Why must I use CoreDNS in the two Cluster1 and Cluster2?

[gyliu513]

What is the problem if I use kube-dns in Cluster1 and Cluster2? @rshriram

[rshriram]

We need something to resolve *.x.global to 1.1.1.1. Hence the reason for using CoreDNS. We could set it up as an upstream DNS server, but that requires us to obtain the cluster IP of coreDNS and then create the kube config that configures kube-dns to use CoreDNS as the upstream DNS. I don't mind doing this.

[gyliu513]

Thanks @rshriram , can you please show more detail for why need resolve *.x.global to 1.1.1.1?

[rshriram]

So the traffic has to get out of the application so that the sidecar can capture the traffic and then apply HTTP/SNI based routing. In order to make the application make an outbound call, server.cluster2.global has to resolve to some IP so that the OS connect() call can be made. 1.1.1.1 is simply a dummy IP chosen for this purpose.

[gyliu513]

I see, so we are also using this ServiceEntry to enable server.cluster2.global can be accessed. With the CoreDNS here, all services in the format of *.x.global will be resolved to 1.1.1.1, right? And we only want to use this way to make the service is DNS resolvable with a dummy IP?

# One service entry for each cluster to bridge
# the endpoint.address should be the ingress gateway adress of the cluster.
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: external-service-cluster2
spec:
  hosts:
  - "*.cluster2.global"
  ports:
  - number: 80
    name: http
    protocol: HTTP
  - number: 443 #this will exit from sidecar if user does https
    name: https
    protocol: HTTPS
  resolution: DNS
  endpoints:
    # address of ingressgateway of this cluster
  - address: __REPLACEME__
    ports:
      http: 80
      https: 443

[rshriram]

yes

[gyliu513]

thanks @rshriram