github.com/KyaXTeam/consul@v1.4.5/website/source/docs/platform/k8s/dns.html.md (about) 1 --- 2 layout: "docs" 3 page_title: "Consul DNS - Kubernetes" 4 sidebar_current: "docs-platform-k8s-dns" 5 description: |- 6 One of the primary query interfaces to Consul is the DNS interface. The Consul DNS interface can be exposed for all pods in Kubernetes using a stub-domain configuration. 7 --- 8 9 # Consul DNS on Kubernetes 10 11 One of the primary query interfaces to Consul is the 12 [DNS interface](/docs/agent/dns.html). The Consul DNS interface can be 13 exposed for all pods in Kubernetes using a 14 [stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers). 15 16 The stub-domain configuration must point to a static IP of a DNS resolver. 17 The [Helm chart](/docs/platform/k8s/helm.html) creates a `consul-dns` service 18 by default that exports Consul DNS. The cluster IP of this service can be used 19 to configure a stub-domain with kube-dns. While the `kube-dns` configuration 20 lives in the `kube-system` namepace, the IP just has to be routable so the 21 service can live in a different namespace. 22 23 ``` 24 cat <<EOF | kubectl apply -f - 25 apiVersion: v1 26 kind: ConfigMap 27 metadata: 28 labels: 29 addonmanager.kubernetes.io/mode: EnsureExists 30 name: kube-dns 31 namespace: kube-system 32 data: 33 stubDomains: | 34 {"consul": ["$(kubectl get svc consul-dns -o jsonpath='{.spec.clusterIP}')"]} 35 EOF 36 ``` 37 38 -> **Note:** The `stubDomain` can only point to a static IP. If the cluster IP 39 of the `consul-dns` service changes, then it must be updated to continue 40 working. This can happen if the service is deleted and recreated, such as 41 in full cluster rebuilds. 42 43 ## Verifying DNS Works 44 45 To verify DNS works, run a simple job to query DNS. Save the following 46 job to the file `job.yaml` and run it: 47 48 ```yaml 49 apiVersion: batch/v1 50 kind: Job 51 metadata: 52 name: dns 53 spec: 54 template: 55 spec: 56 containers: 57 - name: dns 58 image: anubhavmishra/tiny-tools 59 command: ["dig", "consul.service.consul"] 60 restartPolicy: Never 61 backoffLimit: 4 62 ``` 63 64 ```sh 65 $ kubectl apply -f job.yaml 66 ``` 67 68 Then query the pod name for the job and check the logs. You should see 69 output similar to the following showing a successful DNS query. If you see 70 any errors, then DNS is not configured properly. 71 72 ``` 73 $ kubectl get pods --show-all | grep dns 74 dns-lkgzl 0/1 Completed 0 6m 75 76 $ kubectl logs dns-lkgzl 77 ; <<>> DiG 9.11.2-P1 <<>> consul.service.consul 78 ;; global options: +cmd 79 ;; Got answer: 80 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4489 81 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4 82 83 ;; OPT PSEUDOSECTION: 84 ; EDNS: version: 0, flags:; udp: 4096 85 ;; QUESTION SECTION: 86 ;consul.service.consul. IN A 87 88 ;; ANSWER SECTION: 89 consul.service.consul. 0 IN A 10.36.2.23 90 consul.service.consul. 0 IN A 10.36.4.12 91 consul.service.consul. 0 IN A 10.36.0.11 92 93 ;; ADDITIONAL SECTION: 94 consul.service.consul. 0 IN TXT "consul-network-segment=" 95 consul.service.consul. 0 IN TXT "consul-network-segment=" 96 consul.service.consul. 0 IN TXT "consul-network-segment=" 97 98 ;; Query time: 5 msec 99 ;; SERVER: 10.39.240.10#53(10.39.240.10) 100 ;; WHEN: Wed Sep 12 02:12:30 UTC 2018 101 ;; MSG SIZE rcvd: 206 102 ```