DNS service tags in Kubernetes

Hi all,

We are running Consul on baremetal and we are primarily using the DNS interface. So we define service files for each service and then we address them with their Consul domain name such as mysql.service.consul For some instances of that service, in that case MySQL, we specify some tags so we can differentiate them ie big.mysql.service.consul or small.mysql.service.consul

We are trying to replicate this setup in Kubernetes but I haven’t figured out a way for the tags to work in DNS. The resolution of mysql.service.consul works fine but despite setting service-tags it fails to resolve big.mysql.service.consul

Is this even supported in Kubernetes or am I configuring something wrong?

Cheers!

Hi @kouzant,

I hope you are using the syncCatalog feature, as the documentation you linked is to be used with sync catalog functionality.

By default when the services are synced from Kubernetes to Consul, the service name will be of type <service-name>-<k8s-namespace>. Where <service-name> is the name field under service metadata.

ref:

• Service Sync for Consul on Kubernetes | Consul | HashiCorp Developer
• Helm Chart Reference | Consul | HashiCorp Developer

With the above information, if your service name (service.metadata.name) is mysql, the service will be registered as mysql-<k8s-namespace>. So including the tag, you will have to use big.mysql-<k8s-namespace>.service-consul.

Instead of disabling this feature globally, you can override the service name using the service-name annotation.

eg.:

---
apiVersion: v1
kind: Service
metadata:
  name: mysql
  namespace: default
  labels:
    app: mysql
  annotations:
    'consul.hashicorp.com/service-tags': 'big'
    'consul.hashicorp.com/service-name': 'mysql'

I hope this helps.

Hi @Ranjandas
I’ve followed the tutorial deploying consul and the example hashicups application. I haven’t changed the default helm values so service sync should be enabled by default.

I have slightly changed one of hashicups services, adding the service tags so now the service definition looks like the following

kubectl describe svc nginx 
Name:              nginx
Namespace:         default
Labels:            app=nginx
Annotations:       consul.hashicorp.com/service-tags: web
Selector:          app=nginx
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.43.37.223
IPs:               10.43.37.223
Port:              <unset>  80/TCP
TargetPort:        80/TCP
Endpoints:         10.42.2.50:80
Session Affinity:  None
Events:            <none>

I have also changed CoreDNS configuration and in fact from another pod I have resolve nginx.service.consul (k8s namespace does not seem to be working, maybe an enterprise feature?)

dig nginx.service.consul

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> nginx.service.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28937
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dda320202d60972c (echoed)
;; QUESTION SECTION:
;nginx.service.consul.		IN	A

;; ANSWER SECTION:
nginx.service.consul.	5	IN	A	10.42.2.50

;; Query time: 4 msec
;; SERVER: 10.43.0.10#53(10.43.0.10) (UDP)
;; WHEN: Mon Oct 09 08:27:37 UTC 2023
;; MSG SIZE  rcvd: 97

Nevertheless when I add my tag, I cannot resolve the domain name.

dig web.nginx.service.consul

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> web.nginx.service.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34007
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1c65bf7749bb848e (echoed)
;; QUESTION SECTION:
;web.nginx.service.consul.	IN	A

;; AUTHORITY SECTION:
consul.			5	IN	SOA	ns.consul. hostmaster.consul. 1696840112 3600 600 86400 0

;; Query time: 0 msec
;; SERVER: 10.43.0.10#53(10.43.0.10) (UDP)
;; WHEN: Mon Oct 09 08:28:32 UTC 2023
;; MSG SIZE  rcvd: 133

Am I doing something wrong or my assumption of tags is invalid?

Hi @kouzant,

Could you please link to the documentation that you referred to? In addition, sharing the Helm overrides (values.yaml) will be helpful (helm get values <release name>).

Please note that the default installation of Consul on K8S does not enable syncCatalog. If you have sync Catalog enabled, you should try querying for web.nginx-<namespace>.service.consul.

Here is a demo of how it works.

https://asciinema.org/a/rlbkxfb1IPuw4LlTaPQjEMRiJ