Bug 1880902

Summary: need dnsPlocy set in crd ingresscontrollers
Product: OpenShift Container Platform Reporter: zhangguanzhang <zhangguanzhang>
Component: NetworkingAssignee: Miheer Salunke <misalunk>
Networking sub component: router QA Contact: Hongan Li <hongli>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: amcdermo, aos-bugs, misalunk
Version: 4.5   
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:18:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description zhangguanzhang 2020-09-21 04:41:16 UTC 
Description of problem:

```shell
[root@master2 ~]# crictl pods --name router-default-fb744fb7f-hmmn5 -q
0a0c7cc6d1ad6815f7613fd758c5329c4265ddb6607f568b69e30fdafdfc0a52
[root@master2 ~]# crictl ps --pod=0a0c7cc6d1ad6815f7613fd758c5329c4265ddb6607f568b69e30fdafdfc0a52
CONTAINER           IMAGE                                                              CREATED             STATE               NAME                ATTEMPT             POD ID
b04c17fb1c58d       dd7aaceb9081f88c9ba418708f32a66f5de4e527a00c7f6ede50d55c93eb04ed   3 days ago          Running             router              1                   0a0c7cc6d1ad6
[root@master2 ~]# crictl exec b04 cat /etc/resolv.conf
search openshift4.example.com
nameserver 10.226.45.250
[root@master2 ~]# crictl exec b04 curl -s kubernetes.default.svc.cluster.local
FATA[0000] execing command in container failed: command terminated with exit code 6 
[root@master2 ~]# crictl exec b04 curl  kubernetes.default.svc.cluster.local
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (6) Could not resolve host: kubernetes.default.svc.cluster.local; Unknown error
FATA[0000] execing command in container failed: command terminated with exit code 6 
```

```
[root@bastion ~]# oc -n openshift-dns get svc
NAME          TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE
dns-default   ClusterIP   172.30.0.10   <none>        53/UDP,53/TCP,9154/TCP   3d17h
```

Version-Release number of selected component (if applicable):
ocp version `4.5.9`
```
[root@master2 ~]# crictl exec b04 /usr/bin/openshift-router version
openshift-router

majorFromGit: 
minorFromGit: 
commitFromGit: e3b9390202c6f9a9d986d9465c5f25e2214936e3
versionFromGit: 4.0.0-143-ge3b9390
gitTreeState: clean
buildDate: 2020-09-04T14:15:28Z

```
How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

```
[root@master2 ~]# crictl exec b04 cat /etc/resolv.conf
search openshift-ingress.cluster.local svc.cluster.local cluster.local
options ndots:5
nameserver 172.30.0.10
```

Additional info:
Comment 1 Andrew McDermott 2020-09-21 17:24:42 UTC 
Which platform is this?
What DNS policy do you see set?

Looking at my AWS cluster I see:

$ oc  get pods -n openshift-ingress router-default-58db4cf8d4-cv9lc  -o yaml |ag dns
          "dns": {}
          "dns": {}
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirst
Comment 2 Andrew McDermott 2020-09-21 17:25:41 UTC 
Target set to next release version while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved.
Comment 3 zhangguanzhang 2020-09-23 07:24:53 UTC 
I want to set it to `ClusterFirstWithHostNet`
Comment 4 Andrew McDermott 2020-10-02 18:40:36 UTC 
Tagging with UpcomingSprint while investigation is either ongoing or
pending. Will be considered for earlier release versions when
diagnosed and resolved.
Comment 5 Andrew McDermott 2020-10-02 18:41:44 UTC 
(In reply to zhangguanzhang from comment #3)
> I want to set it to `ClusterFirstWithHostNet`

If the endpoint publishing strategy type is set to host network then
we should automatically set the dnsPolicy with ClusterFirstWithHostNet.

Would that be your expectation?
Comment 6 zhangguanzhang 2020-10-03 14:18:07 UTC 
yes, could add a field let user to  set it
Comment 9 Hongan Li 2020-12-04 09:47:17 UTC 
Verified with 4.7.0-0.nightly-2020-12-04-013308 in vSphere which using HostNetwork and passed.

[root@preserve-hongli-ipv6 ~]# oc -n openshift-ingress get deployment router-default -oyaml
<---snip--->
      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true


# oc -n openshift-ingress exec router-default-589b49584-fhptg -- cat /etc/resolv.conf
search openshift-ingress.svc.cluster.local svc.cluster.local cluster.local hongli-vs47.xxx.com
nameserver 172.30.0.10
options ndots:5


# oc -n openshift-ingress exec router-default-589b49584-fhptg -- nslookup kubernetes.default.svc.cluster.local
Server:		172.30.0.10
Address:	172.30.0.10#53

Name:	kubernetes.default.svc.cluster.local
Address: 172.30.0.1
Comment 12 errata-xmlrpc 2021-02-24 15:18:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633