1998300 – CNV VMs do not contain the cluster domain name in the FQDN

Bug 1998300 - CNV VMs do not contain the cluster domain name in the FQDN

Summary: CNV VMs do not contain the cluster domain name in the FQDN

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	2.6.6
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.10.0
Assignee:	oshoval
QA Contact:	Adi Zavalkovsky
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-08-26 19:14 UTC by Dan Yocum
Modified:	2025-08-08 11:49 UTC (History)
CC List:	6 users (show)
Fixed In Version:	virt-operator-container-v4.10.0-195 hco-bundle-registry-container-v4.10.0-597
Doc Type:	Enhancement
Doc Text:	Feature: VMs can be now exposed to their FQDN, including the cluster domain name. Reason: Without this fix, VMs were only aware of their hostname. That alone in some cases was not enough to identify if the VM runs in development or production clusters. Result: If `subdomain` is set on the VMI spec, the VM will be configured with its FQDN, including the domain name.
Clone Of:
Environment:
Last Closed:	2022-03-16 15:55:26 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	kubevirt kubevirt pull 6508	None	Merged	virt-launcher, Add subdomain name to search list	2021-12-28 09:30:47 UTC
Github	kubevirt kubevirt pull 6964	None	Merged	network, fqdn: Fix subdomain flow	2021-12-28 09:30:06 UTC
Github	kubevirt kubevirt pull 6985	None	Merged	network, fqdn: Fix adding subdomain search entry flow	2022-01-06 07:23:48 UTC
Github	kubevirt kubevirt pull 7033	None	open	[release-0.49] network, fqdn: Fix adding subdomain search entry flow	2022-01-11 19:55:25 UTC
Red Hat Issue Tracker	CNV-13906	None	None	None	2021-09-20 07:17:15 UTC
Red Hat Product Errata	RHSA-2022:0947	None	None	None	2022-03-16 15:55:58 UTC

Description Dan Yocum 2021-08-26 19:14:06 UTC

Description of problem:

When we create VMs using OpenShift Virtualization, the virtualization operator does not create a unique FQDN for the VM containing the cluster name.  This can cause DNS collisions when developers promote VMs from a dev environment to a production environment, or if the same app VM is created in another geo separated cluster.

Specifically, there is a field for "subdomain" in the VMI kind that does not get passed down to the running hostname of the VM. The only subdomain given to the machine as its local hostname/FQDN is its internal service address.

Version-Release number of selected component (if applicable):

2.6.6

How reproducible:

Always

Steps to Reproduce:
1. Create VM
2. Look at FQDN of route to VM
3.

Actual results:

FQDN Not unique - doesn't contain cluster domain name - only internal service name

Expected results:

FQDN contains cluster domain name



Additional info:

Comment 4 Adi Zavalkovsky 2021-12-13 12:56:17 UTC

Verified.
OCP Version - 4.10.0-0. CNV Version - 4.10.0.
Deployed a VM with a service.

[cnv-qe-jenkins@n-****-mhnpv-executor bz1998300]]$ oc expose svc/vmi-cirros -n ad
route.route.openshift.io/vmi-cirros exposed
[cnv-qe-jenkins@n-****-mhnpv-executor bz1998300]]$ oc get route -n ad
NAME         HOST/PORT                                         PATH   SERVICES     PORT   TERMINATION   WILDCARD
vmi-cirros   vmi-cirros-ad.apps.n-****.cnv-qe.rhcloud.com          vmi-cirros   8000                 None

Newly deployed route contains clusters FQDN.

Comment 5 Adi Zavalkovsky 2021-12-16 15:23:16 UTC

Bug not verified

Comment 6 oshoval 2021-12-16 17:43:45 UTC

Thanks Adi
working on a fix https://github.com/kubevirt/kubevirt/pull/6964
the subdomain wasn't propagated correctly

Comment 7 oshoval 2021-12-28 09:28:09 UTC

https://github.com/kubevirt/kubevirt/pull/6964 was merged to upstream

Working on another fix: adding the missing subdomain to the right search entry
https://github.com/kubevirt/kubevirt/pull/6985
(in order to support custom DNS, and cases in which the node has an additional
entries that would be propagated to the pod's resolv.conf)

Comment 11 oshoval 2022-01-06 07:25:37 UTC

https://github.com/kubevirt/kubevirt/pull/6985
was merged upstream

(this was the last pending PR)

Comment 14 sgott 2022-01-11 19:55:26 UTC

https://github.com/kubevirt/kubevirt/pull/7033 is the backport of https://github.com/kubevirt/kubevirt/pull/6985 to release-0.49

Comment 15 Adi Zavalkovsky 2022-01-20 12:49:02 UTC

Verified. OCP version - 4.10. virt-opartor-container-v.4.10.0-196

Deployed a Fedora vm with a headless service.

resolv.conf - 

# Generated by NetworkManager
search mysubdomain.***.svc.cluster.local ***.svc.cluster.local svc.cluster.local cluster.local
nameserver ***.30.0.10

Comment 16 Adi Zavalkovsky 2022-01-20 12:58:55 UTC

VM's hostname also modified accordingly 

[fedora@test-vm ~]$ hostname -f
test-vm.mysubdomain.***.svc.cluster.local

Comment 28 errata-xmlrpc 2022-03-16 15:55:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0947

Note You need to log in before you can comment on or make changes to this bug.