helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard
verified publisher icon localstack

Exposing port 53 as localstack is also a DNS server

Open ezraroi opened this issue 2 years ago • 10 comments

When running in K8S, we need to be able to use LocalStack DNS server capability (Transparent Endpoint Injection). The helm chart does not allow to bind that port which makes this immposible to use this feature in K8S

ezraroi avatar Jan 11 '24 12:01 ezraroi

Hi @ezraroi! As discussed in #103, this is already in main and will be part of the next release (which will be created in the upcoming days after merging #107).

alexrashed avatar Jan 11 '24 12:01 alexrashed

Thanks!

ezraroi avatar Jan 11 '24 13:01 ezraroi

@alexrashed Don't we need also to expose this port as part of the service object? Otherwise, how can we configure all pods to you LocalStack as DNS server?

ezraroi avatar Jan 11 '24 15:01 ezraroi

Also how did you think to use this feature in K8S? Config CoreDNS to forward all AWS domains to localstack DNS server? If yes, we need to edit the CoreDNS config.

ezraroi avatar Jan 11 '24 15:01 ezraroi

Hi @ezraroi . We're developing a repo that runs LocalStack in EKS with the DNS Servicer configured in CoreDNS. It's all running now and I'll make it public by COB tomorrow (is my plan).

cabeaulac avatar Jan 11 '24 16:01 cabeaulac

@ezraroi Heads up. I'm also using a dev container in the K8S namespace to be the client to LS. This diag doesn't have the K8S Services or CoreDNS in it but it gives you the idea. design-ls-on-aws-eks drawio

cabeaulac avatar Jan 11 '24 16:01 cabeaulac

@cabeaulac Thanks for your answer and digram. Waiting for that repo.

ezraroi avatar Jan 12 '24 09:01 ezraroi

@cabeaulac Any updates on the repo with working example?

ezraroi avatar Jan 15 '24 15:01 ezraroi

Hey @ezraroi . Find me and a link to the repo in this post. https://www.linkedin.com/posts/chad-beaulac_aws-eks-k8s-activity-7153140232622587905-hPO6?utm_source=share&utm_medium=member_desktop

cabeaulac avatar Jan 17 '24 16:01 cabeaulac

Hey @ezraroi! Please let me know if this sample repo from @cabeaulac helps. If it does, I'd close the issue. If it doesn't please let us know what you are missing / what open questions you have. :) Thanks!

alexrashed avatar Jan 19 '24 09:01 alexrashed

I would say pointing at another repo that requires devxpod to work isn't a real solution. I agree with @ezraroi that you should be exposing the DNS ports via the k8s service, and then configuring Coredns to delegate the localstack domain to it.

I've done some hand-edits to the manifests generated by this chart and it all works great once I add dns exposed on port 53, both TCP and UDP, setup a clusterIP: w.x.y.z value for the service as well so it has a static clusterIP, and the following in Coredns's Configmap Corefile:

localhost.localstack.cloud:53 {
  errors
  cache 30
  forward . w.x.y.z # the service's clusterIP
}

rattboi avatar May 13 '24 20:05 rattboi

Yeah, I agree, I think it would make sense. However, since this wouldn't be a default feature, and some nodes might not allow port 53 by default, I think this should be an opt-in feature (to enable the exposure of the DNS port 53). What do you think, @rattboi? Would you be up to creating a PR? 😛

alexrashed avatar May 14 '24 07:05 alexrashed

However, since this wouldn't be a default feature, and some nodes might not allow port 53 by default, I think this should be an opt-in feature (to enable the exposure of the DNS port 53).

Since it's exposed as a ClusterIP and not NodePort, I don't think the node has any limitations in this way

What do you think, @rattboi? Would you be up to creating a PR? 😛

I can definitely do this. I wanted to make sure that people were in alignment that this is an acceptable solution first.

rattboi avatar May 14 '24 15:05 rattboi