Backport of Resolve Consul DNS in OpenShift into release/1.17.x (#20446)

* backport of commit 3885ff70f7

* backport of commit 97501c9185

* backport of commit 5330e75597

* backport of commit 1ff82ed228

---------

Co-authored-by: natemollica-dev <57850649+natemollica-nm@users.noreply.github.com>
Co-authored-by: natemollica-dev <nathan.mollica@hashicorp.com>
pull/20448/head
hc-github-team-consul-core 2024-02-01 16:22:56 -06:00 committed by GitHub
parent 552eff9015
commit 28501acf16
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 67 additions and 0 deletions

3
.changelog/20439.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
docs: Consul DNS Forwarding configuration for OpenShift update for [Resolve Consul DNS Requests in Kubernetes](https://developer.hashicorp.com/consul/docs/k8s/dns)
```

View File

@ -134,6 +134,70 @@ in full cluster rebuilds.
-> **Note:** If using a different zone than `.consul`, change the key accordingly.
## OpenShift DNS Operator
-> **Note:** OpenShift CLI `oc` is utilized below complete the following steps. You can find more details on how to install OpenShift CLI from [Getting started with OpenShift CLI](https://docs.openshift.com/container-platform/latest/cli_reference/openshift_cli/getting-started-cli.html).
You can use DNS forwarding to override the default forwarding configuration in the `/etc/resolv.conf` file by specifying
the `consul-dns` service for the `consul` subdomain (zone).
Find `consul-dns` service clusterIP:
```shell-session
$ oc get svc consul-dns --namespace consul --output jsonpath='{.spec.clusterIP}'
172.30.186.254
```
Edit the `default` DNS Operator:
```shell-session
$ oc edit edit dns.operator/default
```
Append the following `servers` section entry to the `spec` section of the DNS Operator configuration:
```yaml
spec:
servers:
- name: consul-server
zones:
- consul
forwardPlugin:
policy: Random
upstreams:
- 172.30.186.254 # Set to clusterIP of consul-dns service
```
Save the configuration changes and verify the `dns-default` configmap has been updated:
```shell-session
$ oc get configmap/dns-default -n openshift-dns -o yaml
```
Example output with updated `consul` forwarding zone:
```yaml
...
data:
Corefile: |
# consul-server
consul:5353 {
prometheus 127.0.0.1:9153
forward . 172.30.186.254 {
policy random
}
errors
log . {
class error
}
bufsize 1232
cache 900 {
denial 9984 30
}
}
...
```
## Verifying DNS Works
To verify DNS works, run a simple job to query DNS. Save the following