Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve Consul DNS in OpenShift #20439

Merged
merged 4 commits into from
Feb 1, 2024
Merged

Resolve Consul DNS in OpenShift #20439

merged 4 commits into from
Feb 1, 2024

Conversation

natemollica-nm
Copy link
Contributor

This updates our Consul DNS forwarding documentation to include methods for updating the DNS Operator on OpenShift clusters to include Consul's DNS service.

Description

Our documentation titled Resolve Consul DNS Requests in Kubernetes has long been missing steps to update Kubernetes on OpenShift's DNS Operator to include the Consul DNS Forwarder. This PR aims to close that gap.

Testing & Reproduction steps

  • Deploy Consul on OpenShift, and ensure the following overrides are set to enable consul-dns service:
dns:
  enabled: true
  enabledRedirection: true
  type: ClusterIP
  • Find consul-dns service clusterIP: oc get svc consul-dns --namespace consul --output jsonpath='{.spec.clusterIP}'
  • Edit the DNS Operator Configuration (as outlined in the OpenShift Documentation):
    • Edit DNS Operator: oc edit edit dns.operator/default
  • Add consul-dns clusterIP as upstream server for the consul zone and save configuration changes:
spec:
  servers:
  - name: consul-server
    zones:
    - consul
    forwardPlugin:
      policy: Random
      upstreams:
      - 172.30.186.254 # Set to clusterIP of consul-dns service
  • Verify DNS Operator applied the changes: oc get configmap/dns-default -n openshift-dns -o yaml
...
data:
  Corefile: |
    # consul-server
    consul:5353 {
        prometheus 127.0.0.1:9153
        forward . 172.30.186.254 {
            policy random
        }
        errors
        log . {
            class error
        }
        bufsize 1232
        cache 900 {
            denial 9984 30
        }
    }
...
  • From terminal of pod deployed to the Consul service mesh, verify DNS name resolution with Consul domain:
$ nslookup consul.service.consul
Server:         172.30.0.10
Address:        172.30.0.10:53


Name:   consul.service.consul
Address: 10.129.2.21
Name:   consul.service.consul
Address: 10.130.2.18
Name:   consul.service.consul
Address: 10.128.2.19

$ nslookup backend.virtual.consul.ns.consul
Server:         172.30.0.10
Address:         172.30.0.10:53

Name:   backend.virtual.consul.ns.consul
Address: 240.0.0.5

Name:   backend.virtual.consul.ns.consul
Address: 240.0.0.5

Links

OpenShift DNS Operator: Using DNS Forwarding

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@natemollica-nm
Resolve Consul DNS in OpenShift
3885ff7 
This updates our Consul DNS forwarding documentation to include methods for updating the DNS Operator on OpenShift clusters to include Consul's DNS service.
@natemollica-nm natemollica-nm added backport/1.15 This release series is no longer active on CE. Use backport/ent/1.15. backport/1.16 This release series is no longer active on CE. Use backport/ent/1.16. backport/1.17 This release series is no longer active on CE. Use backport/ent/1.17. labels Feb 1, 2024
@natemollica-nm natemollica-nm requested a review from a team as a code owner February 1, 2024 18:15
@github-actions github-actions bot added the type/docs Documentation needs to be created/updated/clarified label Feb 1, 2024
@natemollica-nm
Include note on oc (vs kubeclt)
97501c9 
Co-authored-by: David Yu <dyu@hashicorp.com>
@natemollica-nm natemollica-nm merged commit 2b07b32 into main Feb 1, 2024
91 checks passed
@natemollica-nm natemollica-nm deleted the natemollica-consul-dns-openshift branch February 1, 2024 22:00
This was referenced Feb 1, 2024
Merged
Merged
Merged
@david-yu
Copy link
Contributor

Thanks for doing this, for future reference docs PRs should not have a changleog, so you can add the pr/no-changelog label.

This was referenced Sep 27, 2024
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-yu david-yu david-yu approved these changes

Assignees
No one assigned
Labels
backport/1.15 This release series is no longer active on CE. Use backport/ent/1.15. backport/1.16 This release series is no longer active on CE. Use backport/ent/1.16. backport/1.17 This release series is no longer active on CE. Use backport/ent/1.17. type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@natemollica-nm @david-yu