No More Self-Building Required! CoreDNS v1.12.2 Now Includes Standard Multicluster Support

This content originally appeared on DEV Community and was authored by Kahiro Okina

TL;DR

• Multicluster support has been integrated into CoreDNS v1.12.2!
  • https://github.com/coredns/coredns/pull/7266
• You can now resolve clusterset.local by just configuring the Corefile and RBAC

Background

Previously, it was necessary to self-build CoreDNS by adding the coredns/multicluster plugin, but starting with CoreDNS v1.12.2, it has been integrated into the Kubernetes plugin, allowing you to handle clusterset.local with just the official image.

Examples of Corefile configuration can be found in the official README.

Setup Method

• Image: Use registry.k8s.io/coredns/coredns:v1.12.2 or later versions
• Edit the Corefile

Corefile Configuration

Add clusterset.local to the kubernetes plugin and enable multicluster.

kubernetes cluster.local clusterset.local {
    multicluster clusterset.local
}

Command to directly patch the existing kube-system/coredns ConfigMap:

kubectl --kubeconfig "${KUBECONFIG}" get configmap -n kube-system coredns -o yaml | \
  sed -E 's/^([[:space:]]*)kubernetes cluster\.local (.*)$/\1kubernetes cluster.local clusterset.local \2\n\1   multicluster clusterset.local/' | \
  kubectl --kubeconfig "${KUBECONFIG}" replace -f-

Verification after application is recommended

Granting Permissions

Extend the ClusterRole so that CoreDNS can list/watch ServiceImport.

rules:
- apiGroups: ["multicluster.x-k8s.io"]
  resources: ["serviceimports"]
  verbs: ["list", "watch"]

Command to add permissions:

kubectl patch clusterrole system:coredns --type=json --patch '[
  {
    "op": "add",
    "path": "/rules/-",
    "value": {
      "apiGroups": ["multicluster.x-k8s.io"],
      "resources": ["serviceimports"],
      "verbs": ["list","watch"]
    }
  }
]'

Rollout

Update the CoreDNS image to v1.12.2.

kubectl -n kube-system set image deploy/coredns coredns=registry.k8s.io/coredns/coredns:v1.12.2
kubectl -n kube-system rollout status deploy/coredns

Verification Tips

1. Check if ServiceImport is visible

kubectl get serviceimports.multicluster.x-k8s.io -A

1. Check if clusterset.local can be resolved

From a debug pod or similar:

kubectl exec -it -n default deploy/your-app -- sh -c 'dig +short my-svc.my-namespace.svc.clusterset.local'

References & Extras

• CoreDNS Kubernetes Plugin Examples: https://github.com/coredns/coredns/blob/master/plugin/kubernetes/README.md#examples
• Demo: Clone https://github.com/kubernetes-sigs/mcs-api/pull/126 and run make demo

This content originally appeared on DEV Community and was authored by Kahiro Okina