Skip to content
CoreDNS gRPC plugin to serve DNS records out of Istio ServiceEntries
Go Dockerfile Makefile Shell
Branch: master
Clone or download
Shriram Rajagopalan
Shriram Rajagopalan istio api vendor update
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
Latest commit 051e2c6 Mar 6, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
api init Aug 20, 2018
etc init Aug 20, 2018
vendor istio api vendor update Mar 6, 2019
.gitignore init Aug 20, 2018
Dockerfile init Aug 20, 2018
Gopkg.lock istio api vendor update Mar 6, 2019
Gopkg.toml update vendor Nov 2, 2018
LICENSE Initial commit Aug 20, 2018
Makefile update vendor Nov 2, 2018
README.md Mint a fake VIP for ServiceEntries with no addresses (#1) Oct 3, 2018
coredns.yaml moar updates Sep 24, 2018
plugin.go Mint a fake VIP for ServiceEntries with no addresses (#1) Oct 3, 2018

README.md

istio-coredns-plugin

CoreDNS gRPC plugin to serve DNS records out of Istio ServiceEntries.

The plugin runs as a separate container in the CoreDNS pod, serving DNS A records over gRPC to CoreDNS.

Hosts in service entries which also contain addresses will resolve to those addresses, as long as they're host addresses not CIDR ranges.

Service entries without addresses will by default not resolve, unless the --default-address flag is given, in which case that address will be used for address-less service entries.

Wildcard hosts in the service entries will also resolve appropriately. E.g., consider the following service entry:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
spec:
  hosts:
  - *.google.com
  addresses:
  - 17.17.17.17
  - 9.9.9.9
  resolution: STATIC
  endpoints:
  - ...

A query against the coreDNS pod would return the following:

$ dig +short @<coreDNSIP> A maps.google.com
17.17.17.17
9.9.9.9

$ dig +short @<coreDNSIP> A mail.google.com
17.17.17.17
9.9.9.9

$ dig +short @<coreDNSIP> A google.com
 # no response

Usage

Deploy the core-DNS service in the istio-system namespace

kubectl apply -f coredns.yaml

Update the kube-dns config map to point to this coredns service as the upstream DNS service for the *.global domain. You will have to find out the cluster IP of coredns service and update the config map (or write a controller for this purpose!).

E.g.

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stubDomains: |
    {"global": ["10.2.3.4"]}
You can’t perform that action at this time.