Merge pull request #4018 from sadasu/custom-dns

CORS-2814: Add support for in-cluster DNS on Cloud Platforms when cloud DNS cannot be used
openshift · Feb 1, 2024 · 030bcf7 · 030bcf7
2 parents 2da0539 + 11c67c3
commit 030bcf7
Show file tree

Hide file tree

Showing 11 changed files with 1,010 additions and 0 deletions.
diff --git a/install/0000_80_machine-config-operator_00_namespace.yaml b/install/0000_80_machine-config-operator_00_namespace.yaml
@@ -100,4 +100,21 @@ metadata:
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
     security.openshift.io/scc.podSecurityLabelSync: "false"
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-cloud-platform-infra
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+    openshift.io/node-selector: ""
+    workload.openshift.io/allowed: "management"
+  labels:
+    name: openshift-cloud-platform-infra
+    openshift.io/run-level: "" # specify no run-level turns it off on install and upgrades
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
+    security.openshift.io/scc.podSecurityLabelSync: "false"
 
diff --git a/manifests/cloud-platform-alt-dns/coredns-corefile.tmpl b/manifests/cloud-platform-alt-dns/coredns-corefile.tmpl
@@ -0,0 +1,36 @@
+. {
+    errors
+    health :18080
+    forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} {
+        policy sequential
+    }
+    cache 30
+    reload
+    template IN {{`{{ .Cluster.CloudLBRecordType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} {
+        match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }}
+        answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ if gt (len (cloudPlatformIngressLoadBalancerIPs .ControllerConfig)) 0 }}{{ index (cloudPlatformIngressLoadBalancerIPs .ControllerConfig) 0 }}{{ end }}"
+        fallthrough
+    }
+    template IN {{`{{ .Cluster.CloudLBEmptyType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} {
+        match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }}
+        fallthrough
+    }
+    template IN {{`{{ .Cluster.CloudLBRecordType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} {
+        match ^api.{{ .ControllerConfig.DNS.Spec.BaseDomain }}
+        answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ if gt (len (cloudPlatformAPILoadBalancerIPs .ControllerConfig)) 0 }}{{ index (cloudPlatformAPILoadBalancerIPs .ControllerConfig) 0 }}{{ end }}"
+        fallthrough
+    }
+    template IN {{`{{ .Cluster.CloudLBEmptyType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} {
+        match ^api.{{ .ControllerConfig.DNS.Spec.BaseDomain }}
+        fallthrough
+    }
+    template IN {{`{{ .Cluster.CloudLBRecordType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} {
+        match ^api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }}
+        answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ if gt (len (cloudPlatformAPIIntLoadBalancerIPs .ControllerConfig)) 0 }}{{ index (cloudPlatformAPIIntLoadBalancerIPs .ControllerConfig) 0 }}{{ end }}"
+        fallthrough
+    }
+    template IN {{`{{ .Cluster.CloudLBEmptyType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} {
+        match ^api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }}
+        fallthrough
+    }
+}
diff --git a/manifests/cloud-platform-alt-dns/coredns.yaml b/manifests/cloud-platform-alt-dns/coredns.yaml
@@ -0,0 +1,85 @@
+---
+kind: Pod
+apiVersion: v1
+metadata:
+  name: coredns
+  namespace: openshift-cloud-platform-infra
+  creationTimestamp:
+  deletionGracePeriodSeconds: 65
+  labels:
+    app: cloud-platform-infra-coredns
+  annotations:
+    target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
+spec:
+  volumes:
+  - name: resource-dir
+    hostPath:
+      path: "/etc/kubernetes/static-pod-resources/coredns"
+  - name: kubeconfig
+    hostPath:
+      path: "/etc/kubernetes/kubeconfig"
+  - name: conf-dir
+    empty-dir: {}
+  - name: manifests
+    hostPath:
+      path: "/opt/openshift/manifests"
+  initContainers:
+  - name: render-config
+    image: {{ .Images.BaremetalRuntimeCfgBootstrap }}
+    command:
+    - runtimecfg
+    - render
+    - "/etc/kubernetes/kubeconfig"
+    - "--cloud-ext-lb-ips"
+    - "{{- range $index, $ip := cloudPlatformAPILoadBalancerIPs .ControllerConfig }}{{ if gt $index 0 }},{{end}}{{$ip}}{{end}}"
+    - "--cloud-int-lb-ips"
+    - "{{- range $index, $ip := cloudPlatformAPIIntLoadBalancerIPs .ControllerConfig }}{{ if gt $index 0 }},{{end}}{{$ip}}{{end}}"
+    - "--cloud-ingress-lb-ips"
+    - "{{- range $index, $ip := cloudPlatformIngressLoadBalancerIPs .ControllerConfig }}{{ if gt $index 0 }},{{end}}{{$ip}}{{end}}"
+    - "/config"
+    - "--out-dir"
+    - "/etc/coredns"
+    - "--cluster-config"
+    - "/opt/openshift/manifests/cluster-config.yaml"
+  resources: {}
+  volumeMounts:
+  - name: kubeconfig
+    mountpath: "/etc/kubernetes/kubeconfig"
+  - name: resource-dir
+    mountpath: "/config"
+  - name: conf-dir
+    mountpath: "/etc/coredns"
+  - name: manifests
+    mountpath: "/opt/openshift/manifests"
+    imagePullPolicy: IfNotPresent
+  containers:
+  - name: coredns
+    securityContext:
+      privileged: true
+      readOnlyRootFilesystem: false
+    image: {{ .Images.CorednsBootstrap }}
+    args:
+    - "--conf"
+    - "/etc/coredns/Corefile"
+    resources:
+      requests:
+        cpu: 100m
+        memory: 200Mi
+    volumeMounts:
+    - name: conf-dir
+      mountPath: "/etc/coredns"
+    livenessProbe:
+      httpGet:
+        path: /health
+        port: 18080
+        scheme: HTTP
+      initialDelaySeconds: 60
+      timeoutSeconds: 5
+      successThreshold: 1
+      failureThreshold: 5
+    terminationMessagePolicy: FallbackToLogsOnError
+  hostNetwork: true
+  tolerations:
+  - operator: Exists
+  priorityClassName: system-node-critical
+status: {}