Exposing port 53 as localstack is also a DNS server

[ezraroi]

When running in K8S, we need to be able to use LocalStack DNS server capability (Transparent Endpoint Injection).
The helm chart does not allow to bind that port which makes this immposible to use this feature in K8S

[alexrashed]

Hi @ezraroi!
As discussed in #103, this is already in main and will be part of the next release (which will be created in the upcoming days after merging #107).

[ezraroi]

Thanks!

[ezraroi]

@alexrashed Don't we need also to expose this port as part of the service object? Otherwise, how can we configure all pods to you LocalStack as DNS server?

[ezraroi]

Also how did you think to use this feature in K8S? Config CoreDNS to forward all AWS domains to localstack DNS server? If yes, we need to edit the CoreDNS config.

[cabeaulac]

Hi @ezraroi . We're developing a repo that runs LocalStack in EKS with the DNS Servicer configured in CoreDNS. It's all running now and I'll make it public by COB tomorrow (is my plan).

[cabeaulac]

@ezraroi Heads up. I'm also using a dev container in the K8S namespace to be the client to LS. This diag doesn't have the K8S Services or CoreDNS in it but it gives you the idea.

[ezraroi]

@cabeaulac Thanks for your answer and digram. Waiting for that repo.

[ezraroi]

@cabeaulac Any updates on the repo with working example?

[cabeaulac]

Hey @ezraroi . Find me and a link to the repo in this post. https://www.linkedin.com/posts/chad-beaulac_aws-eks-k8s-activity-7153140232622587905-hPO6?utm_source=share&utm_medium=member_desktop

[alexrashed]

Hey @ezraroi!
Please let me know if this sample repo from @cabeaulac helps.
If it does, I'd close the issue. If it doesn't please let us know what you are missing / what open questions you have. :)
Thanks!

[rattboi]

I would say pointing at another repo that requires devxpod to work isn't a real solution. I agree with @ezraroi that you should be exposing the DNS ports via the k8s service, and then configuring Coredns to delegate the localstack domain to it.

I've done some hand-edits to the manifests generated by this chart and it all works great once I add dns exposed on port 53, both TCP and UDP, setup a clusterIP: w.x.y.z value for the service as well so it has a static clusterIP, and the following in Coredns's Configmap Corefile:

localhost.localstack.cloud:53 {
  errors
  cache 30
  forward . w.x.y.z # the service's clusterIP
}

[alexrashed]

Yeah, I agree, I think it would make sense.
However, since this wouldn't be a default feature, and some nodes might not allow port 53 by default, I think this should be an opt-in feature (to enable the exposure of the DNS port 53).
What do you think, @rattboi? Would you be up to creating a PR? 😛

[rattboi]

However, since this wouldn't be a default feature, and some nodes might not allow port 53 by default, I think this should be an opt-in feature (to enable the exposure of the DNS port 53).

Since it's exposed as a ClusterIP and not NodePort, I don't think the node has any limitations in this way

What do you think, @rattboi? Would you be up to creating a PR? 😛

I can definitely do this. I wanted to make sure that people were in alignment that this is an acceptable solution first.