Bug 1964380 - [DOC] Remove the etcd DNS records from the Azure ARM templates
Summary: [DOC] Remove the etcd DNS records from the Azure ARM templates
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.10.0
Assignee: Chinmayi Chandrasekhar
QA Contact: MayXu
Latha S
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-25 11:23 UTC by oarribas
Modified: 2022-01-06 16:26 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-01-06 16:26:10 UTC
Target Upstream Version:
Embargoed:
maxu: needinfo-
maxu: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5394 0 None Merged Bug 1964380: azure upi: do not create etcd DNS records 2021-12-10 08:06:16 UTC
Github openshift installer pull 5459 0 None Merged Bug 1964380: remove privateDNSZoneName 2021-12-10 08:06:16 UTC
Red Hat Bugzilla 1852798 1 medium CLOSED [DOCS] UPI installation docs contain instructions to create etcd DNS records that are not required in 4.4+ 2023-10-06 20:56:48 UTC
Red Hat Knowledge Base (Solution) 5309701 0 None None None 2021-05-25 11:23:15 UTC

Internal Links: 1852798

Description oarribas 2021-05-25 11:23:15 UTC
Document URL: 

https://docs.openshift.com/container-platform/4.6/installing/installing_azure/installing-azure-user-infra.html#installation-arm-control-plane_installing-azure-user-infra


Section Number and Name: 


ARM template for control plane machines.


Describe the issue: 

Starting with OCP 4.4, it's no longer needed to create the etcd DNS records. The ARM template includes those recrods.



Suggestions for improvement: 

Remove the etcd DNS records from the ARM templates.


Additional information: 

All versions starting with OCP 4.4

KCS 5309701: etcd DNS records are not required for Openshift 4.4 and above [1]. BZ for the documentation [2].





[1] https://access.redhat.com/solutions/5309701
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1852798

Comment 2 MayXu 2021-11-04 08:40:40 UTC
1. Doc need change: 
https://docs.openshift.com/container-platform/4.9/installing/installing_azure/installing-azure-user-infra.html#installation-creating-azure-control-plane_installing-azure-user-infra
Create the deployment by using the az CLI:
az deployment group create -g ${RESOURCE_GROUP} --template-file "<installation_directory>/05_masters.json" --parameters masterIgnition="${MASTER_IGNITION}" --parameters sshKeyData="${SSH_KEY}" --parameters baseName="${INFRA_ID}"
remove --parameters privateDNSZoneName="${CLUSTER_NAME}.${BASE_DOMAIN}" 

diff 05_masters.json ../new/05_master.json 
33,38d32
<     "privateDNSZoneName" : {
<       "type" : "string",
<       "metadata" : {
<         "description" : "Name of the private DNS zone the master nodes are going to be attached to"
<       }
<     },
174,213d167
<       "apiVersion": "2018-09-01",
<       "type": "Microsoft.Network/privateDnsZones/SRV",
<       "name": "[concat(parameters('privateDNSZoneName'), '/_etcd-server-ssl._tcp')]",
<       "location" : "[variables('location')]",
<       "properties": {
<         "ttl": 60,
<         "copy": [{
<           "name": "srvRecords",
<           "count": "[length(variables('vmNames'))]",
<           "input": {
<             "priority": 0,
<             "weight" : 10,
<             "port" : 2380,
<             "target" : "[concat('etcd-', copyIndex('srvRecords'), '.', parameters('privateDNSZoneName'))]"
<           }
<         }]
<       }
<     },
<     {
<       "apiVersion": "2018-09-01",
<       "type": "Microsoft.Network/privateDnsZones/A",
<       "copy" : {
<         "name" : "dnsCopy",
<         "count" : "[length(variables('vmNames'))]"
<       },
<       "name": "[concat(parameters('privateDNSZoneName'), '/etcd-', copyIndex())]",
<       "location" : "[variables('location')]",
<       "dependsOn" : [
<         "[concat('Microsoft.Network/networkInterfaces/', concat(variables('vmNames')[copyIndex()], '-nic'))]"
<       ],
<       "properties": {
<         "ttl": 60,
<         "aRecords": [
<           {
<             "ipv4Address": "[reference(concat(variables('vmNames')[copyIndex()], '-nic')).ipConfigurations[0].properties.privateIPAddress]"
<           }
<         ]
<       }
<     },
<     {
227c181
<       },
---
>      },
229,231c183
<         "[concat('Microsoft.Network/networkInterfaces/', concat(variables('vmNames')[copyIndex()], '-nic'))]",
<         "[concat('Microsoft.Network/privateDnsZones/', parameters('privateDNSZoneName'), '/A/etcd-', copyIndex())]",
<         "[concat('Microsoft.Network/privateDnsZones/', parameters('privateDNSZoneName'), '/SRV/_etcd-server-ssl._tcp')]"
---
>         "[concat('Microsoft.Network/networkInterfaces/', concat(variables('vmNames')[copyIndex()], '-nic'))]"

2. the private dns record-set dump
$ az network private-dns record-set list -g ${RESOURCE_GROUP} -z ${CLUSTER_NAME}.${BASE_DOMAIN} -o tsv
None    None    None    2ac3d966-a5e9-4eba-ba11-8d5dd371a937    maxunupi.qe.azure.devcluster.openshift.com.     /subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/maxunupi-fptv7-rg/providers/Microsoft.Network/privateDnsZones/maxunupi.qe.azure.devcluster.openshift.com/SOA/@       False   None    None    @       None    maxunupi-fptv7-rg               None    3600    None    Microsoft.Network/privateDnsZones/SOA
1       None    None    94bd2bef-8c49-4af6-a15c-ad1527b8698c    api.maxunupi.qe.azure.devcluster.openshift.com. /subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/maxunupi-fptv7-rg/providers/Microsoft.Network/privateDnsZones/maxunupi.qe.azure.devcluster.openshift.com/A/api       False   None    None    api     None    maxunupi-fptv7-rg       None    None    60      None    Microsoft.Network/privateDnsZones/A
1       None    None    f8819097-69fd-4567-8d27-1ec5b0a5f9e4    api-int.maxunupi.qe.azure.devcluster.openshift.com.     /subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/maxunupi-fptv7-rg/providers/Microsoft.Network/privateDnsZones/maxunupi.qe.azure.devcluster.openshift.com/A/api-int   False   None    None    api-int None    maxunupi-fptv7-rg       None    None    60      None    Microsoft.Network/privateDnsZones/A
1       None    None    b76a0b3b-ad81-4a42-89c4-b61e461e6be5    *.apps.maxunupi.qe.azure.devcluster.openshift.com.      /subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/maxunupi-fptv7-rg/providers/Microsoft.Network/privateDnsZones/maxunupi.qe.azure.devcluster.openshift.com/A/*.apps    False   None    None    *.apps  None    maxunupi-fptv7-rg       None    None    30      None    Microsoft.Network/privateDnsZones/A
 
3.the cluster health after deployment with the new 05_masters.json:
$ ./oc get nodes
NAME                                STATUS   ROLES    AGE     VERSION
maxunupi-fptv7-master-0             Ready    master   4h9m    v1.22.0-rc.0+894a78b
maxunupi-fptv7-master-1             Ready    master   4h9m    v1.22.0-rc.0+894a78b
maxunupi-fptv7-master-2             Ready    master   4h9m    v1.22.0-rc.0+894a78b
maxunupi-fptv7-worker-centralus-1   Ready    worker   3h24m   v1.22.0-rc.0+894a78b
maxunupi-fptv7-worker-centralus-2   Ready    worker   3h24m   v1.22.0-rc.0+894a78b
maxunupi-fptv7-worker-centralus-3   Ready    worker   3h24m   v1.22.0-rc.0+894a7
 
$ ./oc get co
NAME                                       VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.9.0     True        False         False      3h42m  
baremetal                                  4.9.0     True        False         False      4h32m  
cloud-controller-manager                   4.9.0     True        False         False      4h35m  
cloud-credential                           4.9.0     True        False         False      4h46m  
cluster-autoscaler                         4.9.0     True        False         False      4h33m  
config-operator                            4.9.0     True        False         False      4h34m  
console                                    4.9.0     True        False         False      3h46m  
csi-snapshot-controller                    4.9.0     True        False         False      4h33m  
dns                                        4.9.0     True        False         False      4h33m  
etcd                                       4.9.0     True        False         False      4h32m  
image-registry                             4.9.0     True        False         False      3h49m  
ingress                                    4.9.0     True        False         False      3h48m  
insights                                   4.9.0     True        False         False      4h27m  
kube-apiserver                             4.9.0     True        False         False      4h29m  
kube-controller-manager                    4.9.0     True        False         False      4h32m  
kube-scheduler                             4.9.0     True        False         False      4h32m  
kube-storage-version-migrator              4.9.0     True        False         False      4h24m  
machine-api                                4.9.0     True        False         False      4h29m  
machine-approver                           4.9.0     True        False         False      4h33m  
machine-config                             4.9.0     True        False         False      4h32m  
marketplace                                4.9.0     True        False         False      4h33m  
monitoring                                 4.9.0     True        False         False      3h44m  
network                                    4.9.0     True        False         False      4h34m  
node-tuning                                4.9.0     True        False         False      4h33m  
openshift-apiserver                        4.9.0     True        False         False      4h24m  
openshift-controller-manager               4.9.0     True        False         False      4h26m  
openshift-samples                          4.9.0     True        False         False      4h26m  
operator-lifecycle-manager                 4.9.0     True        False         False      4h33m  
operator-lifecycle-manager-catalog         4.9.0     True        False         False      4h33m  
operator-lifecycle-manager-packageserver   4.9.0     True        False         False      4h27m  
service-ca                                 4.9.0     True        False         False      4h34m  
storage                                    4.9.0     True        False         False      4h34m

Comment 3 Chinmayi Chandrasekhar 2021-11-08 09:36:43 UTC
PR: https://github.com/openshift/openshift-docs/pull/38485

Comment 5 MayXu 2021-11-12 04:46:25 UTC
more pr: https://github.com/openshift/release/pull/23567

Comment 10 MayXu 2021-12-07 01:53:18 UTC
Hi, Caleb:

Could you help remove privateDNSZoneName in https://github.com/openshift/installer/blob/master/docs/user/azure/install_upi.md? thanks

Comment 11 Matthew Staebler 2021-12-07 03:55:24 UTC
(In reply to MayXu from comment #10)
> Hi, Caleb:
> 
> Could you help remove privateDNSZoneName in
> https://github.com/openshift/installer/blob/master/docs/user/azure/
> install_upi.md? thanks

Please do not re-assign BZs.

@cchandra Could you finish the work for this BZ?

Comment 12 MayXu 2021-12-07 09:03:52 UTC
(In reply to Matthew Staebler from comment #11)
> (In reply to MayXu from comment #10)
> > Hi, Caleb:
> > 
> > Could you help remove privateDNSZoneName in
> > https://github.com/openshift/installer/blob/master/docs/user/azure/
> > install_upi.md? thanks
> 
> Please do not re-assign BZs.
> 
> @cchandra Could you finish the work for this BZ?

I update the install_upi.md on https://github.com/openshift/installer/pull/5457

Comment 13 Johnny Liu 2021-12-07 10:40:28 UTC
Beside https://github.com/openshift/installer/blob/master/docs/user/azure/install_upi.md need some update, the more important thing is RedHat official doc also need update accordingly. So I think we need this bug to track the official doc issue.

Comment 15 MayXu 2021-12-10 08:03:16 UTC
verified on 4.10


Note You need to log in before you can comment on or make changes to this bug.