Bug 1889308

Summary: dnsPolicy of kube-scheduler apiserver and controller-manager not aligned with hostNetwork
Product: OpenShift Container Platform Reporter: Pietro Bertera <pbertera>
Component: kube-schedulerAssignee: Maciej Szulik <maszulik>
Status: CLOSED WONTFIX QA Contact: RamaKasturi <knarra>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.5CC: aos-bugs, mfojtik, pbertera
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1891779 (view as bug list) Environment:
Last Closed: 2020-11-03 16:37:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1891779    

Description Pietro Bertera 2020-10-19 10:44:42 UTC
Description of problem:

kube-scheduler, kube-apiserver and kube-controller-manager pods are deployed by the respective operator with `hostNetwork: true` and without a `dnsPolicy`.

The `dnsPolicy` should be `ClusterFirstWithHostNet` in order to make internal services discovery working for the component itself.

Comment 3 RamaKasturi 2020-10-23 12:05:51 UTC
Verified with the payload below and i see that when hostNetwork is true, dnsPolicy is set to ClusterFirstWithHostNet for kube-scheduler, kube-controller-manager & kube-apiserver

[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc version
Client Version: 4.7.0-0.nightly-2020-10-23-065848
Server Version: 4.7.0-0.nightly-2020-10-23-065848
Kubernetes Version: v1.19.0+e67f5dc

kube-scheduler:
=====================
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pod openshift-kube-scheduler-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep 'hostNetwork'
        f:hostNetwork: {}
  hostNetwork: true
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pod openshift-kube-scheduler-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep 'dnsPolicy'
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirstWithHostNet

kube-controller-manager:
============================
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-controller-manager-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-controller-manager -o yaml | grep 'hostNetwork'
        f:hostNetwork: {}
  hostNetwork: true
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-controller-manager-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-controller-manager -o yaml | grep 'dnsPolicy'
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirstWithHostNet

kube-apiserver:
===================
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-apiserver-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-apiserver -o yaml | grep 'hostNetwork'
        f:hostNetwork: {}
  hostNetwork: true
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-apiserver-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-apiserver -o yaml | grep 'dnsPolicy'
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirstWithHostNet

Based on the above moving bug to verified state.

Comment 4 Maciej Szulik 2020-11-03 16:37:41 UTC
This change is causing issues during startup b/c ClusterFirstWithHostNet dns policy forces in-cluster dns server which is not available during core elements startup.
I'm reverting the changes in all the core operators and discussing how to solve this issue for kubelet first. I'm closing this as won't fix for now.