From 2a0d9ff882bcd063f4b2f60d93c4562c93c77faf Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Fri, 6 Sep 2019 11:33:13 +0200 Subject: [PATCH 1/2] Update Consul DNS on kube docs - fix instructions for CoreDNS (it updated) - fix instructions for new component names - recommend installing with the name 'consul' - add disclaimer that catalog sync is not always required - clean up example values.yaml files --- website/source/docs/platform/k8s/dns.html.md | 102 +++++++++++--- website/source/docs/platform/k8s/helm.html.md | 124 +++++++++--------- .../docs/platform/k8s/service-sync.html.md | 57 ++++++-- 3 files changed, 187 insertions(+), 96 deletions(-) diff --git a/website/source/docs/platform/k8s/dns.html.md b/website/source/docs/platform/k8s/dns.html.md index 1754d87fff..b2ff643db5 100644 --- a/website/source/docs/platform/k8s/dns.html.md +++ b/website/source/docs/platform/k8s/dns.html.md @@ -9,19 +9,48 @@ description: |- # Consul DNS on Kubernetes One of the primary query interfaces to Consul is the -[DNS interface](/docs/agent/dns.html). The Consul DNS interface can be -exposed for all pods in Kubernetes using a -[stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers). +[DNS interface](/docs/agent/dns.html). Consul DNS can be configured in +Kubernetes using a +[stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers) +if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/proxy/) if using CoreDNS. -The stub-domain configuration must point to a static IP of a DNS resolver. -The [Helm chart](/docs/platform/k8s/helm.html) creates a `consul-dns` service -by default that exports Consul DNS. The cluster IP of this service can be used -to configure a stub-domain with kube-dns. While the `kube-dns` configuration -lives in the `kube-system` namespace, the IP just has to be routable so the -service can live in a different namespace. +Once configured, DNS requests in the form `{consul-service-name}.service.consul` will +resolve for services in Consul. This will work from all namespaces. +-> **Note:** If you want requests to just `{consul-service-name}` (without the `.service.consul`) to resolve, then you'll need +to turn on [Consul to Kubernetes Service Sync](/docs/platform/k8s/service-sync.html#consul-to-kubernetes). + +## Consul DNS Cluster IP +For configuring KubeDNS or CoreDNS you'll first need the `ClusterIP` of the Consul +DNS service created by the [Helm chart](/docs/platform/k8s/helm.html). + +The name of the Consul DNS service will be `consul-consul-dns`. Use +that name to get the `ClusterIP`: + +```bash +$ kubectl get svc consul-consul-dns -o jsonpath='{.spec.clusterIP}' +10.35.240.78% ``` -cat < *Note:* If you've installed Consul using a different helm release name than `consul` +then the DNS service name will be `{release-name}-consul-dns`. + +For this installation the `ClusterIP` is `10.35.240.78`. + +## KubeDNS +If using KubeDNS, you need to create a `ConfigMap` that tells KubeDNS +to use the Consul DNS service to resolve all domains ending with `.consul`: + +Export the Consul DNS IP as an environment variable: + +```bash +export CONSUL_DNS_IP=10.35.240.78 +``` + +And create the `ConfigMap`: + +```bash +$ cat < **Note:** The `stubDomain` can only point to a static IP. If the cluster IP -of the `consul-dns` service changes, then it must be updated in the config map to +of the Consul DNS service changes, then it must be updated in the config map to match the new service IP for this to continue working. This can happen if the service is deleted and recreated, such as in full cluster rebuilds. +-> **Note:** If using a different zone than `.consul`, change the stub domain to +that zone. + +Now skip ahead to the [Verifying DNS Works](#verifying-dns-works) section. + ## CoreDNS Configuration -If you are using CoreDNS instead of kube-dns in your Kubernetes cluster, you will +If using CoreDNS instead of KubeDNS in your Kubernetes cluster, you will need to update your existing `coredns` ConfigMap in the `kube-system` namespace to -include a proxy definition for `consul` that points to the cluster IP of the -`consul-dns` service. +include a `forward` definition for `consul` that points to the cluster IP of the +Consul DNS service. +Edit the `ConfigMap`: + +```bash +$ kubectl edit configmap coredns -n kube-system ``` + +And add the `consul` block below the default `.:53` block and replace +`` with the DNS Service's IP address you +found previously. + +```diff apiVersion: v1 kind: ConfigMap metadata: @@ -61,11 +119,11 @@ data: .:53 { } - consul { - errors - cache 30 - proxy . - } ++ consul { ++ errors ++ cache 30 ++ forward . ++ } ``` -> **Note:** The consul proxy can only point to a static IP. If the cluster IP @@ -73,6 +131,8 @@ of the `consul-dns` service changes, then it must be updated to the new IP to co working. This can happen if the service is deleted and recreated, such as in full cluster rebuilds. +-> **Note:** If using a different zone than `.consul`, change the key accordingly. + ## Verifying DNS Works To verify DNS works, run a simple job to query DNS. Save the following @@ -102,7 +162,7 @@ Then query the pod name for the job and check the logs. You should see output similar to the following showing a successful DNS query. If you see any errors, then DNS is not configured properly. -``` +```sh $ kubectl get pods --show-all | grep dns dns-lkgzl 0/1 Completed 0 6m diff --git a/website/source/docs/platform/k8s/helm.html.md b/website/source/docs/platform/k8s/helm.html.md index 1e83959429..3a461bc0ca 100644 --- a/website/source/docs/platform/k8s/helm.html.md +++ b/website/source/docs/platform/k8s/helm.html.md @@ -33,30 +33,60 @@ require additional manual configuration. ## Using the Helm Chart -To use the Helm chart, you must download or clone the -[consul-helm GitHub repository](https://github.com/hashicorp/consul-helm) -and run Helm against the directory. We plan to transition to using a real -Helm repository soon. When running Helm, we highly recommend you always -checkout a specific tagged release of the chart to avoid any -instabilities from master. +To install Consul using the Helm chart you must first install Helm onto +your Kubernetes cluster. See the +[Helm Install Guide](https://helm.sh/docs/using_helm/#installing-helm) for more information. -Prior to this, you must have Helm installed and configured both in your -Kubernetes cluster and locally on your machine. The steps to do this are -out of the scope of this document, please read the -[Helm documentation](https://helm.sh/) for more information. +Once Helm is installed, determine the latest version of the Consul Helm chart +by visiting [https://github.com/hashicorp/consul-helm/releases](https://github.com/hashicorp/consul-helm/releases). -Example chart usage: +Clone the chart at that version, for example if the latest version is +`v0.8.1` you would run: + +```bash +$ git clone --single-branch --branch v0.8.1 https://github.com/hashicorp/consul-helm.git +Cloning into 'consul-helm'... +... +You are in 'detached HEAD' state... +``` + +Ensure you've checked out the correct version with `helm inspect`: + +```bash +$ helm inspect chart ./consul-helm +apiVersion: v1 +description: Install and configure Consul on Kubernetes. +home: https://www.consul.io +name: consul +sources: +- https://github.com/hashicorp/consul +- https://github.com/hashicorp/consul-helm +- https://github.com/hashicorp/consul-k8s +version: 0.8.1 +``` + +Now you're ready to install Consul! To install Consul with the default +configuration run: ```sh -# Clone the chart repo -$ git clone https://github.com/hashicorp/consul-helm.git -$ cd consul-helm +$ helm install --name consul ./consul-helm +NAME: consul +... +Your release is named consul. To learn more about the release, try: -# Checkout the most recently tagged version -$ git checkout $(git describe --abbrev=0 --tags) + $ helm status consul + $ helm get consul +``` -# Run Helm -$ helm install --dry-run ./ +If you want to customize the installation, +create a `values.yaml` file to override the default settings. +You can learn what settings are available by running `helm inspect values ./consul-helm` +or by reading the below [Configuration](#configuration-values) section. + +Once you've created your `values.yaml` file, run `helm install` with the `-f` flag: + +```bash +$ helm install --name consul -f ./values.yaml ./consul-helm ``` ~> **Warning:** By default, the chart will install _everything_: a @@ -413,13 +443,13 @@ Add the `--wait` option to your `helm install` command. This will force Helm to to become ready before it applies the license to your Consul cluster. ```bash -$ helm install --wait . +$ helm install --wait --name consul -f ./values.yaml ./consul-helm ``` Once the cluster is up, you can verify the nodes are running Consul Enterprise. ```bash -$ kubectl port-forward service/consul-server 8500 & +$ kubectl port-forward service/consul-consul-server 8500 & $ consul license get License is valid License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f @@ -436,54 +466,38 @@ Licensed Features: Advanced Network Federation $ consul members Node Address Status Type Build Protocol DC Segment -consul-server-0 10.60.0.187:8301 alive server 1.4.3+ent 2 dc1 -consul-server-1 10.60.1.229:8301 alive server 1.4.3+ent 2 dc1 -consul-server-2 10.60.2.197:8301 alive server 1.4.3+ent 2 dc1 +consul-consul-server-0 10.60.0.187:8301 alive server 1.4.3+ent 2 dc1 +consul-consul-server-1 10.60.1.229:8301 alive server 1.4.3+ent 2 dc1 +consul-consul-server-2 10.60.2.197:8301 alive server 1.4.3+ent 2 dc1 ``` ## Helm Chart Examples -The below values.yaml can be used to set up a single server Consul cluster with a LoadBalancer to allow external access to the UI and API. +The below `values.yaml` can be used to set up a single server Consul cluster with a `LoadBalancer` to allow external access to the UI and API. -``` +```yaml global: enabled: true - image: "consul:1.4.2" - domain: consul - datacenter: dc1 server: - enabled: true replicas: 1 bootstrapExpect: 1 - storage: 10Gi - -client: - enabled: true - -dns: - enabled: true ui: - enabled: true service: - enabled: true type: LoadBalancer ``` -The below values.yaml can be used to set up a three server Consul Enterprise cluster with 100GB of storage and automatic Connect injection for annotated pods in the "my-app" namespace. +The below `values.yaml` can be used to set up a three server Consul Enterprise cluster with 100GB of storage and automatic Connect injection for annotated pods in the "my-app" namespace. Note, this would require a secret that contains the enterprise license key. -``` +```yaml global: - enabled: true - domain: consul image: "hashicorp/consul-enterprise:1.4.2-ent" datacenter: dc1 server: - enabled: true replicas: 3 bootstrapExpect: 3 enterpriseLicense: @@ -491,36 +505,18 @@ server: secretKey: "key" storage: 100Gi connect: true - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: {{ template "consul.name" . }} - release: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname client: - enabled: true grpc: true -dns: - enabled: true - -ui: - enabled: true - service: - enabled: true - type: NodePort - connectInject: enabled: true default: false namespaceSelector: "my-app" - ``` ## Customizing the Helm Chart -Consul within Kubernetes is highly configurable and the Helm chart contains dozens of the most commonly used configuration options. If you need to extend the Helm chart with additional options, we recommend using a third-party tool, such as [kustomize](https://github.com/kubernetes-sigs/kustomize) or [ship](https://github.com/replicatedhq/ship). +Consul within Kubernetes is highly configurable and the Helm chart contains dozens +of the most commonly used configuration options. +If you need to extend the Helm chart with additional options, we recommend using a third-party tool, such as [kustomize](https://github.com/kubernetes-sigs/kustomize) or [ship](https://github.com/replicatedhq/ship). diff --git a/website/source/docs/platform/k8s/service-sync.html.md b/website/source/docs/platform/k8s/service-sync.html.md index 523a1ba698..f0340ded8a 100644 --- a/website/source/docs/platform/k8s/service-sync.html.md +++ b/website/source/docs/platform/k8s/service-sync.html.md @@ -53,7 +53,26 @@ syncCatalog: This will enable services to sync _in both directions_. You can also choose to only sync Kubernetes services to Consul or vice versa by disabling a direction. -See the [Helm configuration](/docs/platform/k8s/helm.html#configuration-values-) + +To only enable syncing Consul services to Kubernetes use the config: + +```yaml +syncCatalog: + enabled: true + toConsul: false + toK8S: true +``` + +To only enable syncing Kubernetes services to Consul use: + +```yaml +syncCatalog: + enabled: true + toConsul: true + toK8S: false +``` + +See the [Helm configuration](/docs/platform/k8s/helm.html#v-synccatalog) for more information. -> **Before installing,** please read the introduction paragraphs for the @@ -67,7 +86,9 @@ sync to understand how the syncing works. The sync process must authenticate to both Kubernetes and Consul to read and write services. -For Kubernetes, a valid kubeconfig file must be provided with cluster +If running `consul-k8s` using the Helm chart then this authentication is handled for you. + +If running `consul-k8s` outside of Kubernetes, a valid kubeconfig file must be provided with cluster and authentication information. The sync process will look into the default locations for both in-cluster and out-of-cluster authentication. If `kubectl` works, then the sync program should work. @@ -240,22 +261,36 @@ metadata: ## Consul to Kubernetes This syncs Consul services into first-class Kubernetes services. -Each Consul service is synced to an -[ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) -service in Kubernetes. The external name is configured to be the Consul -DNS entry. +An [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) +`Service` is created for each Consul service. The "external name" will be +the Consul DNS name. -This enables external services to be discovered using native Kubernetes -tooling. This can be used to ease software migration into or out of Kubernetes, -across platforms, to and from hosted services, and more. +For example, given a Consul service `foo`, a Kubernetes Service will be created +as follows: + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: foo + ... +spec: + externalName: foo.service.consul + type: ExternalName +``` + +With Consul To Kubernetes syncing enabled, DNS requests of the form `{consul-service-name}` +will be serviced by Consul DNS. From a different namespace than where Consul +is deployed, the DNS request would need to be `{consul-service-name}.{consul-namespace}`. + +-> **Note:** Consul to Kubernetes syncing **isn't required** if you've enabled [Consul DNS on Kubernetes](/docs/platform/k8s/dns.html) +*and* all you need to do is address services in the form `{consul-service-name}.service.consul`, i.e. you don't need Kubernetes `Service` objects created. -> **Requires Consul DNS via CoreDNS in Kubernetes:** This feature requires that [Consul DNS](/docs/platform/k8s/dns.html) is configured within Kubernetes. Additionally, **[CoreDNS](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#config-coredns) is required (instead of kube-dns)** to resolve an issue with resolving `externalName` services pointing to custom domains. -In the future we hope to remove this requirement by syncing the instance -addresses directly into service endpoints. ### Sync Enable/Disable From dcf922858a4fcd18f3f3a35989a4676db98dea76 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Fri, 6 Sep 2019 11:34:11 +0200 Subject: [PATCH 2/2] Update consul-helm enterprise docs for ACLs If ACLs are added then slightly different commands are needed. --- website/source/docs/platform/k8s/dns.html.md | 18 +++--- website/source/docs/platform/k8s/helm.html.md | 57 ++++++++++++++++--- .../docs/platform/k8s/service-sync.html.md | 20 +++---- 3 files changed, 65 insertions(+), 30 deletions(-) diff --git a/website/source/docs/platform/k8s/dns.html.md b/website/source/docs/platform/k8s/dns.html.md index b2ff643db5..43b8867309 100644 --- a/website/source/docs/platform/k8s/dns.html.md +++ b/website/source/docs/platform/k8s/dns.html.md @@ -9,22 +9,22 @@ description: |- # Consul DNS on Kubernetes One of the primary query interfaces to Consul is the -[DNS interface](/docs/agent/dns.html). Consul DNS can be configured in +[DNS interface](/docs/agent/dns.html). You can configure Consul DNS in Kubernetes using a [stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers) if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/proxy/) if using CoreDNS. -Once configured, DNS requests in the form `{consul-service-name}.service.consul` will -resolve for services in Consul. This will work from all namespaces. +Once configured, DNS requests in the form `.service.consul` will +resolve for services in Consul. This will work from all Kubernetes namespaces. --> **Note:** If you want requests to just `{consul-service-name}` (without the `.service.consul`) to resolve, then you'll need +-> **Note:** If you want requests to just `` (without the `.service.consul`) to resolve, then you'll need to turn on [Consul to Kubernetes Service Sync](/docs/platform/k8s/service-sync.html#consul-to-kubernetes). ## Consul DNS Cluster IP -For configuring KubeDNS or CoreDNS you'll first need the `ClusterIP` of the Consul +To configure KubeDNS or CoreDNS you'll first need the `ClusterIP` of the Consul DNS service created by the [Helm chart](/docs/platform/k8s/helm.html). -The name of the Consul DNS service will be `consul-consul-dns`. Use +The default name of the Consul DNS service will be `consul-consul-dns`. Use that name to get the `ClusterIP`: ```bash @@ -32,11 +32,11 @@ $ kubectl get svc consul-consul-dns -o jsonpath='{.spec.clusterIP}' 10.35.240.78% ``` --> *Note:* If you've installed Consul using a different helm release name than `consul` -then the DNS service name will be `{release-name}-consul-dns`. - For this installation the `ClusterIP` is `10.35.240.78`. +-> **Note:** If you've installed Consul using a different helm release name than `consul` +then the DNS service name will be `-consul-dns`. + ## KubeDNS If using KubeDNS, you need to create a `ConfigMap` that tells KubeDNS to use the Consul DNS service to resolve all domains ending with `.consul`: diff --git a/website/source/docs/platform/k8s/helm.html.md b/website/source/docs/platform/k8s/helm.html.md index 3a461bc0ca..5126ea111c 100644 --- a/website/source/docs/platform/k8s/helm.html.md +++ b/website/source/docs/platform/k8s/helm.html.md @@ -414,8 +414,6 @@ You can also use this Helm chart to deploy Consul Enterprise by following a few Find the license file that you received in your welcome email. It should have the extension `.hclic`. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart. --> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager. - You can use the following commands to create the secret: ```bash @@ -423,6 +421,8 @@ secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic) kubectl create secret generic consul-ent-license --from-literal="key=${secret}" ``` +-> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager. + In your `values.yaml`, change the value of `global.image` to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/consul-enterprise/tags). ```yaml @@ -439,17 +439,25 @@ server: secretKey: "key" ``` -Add the `--wait` option to your `helm install` command. This will force Helm to wait for all the pods -to become ready before it applies the license to your Consul cluster. +Now run `helm install`: ```bash $ helm install --wait --name consul -f ./values.yaml ./consul-helm ``` -Once the cluster is up, you can verify the nodes are running Consul Enterprise. +Once the cluster is up, you can verify the nodes are running Consul Enterprise by +using the `consul license get` command. + +First, forward your local port 8500 to the Consul servers so you can run `consul` +commands locally against the Consul servers in Kubernetes: + +```bash +$ kubectl port-forward service/consul-consul-server -n default 8500 +``` + +In a separate tab, run the `consul license get` command (if using ACLs see below): ```bash -$ kubectl port-forward service/consul-consul-server 8500 & $ consul license get License is valid License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f @@ -471,9 +479,42 @@ consul-consul-server-1 10.60.1.229:8301 alive server 1.4 consul-consul-server-2 10.60.2.197:8301 alive server 1.4.3+ent 2 dc1 ``` +If you get an error: + +```bash +Error getting license: invalid character 'r' looking for beginning of value +``` + +Then you have likely enabled ACLs. You need to specify your ACL token when +running the `license get` command. First, get the ACL token: + +```bash +$ kubectl get secrets/consul-consul-bootstrap-acl-token --template={{.data.token}} | base64 -D +4dae8373-b4d7-8009-9880-a796850caef9% +``` + +Now use the token when running the `license get` command: + +```bash +$ consul license get -token=4dae8373-b4d7-8009-9880-a796850caef9 +License is valid +License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f +Customer ID: b2025a4a-8fdd-f268-95ce-1704723b9996 +Expires At: 2020-03-09 03:59:59.999 +0000 UTC +Datacenter: * +Package: premium +Licensed Features: + Automated Backups + Automated Upgrades + Enhanced Read Scalability + Network Segments + Redundancy Zone + Advanced Network Federation +``` + ## Helm Chart Examples -The below `values.yaml` can be used to set up a single server Consul cluster with a `LoadBalancer` to allow external access to the UI and API. +The below `values.yaml` results in a single server Consul cluster with a `LoadBalancer` to allow external access to the UI and API. ```yaml global: @@ -488,7 +529,7 @@ ui: type: LoadBalancer ``` -The below `values.yaml` can be used to set up a three server Consul Enterprise cluster with 100GB of storage and automatic Connect injection for annotated pods in the "my-app" namespace. +The below `values.yaml` results in a three server Consul Enterprise cluster with 100GB of storage and automatic Connect injection for annotated pods in the "my-app" namespace. Note, this would require a secret that contains the enterprise license key. diff --git a/website/source/docs/platform/k8s/service-sync.html.md b/website/source/docs/platform/k8s/service-sync.html.md index f0340ded8a..0f2ce91ac1 100644 --- a/website/source/docs/platform/k8s/service-sync.html.md +++ b/website/source/docs/platform/k8s/service-sync.html.md @@ -75,12 +75,6 @@ syncCatalog: See the [Helm configuration](/docs/platform/k8s/helm.html#v-synccatalog) for more information. --> **Before installing,** please read the introduction paragraphs for the -reference documentation below for both -[Kubernetes to Consul](/docs/platform/k8s/service-sync.html#kubernetes-to-consul) and -[Consul to Kubernetes](/docs/platform/k8s/service-sync.html#consul-to-kubernetes) -sync to understand how the syncing works. - ### Authentication The sync process must authenticate to both Kubernetes and Consul to read @@ -261,8 +255,8 @@ metadata: ## Consul to Kubernetes This syncs Consul services into first-class Kubernetes services. -An [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) -`Service` is created for each Consul service. The "external name" will be +The sync service will creat an [`ExternalName`](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) +`Service` for each Consul service. The "external name" will be the Consul DNS name. For example, given a Consul service `foo`, a Kubernetes Service will be created @@ -279,14 +273,14 @@ spec: type: ExternalName ``` -With Consul To Kubernetes syncing enabled, DNS requests of the form `{consul-service-name}` -will be serviced by Consul DNS. From a different namespace than where Consul -is deployed, the DNS request would need to be `{consul-service-name}.{consul-namespace}`. +With Consul To Kubernetes syncing enabled, DNS requests of the form `` +will be serviced by Consul DNS. From a different Kubernetes namespace than where Consul +is deployed, the DNS request would need to be `.`. -> **Note:** Consul to Kubernetes syncing **isn't required** if you've enabled [Consul DNS on Kubernetes](/docs/platform/k8s/dns.html) -*and* all you need to do is address services in the form `{consul-service-name}.service.consul`, i.e. you don't need Kubernetes `Service` objects created. +*and* all you need to do is address services in the form `.service.consul`, i.e. you don't need Kubernetes `Service` objects created. --> **Requires Consul DNS via CoreDNS in Kubernetes:** This feature requires that +~> **Requires Consul DNS via CoreDNS in Kubernetes:** This feature requires that [Consul DNS](/docs/platform/k8s/dns.html) is configured within Kubernetes. Additionally, **[CoreDNS](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#config-coredns) is required (instead of kube-dns)** to resolve an