CoreDNS pod definition and Corefile template for control plane

For cloud platforms where customers are allowed to bring their own DNS post cluster install, an in-cluster DNS solution is required for the installation to be successful. Adding the manifest containing CoreDNS pod definition and Corefile template to be used by the MCO instance running on the control plane.
openshift · Nov 16, 2023 · e5a1767 · e5a1767
1 parent 43923bf
commit e5a1767
Show file tree

Hide file tree

Showing 3 changed files with 162 additions and 0 deletions.
diff --git a/pkg/controller/template/render.go b/pkg/controller/template/render.go
@@ -334,6 +334,7 @@ func renderTemplate(config RenderConfig, path string, b []byte) ([]byte, error)
 	funcs["urlHost"] = urlHost
 	funcs["urlPort"] = urlPort
 	funcs["isOpenShiftManagedDefaultLB"] = isOpenShiftManagedDefaultLB
+	funcs["cloudPlatformShortName"] = cloudPlatformShortName
 	tmpl, err := template.New(path).Funcs(funcs).Parse(string(b))
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse template %s: %w", path, err)
@@ -687,3 +688,15 @@ func isOpenShiftManagedDefaultLB(cfg RenderConfig) bool {
 	}
 	return false
 }
+
+func cloudPlatformShortName(cfg RenderConfig) interface{} {
+	if cfg.Infra.Status.PlatformStatus != nil {
+		switch cfg.Infra.Status.PlatformStatus.Type {
+		case configv1.GCPPlatformType:
+			return "gcp"
+		default:
+			return ""
+		}
+	}
+	return ""
+}
diff --git a/templates/common/cloud-platform-alt-dns/files/coredns-corefile.yaml b/templates/common/cloud-platform-alt-dns/files/coredns-corefile.yaml
@@ -0,0 +1,40 @@
+mode: 0644
+path: "/etc/kubernetes/static-pod-resources/coredns/Corefile.tmpl"
+contents:
+  inline: |
+    . {
+        errors
+        bufsize 512
+        health :18080
+        forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} {
+            policy sequential
+        }
+        cache 30
+        reload
+        template IN {{`{{ .Cluster.CloudLBRecordType }}`}} {{ .DNS.Spec.BaseDomain }} {
+            match ^api.{{ .DNS.Spec.BaseDomain }}
+            answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ if gt (len (.Cluster.APILBIPs )) 0 }}{{ index (.Cluster.APILBIPs) 0 }}{{ end }}"
+            fallthrough
+        }
+        template IN {{`{{ .Cluster.CloudLBEmptyType }}`}} {{ .DNS.Spec.BaseDomain }} {
+            match ^api.{{ .DNS.Spec.BaseDomain }}
+            {{ if gt (len (.Cluster.APILBIPs )) 1 }}answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ index (.Cluster.APILBIPs) 1 }}"{{ end }}
+            fallthrough
+        }
+        template IN {{`{{ .Cluster.CloudLBRecordType }}`}} {{ .DNS.Spec.BaseDomain }} {
+            match ^api-int.{{ .DNS.Spec.BaseDomain }}
+            answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ if gt (len (.Cluster.APIIntLBIPs)) 0 }}{{ index (.Cluster.APIIntLBIPs) 0 }}{{ end }}"
+            fallthrough
+        }
+        template IN {{`{{ .Cluster.CloudLBEmptyType }}`}} {{ .DNS.Spec.BaseDomain }} {
+            match ^api-int.{{ .DNS.Spec.BaseDomain }}
+            {{ if gt (len (.Cluster.APIIntLBIPs)) 1 }}answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ index (.Cluster.APIIntLBIPs) 1 }}"{{ end }}
+            fallthrough
+        }
+        hosts {
+            {{`{{- range .Cluster.NodeAddresses }}
+            {{ .Address }} {{ .Name }} {{ .Name }}.{{ $.Cluster.Name }}.{{ $.Cluster.Domain }}
+            {{- end }}`}}
+            fallthrough
+        }
+    }
diff --git a/templates/common/cloud-platform-alt-dns/files/coredns.yaml b/templates/common/cloud-platform-alt-dns/files/coredns.yaml
@@ -0,0 +1,109 @@
+mode: 0644
+path: {{ if gt (len (.CloudIntLBIPs)) 0 -}} "/etc/kubernetes/manifests/coredns.yaml" {{ else }} "/etc/kubernetes/disabled-manifests/coredns.yaml" {{ end }}
+contents:
+  inline: |
+    kind: Pod
+    apiVersion: v1
+    metadata:
+      name: coredns
+      namespace: openshift-{{ cloudPlatformShortName . }}-infra
+      creationTimestamp:
+      deletionGracePeriodSeconds: 65
+      labels:
+        app: {{ cloudPlatformShortName . }}-infra-coredns
+    spec:
+      volumes:
+      - name: resource-dir
+        hostPath:
+          path: "/etc/kubernetes/static-pod-resources/coredns"
+      - name: kubeconfig
+        hostPath:
+          path: "/var/lib/kubelet"
+      - name: conf-dir
+        hostPath:
+          path: "/etc/coredns"
+      initContainers:
+      - name: render-config-coredns
+        image: {{ .Images.baremetalRuntimeCfgImage }}
+        command:
+        - runtimecfg
+        - render
+        - "/var/lib/kubelet/kubeconfig"
+        - "--cloud-ext-lb-ips"
+        - "{{- range $index, $ip := .CloudExtLBIPs }}{{ if gt $index 0 }},{{end}}{{$ip}}{{end}}"
+        - "--cloud-int-lb-ips"
+        - "{{- range $index, $ip := .CloudIntLBIPs }}{{ if gt $index 0 }},{{end}}{{$ip}}{{end}}"
+        - "/config"
+        - "--out-dir"
+        - "/etc/coredns"
+        resources: {}
+        volumeMounts:
+        - name: kubeconfig
+          mountPath: "/var/lib/kubelet"
+          mountPropagation: HostToContainer
+        - name: resource-dir
+          mountPath: "/config"
+          mountPropagation: HostToContainer
+        - name: conf-dir
+          mountPath: "/etc/coredns"
+          mountPropagation: HostToContainer
+        imagePullPolicy: IfNotPresent
+      containers:
+      - name: coredns
+        securityContext:
+          privileged: true
+        image: {{.Images.corednsImage}}
+        args:
+        - "--conf"
+        - "/etc/coredns/Corefile"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: conf-dir
+          mountPath: "/etc/coredns"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 18080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 5
+        terminationMessagePolicy: FallbackToLogsOnError
+        imagePullPolicy: IfNotPresent
+      - name: coredns-monitor
+        securityContext:
+          privileged: true
+        image: {{ .Images.baremetalRuntimeCfgImage }}
+        command:
+        - corednsmonitor
+        - "/var/lib/kubelet/kubeconfig"
+        - "/config/Corefile.tmpl"
+        - "/etc/coredns/Corefile"
+        - "--cloud-ext-lb-ips"
+        - "{{- range $index, $ip := .CloudExtLBIPs }}{{ if gt $index 0 }},{{end}}{{$ip}}{{end}}"
+        - "--cloud-int-lb-ips"
+        - "{{- range $index, $ip := .CloudIntLBIPs }}{{ if gt $index 0 }},{{end}}{{$ip}}{{end}}"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 200Mi          
+        volumeMounts:
+        - name: kubeconfig
+          mountPath: "/var/lib/kubelet"
+          mountPropagation: HostToContainer
+        - name: resource-dir
+          mountPath: "/config"
+          mountPropagation: HostToContainer
+        - name: conf-dir
+          mountPath: "/etc/coredns"
+          mountPropagation: HostToContainer
+        imagePullPolicy: IfNotPresent        
+      hostNetwork: true
+      tolerations:
+      - operator: Exists
+      priorityClassName: system-node-critical
+    status: {}