epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 05:45:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow the DNS stack to be backward compatible with an old dns_domain (#10630)

Browse Source 
Handle all old dns domains:
- for nodelocaldns: in the same server block as the current dns_domain
- for coredns: uffix rewrite of each of the old dns domains to the
  current one
This commit is contained in:
Max Gautier
2024-01-24 06:31:22 +01:00
committed by GitHub
parent 0e26f6f3e2
commit c80f2cd573
4 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/dns-stack.md
View File

@@ -143,6 +143,22 @@ coredns_default_zone_cache_block: |
} }
``` ```
### Handle old/extra dns_domains
If you need to change the dns_domain of your cluster for whatever reason (switching to or from `cluster.local` for example),
and you have workloads that embed it in their configuration you can use the variable `old_dns_domains`.
This will add some configuration to coredns and nodelocaldns to ensure the DNS requests using the old domain are handled correctly.
Example:
```yaml
old_dns_domains:
- example1.com
- example2.com
dns_domain: cluster.local
```
will make `my-svc.my-ns.svc.example1.com`, `my-svc.my-ns.svc.example2.com` and `my-svc.my-ns.svc.cluster.local` have the same DNS answer.
### systemd_resolved_disable_stub_listener ### systemd_resolved_disable_stub_listener
Whether or not to set `DNSStubListener=no` when using systemd-resolved. Defaults to `true` on Flatcar. Whether or not to set `DNSStubListener=no` when using systemd-resolved. Defaults to `true` on Flatcar.

4
roles/kubernetes-apps/ansible/defaults/main.yml
View File

@@ -37,6 +37,10 @@ coredns_pod_disruption_budget_max_unavailable: "30%"
# coredns_additional_error_config: | # coredns_additional_error_config: |
# consolidate 5m ".* i/o timeout$" warning # consolidate 5m ".* i/o timeout$" warning
# Configure coredns and nodelocaldns to correctly answer DNS queries when you changed
# your 'dns_domain' and some workloads used it directly.
old_dns_domains: []
# dns_upstream_forward_extra_opts apply to coredns forward section as well as nodelocaldns upstream target forward section # dns_upstream_forward_extra_opts apply to coredns forward section as well as nodelocaldns upstream target forward section
# dns_upstream_forward_extra_opts: # dns_upstream_forward_extra_opts:
# policy: sequential # policy: sequential

3
roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
View File

@@ -49,6 +49,9 @@ data:
{% if coredns_rewrite_block is defined %} {% if coredns_rewrite_block is defined %}
{{ coredns_rewrite_block | indent(width=8, first=False) }} {{ coredns_rewrite_block | indent(width=8, first=False) }}
{% endif %} {% endif %}
{% for old_dns_domain in old_dns_domains %}
rewrite name suffix {{ old_dns_domain }} {{ dns_domain }} answer auto
{% endfor %}
ready ready
kubernetes {{ dns_domain }} {% if coredns_kubernetes_extra_domains is defined %}{{ coredns_kubernetes_extra_domains }} {% endif %}{% if enable_coredns_reverse_dns_lookups %}in-addr.arpa ip6.arpa {% endif %}{ kubernetes {{ dns_domain }} {% if coredns_kubernetes_extra_domains is defined %}{{ coredns_kubernetes_extra_domains }} {% endif %}{% if enable_coredns_reverse_dns_lookups %}in-addr.arpa ip6.arpa {% endif %}{
pods insecure pods insecure

2
roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
View File

@@ -32,7 +32,7 @@ data:
} }
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{{ dns_domain }}:53 { {{ ([dns_domain] + old_dns_domains) | join(' ') }}:53 {
errors errors
cache { cache {
success 9984 30 success 9984 30