This example demonstrates how an external client configures DNS from the connected endpoint. Note: NSE provides DNS by itself. Also, NSE could provide configs for any other external DNS servers(that are not located as sidecar with NSE).
Make sure that you have completed steps from features
Note: Admission webhook is required and should be started at this moment.
WH=$(kubectl get pods -l app=admission-webhook-k8s -n nsm-system --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
kubectl wait --for=condition=ready --timeout=1m pod ${WH} -n nsm-system- Create test namespace:
NAMESPACE=($(kubectl create -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/c89573ec0f82ee02c425c43da72b026397cb52fc/examples/features/namespace.yaml)[0])
NAMESPACE=${NAMESPACE:10}- Get all available nodes to deploy:
NODES=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{index .metadata.labels "kubernetes.io/hostname"}} {{end}}{{end}}'))- Create alpine deployment and set
nodeSelectorto the first node:
cat > alpine.yaml <<EOF
---
apiVersion: v1
kind: Pod
metadata:
name: alpine
annotations:
networkservicemesh.io: kernel://my-coredns-service/nsm-1
labels:
app: alpine
"spiffe.io/spiffe-id": "true"
spec:
containers:
- name: alpine
image: alpine
imagePullPolicy: IfNotPresent
stdin: true
tty: true
nodeSelector:
kubernetes.io/hostname: ${NODES[0]}
EOF- Add to nse-kernel the corends container and set
nodeSelectorit to the second node:
cat > patch-nse.yaml <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nse-kernel
spec:
template:
spec:
containers:
- name: nse
env:
- name: NSM_SERVICE_NAMES
value: my-coredns-service
- name: NSM_CIDR_PREFIX
value: 172.16.1.100/31
- name: NSM_DNS_CONFIGS
value: "[{\"dns_server_ips\": [\"172.16.1.100\"], \"search_domains\": [\"my.coredns.service\"]}]"
- name: coredns
image: coredns/coredns:1.8.3
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
nodeSelector:
kubernetes.io/hostname: ${NODES[1]}
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
EOF- Create kustomization file:
cat > kustomization.yaml <<EOF
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: ${NAMESPACE}
bases:
- https://github.com/networkservicemesh/deployments-k8s/apps/nse-kernel?ref=c89573ec0f82ee02c425c43da72b026397cb52fc
resources:
- alpine.yaml
- https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/c89573ec0f82ee02c425c43da72b026397cb52fc/examples/features/dns/coredns-config-map.yaml
patchesStrategicMerge:
- patch-nse.yaml
EOF- Deploy alpine and nse
kubectl apply -k .- Wait for applications ready:
kubectl wait --for=condition=ready --timeout=5m pod alpine -n ${NAMESPACE}kubectl wait --for=condition=ready --timeout=5m pod -l app=nse-kernel -n ${NAMESPACE}- Find NSC and NSE pods by labels:
NSC=$(kubectl get pods -l app=alpine -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')NSE=$(kubectl get pods -l app=nse-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')- Install
nslookupto alpine:
kubectl exec ${NSC} -c alpine -n ${NAMESPACE} -- sh -c "apk update && apk add bind-tools"- Ping from alpine to NSE by domain name:
kubectl exec ${NSC} -c alpine -n ${NAMESPACE} -- nslookup -nodef -norec my.coredns.servicekubectl exec ${NSC} -c alpine -n ${NAMESPACE} -- ping -c 4 my.coredns.service- Validate that default DNS server is working:
kubectl exec ${NSC} -c alpine -n ${NAMESPACE} -- nslookup -nodef google.comDelete ns:
kubectl delete ns ${NAMESPACE}