Backport of Resolve Consul DNS in OpenShift into release/1.17.x

[hc-github-team-consul-core]

Backport

This PR is auto-generated from #20439 to be assessed for backporting due to the inclusion of the label backport/1.17.

The below text is copied from the body of the original PR.

---

This updates our Consul DNS forwarding documentation to include methods for updating the DNS Operator on OpenShift clusters to include Consul's DNS service.

Description

Our documentation titled Resolve Consul DNS Requests in Kubernetes has long been missing steps to update Kubernetes on OpenShift's DNS Operator to include the Consul DNS Forwarder. This PR aims to close that gap.

Testing & Reproduction steps

• Deploy Consul on OpenShift, and ensure the following overrides are set to enable consul-dns service:

dns:
  enabled: true
  enabledRedirection: true
  type: ClusterIP

• Find consul-dns service clusterIP: oc get svc consul-dns --namespace consul --output jsonpath='{.spec.clusterIP}'
• Edit the DNS Operator Configuration (as outlined in the OpenShift Documentation):
  • Edit DNS Operator: oc edit edit dns.operator/default
• Add consul-dns clusterIP as upstream server for the consul zone and save configuration changes:

spec:
  servers:
  - name: consul-server
    zones:
    - consul
    forwardPlugin:
      policy: Random
      upstreams:
      - 172.30.186.254 # Set to clusterIP of consul-dns service

• Verify DNS Operator applied the changes: oc get configmap/dns-default -n openshift-dns -o yaml

...
data:
  Corefile: |
    # consul-server
    consul:5353 {
        prometheus 127.0.0.1:9153
        forward . 172.30.186.254 {
            policy random
        }
        errors
        log . {
            class error
        }
        bufsize 1232
        cache 900 {
            denial 9984 30
        }
    }
...

• From terminal of pod deployed to the Consul service mesh, verify DNS name resolution with Consul domain:

$ nslookup consul.service.consul
Server:         172.30.0.10
Address:        172.30.0.10:53


Name:   consul.service.consul
Address: 10.129.2.21
Name:   consul.service.consul
Address: 10.130.2.18
Name:   consul.service.consul
Address: 10.128.2.19

$ nslookup backend.virtual.consul.ns.consul
Server:         172.30.0.10
Address:         172.30.0.10:53

Name:   backend.virtual.consul.ns.consul
Address: 240.0.0.5

Name:   backend.virtual.consul.ns.consul
Address: 240.0.0.5

Links

OpenShift DNS Operator: Using DNS Forwarding

PR Checklist

• updated test coverage
• external facing docs updated
• appropriate backport labels added
• not a security concern

---

Overview of commits

• 3885ff7 - 97501c9 - 5330e75 - 1ff82ed

[github-team-consul-core-pr-approver]

Auto approved Consul Bot automated PR