Resolve Consul DNS in OpenShift

This updates our Consul DNS forwarding documentation to include methods for updating the DNS Operator on OpenShift clusters to include Consul's DNS service.
10 months ago · 3885ff70f7
parent d0243b618d
commit 3885ff70f7
1 changed files with 62 additions and 0 deletions
--- a/website/content/docs/k8s/dns.mdx
+++ b/website/content/docs/k8s/dns.mdx
@ -134,6 +134,68 @@ in full cluster rebuilds.

 -> **Note:** If using a different zone than `.consul`, change the key accordingly.

+## OpenShift DNS Operator
+
+You can use DNS forwarding to override the default forwarding configuration in the `/etc/resolv.conf` file by specifying
+the `consul-dns` service for the `consul` subdomain (zone).
+
+Find `consul-dns` service clusterIP:
+
+```shell-session
+$ oc get svc consul-dns --namespace consul --output jsonpath='{.spec.clusterIP}'
+172.30.186.254
+```
+
+Edit the `default` DNS Operator:
+
+```shell-session
+$ oc edit edit dns.operator/default
+```
+
+Append the following `servers` section entry to the `spec` section of the DNS Operator configuration:
+
+```yaml
+spec:
+  servers:
+  - name: consul-server
+    zones:
+    - consul
+    forwardPlugin:
+      policy: Random
+      upstreams:
+      - 172.30.186.254 # Set to clusterIP of consul-dns service
+```
+
+Save the configuration changes and verify the `dns-default` configmap has been updated:
+
+```shell-session
+$ oc get configmap/dns-default -n openshift-dns -o yaml
+```
+
+Example output with updated `consul` forwarding zone:
+
+```yaml
+...
+data:
+  Corefile: |
+    # consul-server
+    consul:5353 {
+        prometheus 127.0.0.1:9153
+        forward . 172.30.186.254 {
+            policy random
+        }
+        errors
+        log . {
+            class error
+        }
+        bufsize 1232
+        cache 900 {
+            denial 9984 30
+        }
+    }
+...
+```
+
 ## Verifying DNS Works

 To verify DNS works, run a simple job to query DNS. Save the following