Kahiro Okina

Posted on Sep 8

No More Self-Building Required! CoreDNS v1.12.2 Now Includes Standard Multicluster Support

#kubernetes #coredns #multicluster #mcs

TL;DR

Multicluster support has been integrated into CoreDNS v1.12.2!
- https://github.com/coredns/coredns/pull/7266
You can now resolve clusterset.local by just configuring the Corefile and RBAC

Background

Previously, it was necessary to self-build CoreDNS by adding the coredns/multicluster plugin, but starting with CoreDNS v1.12.2, it has been integrated into the Kubernetes plugin, allowing you to handle clusterset.local with just the official image.

Examples of Corefile configuration can be found in the official README.

Setup Method

Image: Use registry.k8s.io/coredns/coredns:v1.12.2 or later versions
Edit the Corefile

Corefile Configuration

Add clusterset.local to the kubernetes plugin and enable multicluster.

kubernetes cluster.local clusterset.local {
    multicluster clusterset.local
}

Command to directly patch the existing kube-system/coredns ConfigMap:

kubectl --kubeconfig "${KUBECONFIG}" get configmap -n kube-system coredns -o yaml | \
  sed -E 's/^([[:space:]]*)kubernetes cluster\.local (.*)$/\1kubernetes cluster.local clusterset.local \2\n\1   multicluster clusterset.local/' | \
  kubectl --kubeconfig "${KUBECONFIG}" replace -f-

Verification after application is recommended

Granting Permissions

Extend the ClusterRole so that CoreDNS can list/watch ServiceImport.

rules:
- apiGroups: ["multicluster.x-k8s.io"]
  resources: ["serviceimports"]
  verbs: ["list", "watch"]

Command to add permissions:

kubectl patch clusterrole system:coredns --type=json --patch '[
  {
    "op": "add",
    "path": "/rules/-",
    "value": {
      "apiGroups": ["multicluster.x-k8s.io"],
      "resources": ["serviceimports"],
      "verbs": ["list","watch"]
    }
  }
]'

Rollout

Update the CoreDNS image to v1.12.2.

kubectl -n kube-system set image deploy/coredns coredns=registry.k8s.io/coredns/coredns:v1.12.2
kubectl -n kube-system rollout status deploy/coredns

Verification Tips

Check if ServiceImport is visible

kubectl get serviceimports.multicluster.x-k8s.io -A

Check if clusterset.local can be resolved

From a debug pod or similar:

kubectl exec -it -n default deploy/your-app -- sh -c 'dig +short my-svc.my-namespace.svc.clusterset.local'

References & Extras

CoreDNS Kubernetes Plugin Examples: https://github.com/coredns/coredns/blob/master/plugin/kubernetes/README.md#examples
Demo: Clone https://github.com/kubernetes-sigs/mcs-api/pull/126 and run make demo

DEV Community