Deploy Citrix ADC CPXs as Local DNS Caches for Kubernetes Nodes

Application pods in a Kubernetes cluster rely on DNS to communicate with other application pods. DNS requests from applications inside a Kubernetes cluster are handled by Kubernetes DNS (kube-dns). Due to wider adoption of microservices architectures, DNS request rates inside a Kubernetes cluster are increasing. As a result, Kubernetes DNS (kube-dns) is overburdened. Now you can deploy Citrix ADC CPX as a local DNS cache on each Kubernetes node and forward DNS requests from application pods in the node to Citrix ADC CPX. Hence, you can resolve DNS requests faster and significantly reduce the load on Kubernetes DNS.

To deploy Citrix ADC CPXs, a Kubernetes DaemonSet entity is used to schedule Citrix ADC CPX pods on each node in the Kubernetes cluster. A Kubernetes DaemonSet ensures that there is an instance of Citrix ADC CPX on each Kubernetes node in the cluster. To make application pods direct traffic to CPX DNS pods, you need to create a Kubernetes service with endpoints as Citrix ADC CPX pods. Cluster IP of this service is used as the DNS endpoint for the application pods. To make sure that the application pods use Citrix ADC CPX service cluster IP address for DNS resolution, you need to update the kubelet configuration file on each node with Citrix ADC CPX service cluster IP.

The following environment variables are introduced to support the deployment of Citrix ADC CPX as NodeLocal DNS cache:

• KUBE_DNS_SVC_IP: Specifies the cluster IP address of the kube-dns service which is a mandatory argument to trigger the configuration on a Citrix ADC CPX pod. The Citrix ADC CPX pod directs DNS queries to this IP address when the DNS query response is not available in the Citrix ADC CPX cache.

• CPX_DNS_SVC_IP: Specifies the cluster IP address of the Citrix ADC CPX service. The CPX_DNS_SVC_IP environment variable is used to configure local DNS on nodes. When you configure this variable, an iptables rule is added to direct the DNS requests originating from application pods to the local Citrix ADC CPX pod inside the node.

• NS_DNS_FORCE_TCP: This environment variable forces using TCP for DNS requests even if the queries are received over UDP.

• NS_DNS_EXT_RESLV_IP: Specifies the IP address of the external name server to direct the DNS requests for a specific domain.

• NS_DNS_MATCH_DOMAIN: Specifies the external domain string to be matched against to direct the queries to the external name server.

Deploy Citrix ADC CPXs as DNS Caches on Nodes

Deploying Citrix ADC CPX as local DNS cache for a Kubernetes cluster includes the following tasks:

On the master node:

• Create a Kubernetes service with endpoints as Citrix ADC CPX pods

• Create a ConfigMap for defining environment variables for Citrix ADC CPX pods

• Schedule Citrix ADC CPX pods on each node in the Kubernetes cluster using a Kubernetes DaemonSet.

On worker nodes:

• Modify the kubelet configuration file with the cluster IP address of Citrix ADC CPX service to forward DNS requests to Citrix ADC CPXs.

Configuration on the Kubernetes Master Node

Perform the following steps on the Kubernetes master node to deploy Citrix ADC CPX as the local DNS cache for nodes:

1. Create a service with Citrix ADC CPX pods as endpoints using the cpx_dns_svc.yaml file.

   kubectl apply -f cpx_dns_svc.yaml
   

   The cpx_dns_svc.yaml file is provided as follows:

           apiVersion: v1
           kind: Service
           metadata:
             name: cpx-dns-svc
             labels:
               app: cpxd
           spec:
             ports:
             - protocol: UDP
               port: 53
               name: dns
             - protocol: TCP
               port: 53
               name: dns-tcp
             selector:
               app: cpx-daemon
   

2. Get the IP address of the Citrix ADC CPX service.

   kubectl get svc cpx-dns-svc
   

3. Get the IP address of the Kube DNS service.

   kubectl get svc -n kube-system
   

4. Create a ConfigMap for defining environment variables for Citrix ADC CPX pods. These environment variables are used to pass IP addresses of Citrix ADC CPX service and Kube DNS service. In this step, a sample ConfigMap cpx-dns-cache is created using the environment variables specified as data (key-value pairs) in a file.

   kubectl create configmap cpx-dns-cache --from-file <path-to-file>
   

   The following is a sample file with the environment variables as key-value pairs.

     CPX_DNS_SVC_IP: 10.111.95.145
     EULA: "yes"
     KUBE_DNS_SVC_IP: 10.96.0.10
     NS_CPX_LITE: "1"
     NS_DNS_EXT_RESLV_IP: 10.102.217.142
     NS_DNS_MATCH_DOMAIN: citrix.com
     PLATFORM: CP1000
   

   The following is a sample ConfigMap:

   apiVersion: v1
   data:
     CPX_DNS_SVC_IP: 10.111.95.145
     EULA: "yes"
     KUBE_DNS_SVC_IP: 10.96.0.10
     NS_CPX_LITE: "1"
     NS_DNS_EXT_RESLV_IP: 10.102.217.142
     NS_DNS_MATCH_DOMAIN: citrix.com
     PLATFORM: CP1000
   kind: ConfigMap
   metadata:
     creationTimestamp: "2019-10-15T07:45:54Z"
     name: cpx-dns-cache
     namespace: default
     resourceVersion: "8026537"
     selfLink: /api/v1/namespaces/default/configmaps/cpx-dns-cache
     uid: 8d06f6ee-133b-4e1a-913c-9963cbf4f48
   

5. Create a Kubernetes DaemonSet for Citrix ADC CPX on the master node.

   kubectl apply -f cpx_daemonset.yaml
   

   The cpx_daemonset.yaml file is provided as follows:

   apiVersion: apps/v1
   kind: DaemonSet
   metadata:
     name: cpx-daemon
     labels:
           app: cpxd
   spec:
      selector:
           matchLabels:
             app: cpx-daemon
   template:
      metadata:
           labels:
             app: cpx-daemon
      spec:
          containers:
          - name: cpxd
           imagePullPolicy: IfNotPresent
           image: localhost:5000/dev/cpx
           volumeMounts:
            - mountPath: /netns/default/
           name: test-vol
           ports:
           - containerPort: 53
      envFrom:
          - configMapRef:
          name: cpx-dns-cache
      securityContext:
      privileged: true
      allowPrivilegeEscalation: true
      capabilities:
       add: ["NET_ADMIN"]
      volumes:
         -  name: test-vol
         hostPath:
         path: /proc/1/ns
         type: Directory
   

Configuration on Worker Nodes in the Kubernetes Cluster

Once you complete configuration on master node, perform the following step on worker nodes:

1. Modify the kubelet configuration file so that application pods can use Citrix ADC CPX service cluster IP for DNS resolution using one of the following steps:

   • Follow the steps in reconfigure a Node’s kubelet and modify the --cluster-dns argument value in the following format.

          --cluster-dns=<CPX_DNS_SVC_IP>,<KUBE_DNS_SVC_IP>
     

     or

   • Edit the /etc/systemd/system/kubelet.service.d/10-kubeadm.conf file and modify the --cluster-dns argument using the following steps.

     1. Edit the kubelet configuration and specify the cluster IP address of Citrix ADC CPX service and kube-dns service IP address for the --cluster-dns argument.

         root@node:~# cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf | grep KUBELET_DNS_ARGS
        
         Environment="KUBELET_DNS_ARGS=--cluster-dns=10.111.95.145,10.96.0.10 --cluster-domain=cluster.local"
         ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_DNS_ARGS
        

     2. Reload the kubelet of nodes using the following commands:

         # systemctl daemon-reload
         # service kubelet restart