Bug 1889308 - dnsPolicy of kube-scheduler apiserver and controller-manager not aligned with hostNetwork
Summary: dnsPolicy of kube-scheduler apiserver and controller-manager not aligned with...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-scheduler
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.7.0
Assignee: Maciej Szulik
QA Contact: RamaKasturi
URL:
Whiteboard:
Depends On:
Blocks: 1891779
TreeView+ depends on / blocked
 
Reported: 2020-10-19 10:44 UTC by Pietro Bertera
Modified: 2024-03-25 16:45 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1891779 (view as bug list)
Environment:
Last Closed: 2020-11-03 16:37:41 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-apiserver-operator pull 987 0 None closed Bug 1889308: Set dnsPolicy ClusterFirstWithHostNet to match hostNetwork 2020-11-19 15:45:42 UTC
Github openshift cluster-kube-controller-manager-operator pull 469 0 None closed Bug 1889308: Set dnsPolicy ClusterFirstWithHostNet to match hostNetwork 2020-11-19 15:45:41 UTC
Github openshift cluster-kube-scheduler-operator pull 293 0 None closed Bug 1889308: Set dnsPolicy ClusterFirstWithHostNet to match hostNetwork 2020-11-19 15:46:04 UTC

Description Pietro Bertera 2020-10-19 10:44:42 UTC 
Description of problem:

kube-scheduler, kube-apiserver and kube-controller-manager pods are deployed by the respective operator with `hostNetwork: true` and without a `dnsPolicy`.

The `dnsPolicy` should be `ClusterFirstWithHostNet` in order to make internal services discovery working for the component itself.
Comment 3 RamaKasturi 2020-10-23 12:05:51 UTC 
Verified with the payload below and i see that when hostNetwork is true, dnsPolicy is set to ClusterFirstWithHostNet for kube-scheduler, kube-controller-manager & kube-apiserver

[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc version
Client Version: 4.7.0-0.nightly-2020-10-23-065848
Server Version: 4.7.0-0.nightly-2020-10-23-065848
Kubernetes Version: v1.19.0+e67f5dc

kube-scheduler:
=====================
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pod openshift-kube-scheduler-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep 'hostNetwork'
        f:hostNetwork: {}
  hostNetwork: true
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pod openshift-kube-scheduler-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep 'dnsPolicy'
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirstWithHostNet

kube-controller-manager:
============================
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-controller-manager-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-controller-manager -o yaml | grep 'hostNetwork'
        f:hostNetwork: {}
  hostNetwork: true
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-controller-manager-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-controller-manager -o yaml | grep 'dnsPolicy'
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirstWithHostNet

kube-apiserver:
===================
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-apiserver-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-apiserver -o yaml | grep 'hostNetwork'
        f:hostNetwork: {}
  hostNetwork: true
[knarra@knarra openshift-client-linux-4.7.0-0.nightly-2020-10-23-065848]$ ./oc get pods kube-apiserver-ip-10-0-140-164.us-east-2.compute.internal -n openshift-kube-apiserver -o yaml | grep 'dnsPolicy'
        f:dnsPolicy: {}
  dnsPolicy: ClusterFirstWithHostNet

Based on the above moving bug to verified state.
Comment 4 Maciej Szulik 2020-11-03 16:37:41 UTC 
This change is causing issues during startup b/c ClusterFirstWithHostNet dns policy forces in-cluster dns server which is not available during core elements startup.
I'm reverting the changes in all the core operators and discussing how to solve this issue for kubelet first. I'm closing this as won't fix for now.
Note You need to log in before you can comment on or make changes to this bug.