From 3a8ddcbc7b58f55981f0a10fb5136f0c68e9185e Mon Sep 17 00:00:00 2001 From: David Eads Date: Wed, 29 Mar 2023 16:14:47 -0400 Subject: [PATCH 1/2] Update dnsPolicy to allow consistent resolution of the internal LB The kubelet consistently resolves the name. This change allows the CVO to use the kubelet's DNS configuration. --- install/0000_00_cluster-version-operator_03_deployment.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/0000_00_cluster-version-operator_03_deployment.yaml b/install/0000_00_cluster-version-operator_03_deployment.yaml index 7b608829c7..d8a32bd694 100644 --- a/install/0000_00_cluster-version-operator_03_deployment.yaml +++ b/install/0000_00_cluster-version-operator_03_deployment.yaml @@ -66,7 +66,9 @@ spec: fieldPath: spec.nodeName - name: CLUSTER_PROFILE value: {{ .ClusterProfile }} - dnsPolicy: ClusterFirstWithHostNet + # this pod is hostNetwork and uses the internal LB DNS name when possible, which the kubelet also uses. + # this dnsPolicy allows us to use the same dnsConfig as the kubelet, without access to read it ourselves. + dnsPolicy: Default hostNetwork: true nodeSelector: node-role.kubernetes.io/master: "" From 3fea0b93d41290da50b988e49e0a8dace728fd85 Mon Sep 17 00:00:00 2001 From: David Eads Date: Fri, 31 Mar 2023 14:01:56 -0400 Subject: [PATCH 2/2] explain why we cannot currently use the dnsConfig --- install/0000_00_cluster-version-operator_03_deployment.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/install/0000_00_cluster-version-operator_03_deployment.yaml b/install/0000_00_cluster-version-operator_03_deployment.yaml index d8a32bd694..bbdf07a956 100644 --- a/install/0000_00_cluster-version-operator_03_deployment.yaml +++ b/install/0000_00_cluster-version-operator_03_deployment.yaml @@ -69,6 +69,11 @@ spec: # this pod is hostNetwork and uses the internal LB DNS name when possible, which the kubelet also uses. # this dnsPolicy allows us to use the same dnsConfig as the kubelet, without access to read it ourselves. dnsPolicy: Default + # The dnsConfig below doesn't work because the IP range for the service network is configurable. + # There is no easy spot to perform this injection, though the CVO could be made to look up and substitute the value. +# dnsConfig: +# nameservers: +# - 172.30.0.10 hostNetwork: true nodeSelector: node-role.kubernetes.io/master: ""