Hide Forgot
Description of problem: The configuration steps is not valid and the configuration does not work in Disabling Features for a Node section[0]. * "proxyArguments" was not valid for this configuration. ~~~ For the feature you want to turn off, enter: <feature_name>=false under`proxyArguments`. ~~~ [0] Disabling Features for a Node [https://docs.openshift.com/container-platform/3.10/admin_guide/disabling_features.html#admin-guide-disable-feature-node] In my test, "kubeletArguments" can be workaround instead of "proxyArguments". And "--featrure-gates" is also kubelet's arguments, refer the upstream docs as follows. - kubelet [https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/] ~~~ --feature-gates mapStringBool ~~~ e.g.> The following configuration work for me. ~~~ kubeletArguments: ... feature-gates: - RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true,CustomPodDNS=false ~~~ And not required "2. Restart the OpenShift Container Platform service for the changes to take effect:" step in workaround steps. Version-Release number of selected component (if applicable): oc v3.10.14 openshift v3.10.14 kubernetes v1.10.0+b81c8f8 How reproducible: * Create the "test" project # oc new-project test * Create Pod for getting imagestream for test # oc new-app --name test centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git * Create the deployment configured CustomPodDNS "dnsConfig". # oc create -f - <<EOF apiVersion: apps/v1 kind: Deployment metadata: annotations: labels: app: test2 name: test2 spec: replicas: 1 selector: matchLabels: app: test2 strategy: template: metadata: labels: app: test2 spec: containers: - image: docker-registry.default.svc:5000/test/test:latest imagePullPolicy: Always name: test2 ports: - containerPort: 8080 protocol: TCP dnsPolicy: "None" dnsConfig: nameservers: - 1.2.3.4 searches: - ns1.svc.cluster.local - my.dns.search.suffix options: - name: ndots value: "2" - name: edns0 EOF * Check the pod which deployed with "dnsConfig". # oc get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE ... test2-6c6d695f4b-12345 1/1 Running 0 15s 10.0.0.9 node2.example.com * Verify the configuration is valid. # oc rsh test-6c6d695f4b-12345 cat /etc/resolv.conf nameserver 1.2.3.4 search ns1.svc.cluster.local my.dns.search.suffix options ndots:2 edns0 * Configure the node2 configmap and restart conrollers following the documentation steps. # oc edit cm node-config-compute ... proxyArguments: feature-gates: - CustomPodDNS=false kubeletArguments: ... feature-gates: - RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true # master-restart controllers * Check the kubelet arguments on node2 node2 ~# ps aux | grep feature root 2346 8.4 2.2 1202052 90548 ? Ssl 20:28 0:44 /usr/bin/hyperkube kubelet ... --feature-gates=RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true ... * The configuration did not take a effect in this time. # oc rsh test-6c6d695f4b-23456 cat /etc/resolv.conf nameserver 1.2.3.4 search ns1.svc.cluster.local my.dns.search.suffix options ndots:2 edns0 - My WORKAROUND is here. * After reverting above changes, configure again in "kubeletArguments" section. # oc edit cm node-config-compute kubeletArguments: ... feature-gates: - RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true,CustomPodDNS=false * Check the kubelet arguments on node2 node2 ~# ps aux | grep feature root 5685 17.8 1.8 764524 76068 ? Ssl 20:45 0:04 /usr/bin/hyperkube kubelet ... --feature-gates=RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true,CustomPodDNS=false ... * The CustomPodDNS was disabled. # oc rsh test-6c6d695f4b-abcde cat /etc/resolv.conf nameserver 10.0.7.7 search others.svc.cluster.local svc.cluster.local cluster.local example.com options ndots:5 Steps to Reproduce: 1. 2. 3. Actual results: The following configuration did not work. ~~~ proxyArguments: feature-gates: - CustomPodDNS=false ~~~ Expected results: The feature(CustomPodDNS) should be disabled by following configurations. ~~~ proxyArguments: feature-gates: - CustomPodDNS=false ~~~ Additional info: The cluster level disabling steps is valid. it work for me. ~~~ * spec.template.spec.dnsPolicy: Invalid value: "None": DNSPolicy: can not use 'None', custom pod DNS is disabled by feature gate * spec.template.spec.dnsConfig: Forbidden: DNSConfig: custom pod DNS is disabled by feature gate ~~~
Thank you Daein! This change was approved on the PR. I've merged it and am waiting for it to go live.
The PR was here: https://github.com/openshift/openshift-docs/pull/13068 This change is live on docs.openshift, eg: https://docs.openshift.com/container-platform/3.10/admin_guide/disabling_features.html#admin-guide-disable-feature-node and on the portal, eg: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html-single/cluster_administration/index#admin-guide-disable-feature-node