-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
openshift-4.14, openshift-4.15, openshift-4.16, openshift-4.17
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
1. Proposed title of this feature request
Openshift DNS Operator CoreDNS HostsPlugin customization
2. What is the nature and description of the request?
Customer has a <domain> that doesn't resolve via any DNS Nameservers.
3. Why does the customer need this? (List the business requirements here)
In their air-gapped environment, they would like to specify custom domains but not require changes on their DNS nameservers in /etc/resolv.conf
4. List any affected packages or components.
This is for 'openshift-dns' and 'openshift-dns-operator'
-------------
Customer has a <domain> that doesn't resolve via any DNS Nameservers.
However, let's say we have the following domains and IPs we want to resolve to
domain1: test1.fakedomain.xyz IP1: 192.168.10.101 domain2: test2.fakedomain.xyz IP2: 192.168.10.102
Customer would like to do similar to the docs [1] with DNS forwarding but instead of forwarding, use the CoreDNS 'hosts' plugin [2]
I verified in the API docs [3][4] that this isn't an option
Ideally, you would edit this object (like DNS forwarding) [1] to add custom hostnames that don't resolve by DNS nameservers
$ oc get dnses.operator.openshift.io default
Then this would propagate into the ConfigMap like this
$ oc get cm -n openshift-dns dns-default -o yaml | oc neat apiVersion: v1 data: Corefile: | .:5353 { bufsize 1232 errors log . { class error } hosts { ### THESE LINES 192.168.10.101 test1.fakedomain.xyz ### THESE LINES 192.168.10.102 test2.fakedomain.xyz ### THESE LINES fallthrough ### THESE LINES } ### THESE LINES health { lameduck 20s } ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus 127.0.0.1:9153 forward . /etc/resolv.conf { policy sequential } cache 900 { denial 9984 30 } reload } hostname.bind:5353 { chaos } kind: ConfigMap metadata: labels: dns.operator.openshift.io/owning-dns: default name: dns-default namespace: openshift-dns
And that config would rollout to all dns-default pods and a dig would respond to those domains with the IP set...
I tested this in a 4.14.42 lab by doing the following
- Get clusterversion
$ oc get clusterversion version NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.14.42 True False 7m54s Cluster version is 4.14.42
- Make dns operator unmanaged
$ oc patch dns.operator.openshift.io default --type merge --patch '{"spec":{"managementState":"Unmanaged"}}' dns.operator.openshift.io/default patched
- Scale the dns-operator down
$ oc scale deployment -n openshift-dns-operator dns-operator --replicas 0 deployment.apps/dns-operator scaled
- Add my hosts into the configmap
$ oc get cm -n openshift-dns dns-default -o yaml | oc neat apiVersion: v1 data: Corefile: | .:5353 { bufsize 1232 errors log . { class error } hosts { ### THESE LINES 192.168.10.101 test1.fakedomain.xyz ### THESE LINES 192.168.10.102 test2.fakedomain.xyz ### THESE LINES fallthrough ### THESE LINES } ### THESE LINES health { lameduck 20s } ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus 127.0.0.1:9153 forward . /etc/resolv.conf { policy sequential } cache 900 { denial 9984 30 } reload } hostname.bind:5353 { chaos } kind: ConfigMap metadata: labels: dns.operator.openshift.io/owning-dns: default name: dns-default namespace: openshift-dns
- Login to a dns-default pod and confirm it's there
$ oc rsh -n openshift-dns -c dns $(oc get pod -n openshift-dns -l dns.operator.openshift.io/daemonset-dns=default -o name | head -1) cat /etc/coredns/Corefile .:5353 { bufsize 1232 errors log . { class error } hosts { ### THESE LINES 192.168.10.101 test1.fakedomain.xyz ### THESE LINES 192.168.10.102 test2.fakedomain.xyz ### THESE LINES fallthrough ### THESE LINES } health { lameduck 20s } ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus 127.0.0.1:9153 forward . /etc/resolv.conf { policy sequential } cache 900 { denial 9984 30 } reload } hostname.bind:5353 { chaos }
- Login to a console pod, which uses Cluster DNS, and dig these domains
$ oc rsh -n openshift-console $(oc get pod -n openshift-console -l component=ui -o name | head -1) dig test1.fakedomain.xyz +short 192.168.10.101 $ oc rsh -n openshift-console $(oc get pod -n openshift-console -l component=ui -o name | head -1) dig test2.fakedomain.xyz +short 192.168.10.102
Ideally, we wouldn't have to unmanage the dns operator to do this but it looks like CoreDNS in Openshift 4.14.42 has this capability if added. Ideally this would be backported to the oldest supported version of Openshift (customer is running 4.15.8 currently)
[2] https://github.com/coredns/coredns/tree/master/plugin/hosts