for external names. This is partly caused by negative responses not being cached in kube-dns deployments. However enabling negative cache in the kube-dns deployment did not significantly change the outcome, so the bulk of performance gain is elsewhere.
DNS Server Query Type QPS Avg Latency (ms)
Kube-dns + neg-cache external 2552 36.665
Kube-dns + neg-cache internal 28971 3.385

More

The version of kube-dns and default configuration used in these tests were those released with Kubernetes 1.12.

For more details about the test environments see: [Scaling CoreDNS in Kubernetes Clusters] (https://github.com/coredns/deployment/blob/master/kubernetes/Scaling_CoreDNS.md).