Bug 1880902 - need dnsPlocy set in crd ingresscontrollers
Summary: need dnsPlocy set in crd ingresscontrollers
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.5
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: 4.7.0
Assignee: Miheer Salunke
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-21 04:41 UTC by zhangguanzhang
Modified: 2022-08-04 22:30 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:18:56 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 492 0 None closed Bug 1880902: automatically set the dnsPolicy with ClusterFirstWithHostNet when endpoint publishing strategy type is set ... 2021-02-05 01:17:02 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:20:57 UTC

Description zhangguanzhang 2020-09-21 04:41:16 UTC
Description of problem:

```shell
[root@master2 ~]# crictl pods --name router-default-fb744fb7f-hmmn5 -q
0a0c7cc6d1ad6815f7613fd758c5329c4265ddb6607f568b69e30fdafdfc0a52
[root@master2 ~]# crictl ps --pod=0a0c7cc6d1ad6815f7613fd758c5329c4265ddb6607f568b69e30fdafdfc0a52
CONTAINER           IMAGE                                                              CREATED             STATE               NAME                ATTEMPT             POD ID
b04c17fb1c58d       dd7aaceb9081f88c9ba418708f32a66f5de4e527a00c7f6ede50d55c93eb04ed   3 days ago          Running             router              1                   0a0c7cc6d1ad6
[root@master2 ~]# crictl exec b04 cat /etc/resolv.conf
search openshift4.example.com
nameserver 10.226.45.250
[root@master2 ~]# crictl exec b04 curl -s kubernetes.default.svc.cluster.local
FATA[0000] execing command in container failed: command terminated with exit code 6 
[root@master2 ~]# crictl exec b04 curl  kubernetes.default.svc.cluster.local
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (6) Could not resolve host: kubernetes.default.svc.cluster.local; Unknown error
FATA[0000] execing command in container failed: command terminated with exit code 6 
```

```
[root@bastion ~]# oc -n openshift-dns get svc
NAME          TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE
dns-default   ClusterIP   172.30.0.10   <none>        53/UDP,53/TCP,9154/TCP   3d17h
```

Version-Release number of selected component (if applicable):
ocp version `4.5.9`
```
[root@master2 ~]# crictl exec b04 /usr/bin/openshift-router version
openshift-router

majorFromGit: 
minorFromGit: 
commitFromGit: e3b9390202c6f9a9d986d9465c5f25e2214936e3
versionFromGit: 4.0.0-143-ge3b9390
gitTreeState: clean
buildDate: 2020-09-04T14:15:28Z

```
How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

```
[root@master2 ~]# crictl exec b04 cat /etc/resolv.conf
search openshift-ingress.cluster.local svc.cluster.local cluster.local
options ndots:5
nameserver 172.30.0.10
```

Additional info:

Comment 1 Andrew McDermott 2020-09-21 17:24:42 UTC
Which platform is this?
What DNS policy do you see set?

Looking at my AWS cluster I see:

$ oc  get pods -n openshift-ingress router-default-58db4cf8d4-cv9lc  -o yaml |ag dns
          "dns": {}
          "dns": {}
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirst

Comment 2 Andrew McDermott 2020-09-21 17:25:41 UTC
Target set to next release version while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved.

Comment 3 zhangguanzhang 2020-09-23 07:24:53 UTC
I want to set it to `ClusterFirstWithHostNet`

Comment 4 Andrew McDermott 2020-10-02 18:40:36 UTC
Tagging with UpcomingSprint while investigation is either ongoing or
pending. Will be considered for earlier release versions when
diagnosed and resolved.

Comment 5 Andrew McDermott 2020-10-02 18:41:44 UTC
(In reply to zhangguanzhang from comment #3)
> I want to set it to `ClusterFirstWithHostNet`

If the endpoint publishing strategy type is set to host network then
we should automatically set the dnsPolicy with ClusterFirstWithHostNet.

Would that be your expectation?

Comment 6 zhangguanzhang 2020-10-03 14:18:07 UTC
yes, could add a field let user to  set it

Comment 9 Hongan Li 2020-12-04 09:47:17 UTC
Verified with 4.7.0-0.nightly-2020-12-04-013308 in vSphere which using HostNetwork and passed.

[root@preserve-hongli-ipv6 ~]# oc -n openshift-ingress get deployment router-default -oyaml
<---snip--->
      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true


# oc -n openshift-ingress exec router-default-589b49584-fhptg -- cat /etc/resolv.conf
search openshift-ingress.svc.cluster.local svc.cluster.local cluster.local hongli-vs47.xxx.com
nameserver 172.30.0.10
options ndots:5


# oc -n openshift-ingress exec router-default-589b49584-fhptg -- nslookup kubernetes.default.svc.cluster.local
Server:		172.30.0.10
Address:	172.30.0.10#53

Name:	kubernetes.default.svc.cluster.local
Address: 172.30.0.1

Comment 12 errata-xmlrpc 2021-02-24 15:18:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.