The information contained in this article has been verified as up-to-date on the date of the original publication of the article.  HashiCorp endeavors to keep this information up-to-date and correct, but it makes no representations or warranties of any kind, express or implied, about the ongoing completeness, accuracy, reliability, or suitability of the information provided.

All information contained in this article is for general information purposes only.  Any reliance you place on such information as it applies to your use of your HashiCorp product is therefore strictly at your own risk.

Introduction

This article outlines the manual configuration process for integrating the Consul DNS service into your OpenShift cluster as a recognized upstream DNS forwarder. By establishing this integration, you gain the ability to effectively resolve Consul subdomain queries, thereby enabling the utilization of Consul's failover, redirect, and other Layer 7 (L7) traffic management functionalities.

Prerequisites

• Consul on OpenShift deployed
• Consul DNS Service Enabled
  

  dns:
    enabled: true
    enabledRedirection: true
    type: ClusterIP

   

Procedure

1. Capture the consul-dns service clusterIP
   

   $ oc get svc consul-dns --namespace consul --output jsonpath='{.spec.clusterIP}'
   172.30.186.254

2. Edit the DNS Operator Configuration (as outlined in the OpenShift Documentation)
   

   $ oc edit dns.operator/default

3. Add the consul-dns clusterIP as an upstream server for the consul zone and save the configuration changes
   

   spec:
     servers:
     - name: consul-server
       zones:
       - consul
       forwardPlugin:
         policy: Random
         upstreams:
         - 172.30.186.254 # Set clusterIP for consul-dns service

4. Verify that the DNS Operator applied the changes
   

   $ oc get configmap/dns-default -n openshift-dns -o yaml

   data:
     Corefile: |
       # consul-server
       consul:5353 {
           prometheus 127.0.0.1:9153
           forward . 172.30.186.254 {
               policy random
           }
           errors
           log . {
               class error
           }
           bufsize 1232
           cache 900 {
               denial 9984 30
           }
       }
   

Verification

1. From the terminal of the pod deployed to the Consul Service Mesh, verify the DNS name resolution with the Consul domain
   

   $ nslookup consul.service.consul
   Server: 172.30.0.10
   Address: 172.30.0.10:53
   
   
   Name: consul.service.consul
   Address: 10.129.2.21
   Name: consul.service.consul
   Address: 10.130.2.18
   Name: consul.service.consul
   Address: 10.128.2.19
   
   $ nslookup backend.virtual.consul.ns.consul
   Server: 172.30.0.10
   Address: 172.30.0.10:53
   
   Name: backend.virtual.consul.ns.consul
   Address: 240.0.0.5
   
   Name: backend.virtual.consul.ns.consul
   Address: 240.0.0.5

References

• OpenShift DNS Operator: Using DNS Forwarding