Kubernetes Tips: How to find the Port of a Service with a DNS request

Last week I created a guide for our users to set up an NGINX service as an API Gateway with Qovery. The API gateway must redirect the incoming traffic to the appropriate service with the correct port. My problem is that the API Gateway does not know the ports exposed for every service. In this post, I will show you a quick tip on finding the port of a Kubernetes service with a single DNS request. Let's go!

Romaric Philogène

Romaric Philogène

February 2, 2022 · 2 min read
Kubernetes Tips: How to find the Port of a Service with a DNS request - Qovery
Written byRomaric Philogène

Romaric Philogène

CEO and co-founder of Qovery. Romaric has 10+ years of experience in R&D. From the Ad-Tech to the financial industry, he has deep expertise in highly-reliable and performant systems.

See all articles
EngineeringKubernetes

The tip

As you probably know, DNS service runs on Kubernetes to resolve the local service names. When your app A needs access to an app B from the same namespace, you will use it as a root domain "app-b.svc". Then your app will look at the nameserver to target (the one running on Kubernetes) and request to resolve "app-b.svc" into an IP address. For your application, it is transparent.

I don't want to make it too long, so here is the DNS request to get the port of a Kubernetes service:

dig +answer srv *._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local

You should get an output similar to this one:

; <<>> DiG 9.16.22 <<>> +answer srv *._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12263
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 9f7c41b86a20fb70 (echoed)
;; QUESTION SECTION:
;*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. IN SRV

;; ANSWER SECTION:
*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN SRV 0 100 80 app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local.

;; ADDITIONAL SECTION:
app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN A 172.20.46.46

;; Query time: 4 msec
;; SERVER: 172.20.0.10#53(172.20.0.10)
;; WHEN: Mon Jan 24 12:13:15 UTC 2022
;; MSG SIZE  rcvd: 295

Not clear enough? Here is a request to get only the port

dig +noall +answer srv \*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local | awk '{print $7}'
80

Yes, the port is 80!

How does it work

A DNS service is a database of records. You can see it as a KV store (it is a bit more complex, of course). You can store and return much more than just the IP address. This is what happens here. By asking the DNS service to resolve the SRV record of "*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local" I get the following answer.

;; ANSWER SECTION:
*._tcp.app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local. 5 IN SRV 0 100 80 app-z082e36c4.z489e9616-z209c3fd6.svc.cluster.local.

The SRV record is used as a Service Discovery record. The structure is the following: "IN SRV 0 100 <port> <service>.<ns>.svc.<zone>."

Conclusion

Thanks to Romain Gerard - Software Engineer @ Qovery, for this tip that saves my day 😍

This trick is directly used in my API Gateway run.sh script and is super helpful for our customers. You know how to get the port of one of Kubernetes services right from one of your apps now.

Test and Release Features 4x Faster with On-demand Environments

Qovery is a Platform to Deploy Production-like Environments in your AWS account in Seconds; Helping Developers To Test and Release Features Faster ⚡️

Try it out now!
Test and Release Features 4x Faster with On-demand Environments
EngineeringKubernetes