Bug 1791278

Summary: Kuryr is forcing DNS over TCP even if octavia supports TCP/UDP listeners on the same port
Product: OpenShift Container Platform Reporter: Luis Tomas Bolivar <ltomasbo>
Component: NetworkingAssignee: Luis Tomas Bolivar <ltomasbo>
Networking sub component: kuryr QA Contact: GenadiC <gcheresh>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: gcheresh, itbrown
Version: 4.3.0   
Target Milestone: ---   
Target Release: 4.3.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1791277 Environment:
Last Closed: 2020-03-10 23:52:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1791277    
Bug Blocks:    

Description Luis Tomas Bolivar 2020-01-15 12:24:31 UTC 
+++ This bug was initially created as a clone of Bug #1791277 +++

Previous version of Octavia did not support TCP and UDP listeners on the same port. That forces Kuryr to only create TCP listeners and to deploy an admission controller that forces created pods to use TCP for DNS resolution by injecting use-vc configuration into their resolv.conf

For the OSP version with a recent octavia version that allows that, this should not be enforced and UDP should be used for DNS resolution
Comment 3 Itzik Brown 2020-03-03 15:13:01 UTC 
Verified in 4.3.0-0.nightly-2020-03-03-052929

$ openstack loadbalancer listener list  |grep -i dns
| 317029ea-07c1-4fa9-b673-171f1b416036 | 1a7eb4b9-f92f-47bb-9cfb-3b8f578982cb | openshift-dns-operator/metrics:TCP:9393                                       | b677dd9ffbc94241ad0fe05526364179 | TCP      |          9393 | True           |
| 8d9b3efe-0c2d-42e7-be8c-961c45d4fa01 | c729a762-0d2f-4147-9245-4860d66a1f5f | openshift-dns/dns-default:TCP:53                                              | b677dd9ffbc94241ad0fe05526364179 | TCP      |            53 | True           |
| 49450444-8602-41fa-b084-884ba1ec1d6f | 01c04d7b-29b4-4510-bdfc-3eb89ea9b5f9 | openshift-dns/dns-default:TCP:9153                                            | b677dd9ffbc94241ad0fe05526364179 | TCP      |          9153 | True           |
| 62df8bec-09d9-4f0f-8680-83ccadac1d1b | 6230aefe-0a51-4f14-92b1-4c5bea749f80 | openshift-dns/dns-default:UDP:53                                              | b677dd9ffbc94241ad0fe05526364179 | UDP      |            53 | True           |

No kuryr-admission-controller pod
$ oc get pods -n openshift-kuryr
NAME                                READY   STATUS    RESTARTS   AGE
kuryr-cni-7kx4d                     1/1     Running   0          169m
kuryr-cni-cmk95                     1/1     Running   0          166m
kuryr-cni-ghtrl                     1/1     Running   0          166m
kuryr-cni-mn2xf                     1/1     Running   0          169m
kuryr-cni-rwhnz                     1/1     Running   0          167m
kuryr-cni-z5tkv                     1/1     Running   0          168m
kuryr-controller-74b86dc9c5-5vm9l   1/1     Running   3          148m

There is no use-vc in resolv.conf
$ oc exec -it moo-5c97fcb6cb-w444r /bin/sh
~ $ cat /etc/resolv.conf 
search default.svc.cluster.local svc.cluster.local cluster.local ostest.shiftstack.com
nameserver 172.30.0.10
options ndots:5
Comment 5 errata-xmlrpc 2020-03-10 23:52:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0676