Skip to content

Consul improve Kubernetes DNS reliability

Current DNS endpoint in Kubernetes is a TCP hostPort (by patching the manifests), which other node pods use directly (127.0.0.1), this is dangerous and unreliable as any Consul pod failure will translate into a DNS outage for all pods in the node.

Context around the current solution: gitlab-org/gitlab#271575 (closed)

  • Move endpoint to a K8S SVC
  • Improve deployment/service resiliency by leveraging PDBs, topologySpreadConstraints and HPAs for auto-scaling