Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-7899

Openshift DNS Coredns hosts plugin capabilites

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • openshift-4.14, openshift-4.15, openshift-4.16, openshift-4.17
    • Cluster Infrastructure
    • None
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      1. Proposed title of this feature request

      Openshift DNS Operator CoreDNS HostsPlugin customization 

      2. What is the nature and description of the request?

      Customer has a <domain> that doesn't resolve via any DNS Nameservers.

      3. Why does the customer need this? (List the business requirements here)

      In their air-gapped environment, they would like to specify custom domains but not require changes on their DNS nameservers in /etc/resolv.conf

      4. List any affected packages or components.

      This is for 'openshift-dns' and 'openshift-dns-operator'

       

      -------------

       

      Customer has a <domain> that doesn't resolve via any DNS Nameservers.

      However, let's say we have the following domains and IPs we want to resolve to 

       

      domain1: test1.fakedomain.xyz
      IP1:     192.168.10.101
      domain2: test2.fakedomain.xyz
      IP2:     192.168.10.102 

       

       

      Customer would like to do similar to the docs [1] with DNS forwarding but instead of forwarding, use the CoreDNS 'hosts' plugin [2]

      I verified in the API docs [3][4] that this isn't an option

      Ideally, you would edit this object (like DNS forwarding) [1] to add custom hostnames that don't resolve by DNS nameservers

       

       

      $ oc get dnses.operator.openshift.io default  

       

       

      Then this would propagate into the ConfigMap like this

       

      $ oc get cm -n openshift-dns dns-default -o yaml | oc neat
      apiVersion: v1
      data:
        Corefile: |
          .:5353 {
              bufsize 1232
              errors
              log . {
                  class error
              }
              hosts {                                  ### THESE LINES 
                  192.168.10.101  test1.fakedomain.xyz ### THESE LINES
                  192.168.10.102  test2.fakedomain.xyz ### THESE LINES
                  fallthrough                          ### THESE LINES  
              }                                        ### THESE LINES 
              health {
                  lameduck 20s
              }
              ready
              kubernetes cluster.local in-addr.arpa ip6.arpa {
                  pods insecure
                  fallthrough in-addr.arpa ip6.arpa
              }
              prometheus 127.0.0.1:9153
              forward . /etc/resolv.conf {
                  policy sequential
              }
              cache 900 {
                  denial 9984 30
              }
              reload
          }
          hostname.bind:5353 {
              chaos
          }
      kind: ConfigMap
      metadata:
        labels:
          dns.operator.openshift.io/owning-dns: default
        name: dns-default
        namespace: openshift-dns 

       

       

      And that config would rollout to all dns-default pods and a dig would respond to those domains with the IP set...

      I tested this in a 4.14.42 lab by doing the following

       

      1. Get clusterversion
      $ oc get clusterversion version
      NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
      version   4.14.42   True        False         7m54s   Cluster version is 4.14.42 
      1. Make dns operator unmanaged
      $ oc patch dns.operator.openshift.io default --type merge --patch '{"spec":{"managementState":"Unmanaged"}}'
      dns.operator.openshift.io/default patched 
      1. Scale the dns-operator down
      $ oc scale deployment -n openshift-dns-operator dns-operator --replicas 0
      deployment.apps/dns-operator scaled 
      1. Add my hosts into the configmap
      $ oc get cm -n openshift-dns dns-default -o yaml | oc neat
      apiVersion: v1
      data:
        Corefile: |
          .:5353 {
              bufsize 1232
              errors
              log . {
                  class error
              }
              hosts {                                  ### THESE LINES 
                  192.168.10.101  test1.fakedomain.xyz ### THESE LINES
                  192.168.10.102  test2.fakedomain.xyz ### THESE LINES
                  fallthrough                          ### THESE LINES  
              }                                        ### THESE LINES 
              health {
                  lameduck 20s
              }
              ready
              kubernetes cluster.local in-addr.arpa ip6.arpa {
                  pods insecure
                  fallthrough in-addr.arpa ip6.arpa
              }
              prometheus 127.0.0.1:9153
              forward . /etc/resolv.conf {
                  policy sequential
              }
              cache 900 {
                  denial 9984 30
              }
              reload
          }
          hostname.bind:5353 {
              chaos
          }
      kind: ConfigMap
      metadata:
        labels:
          dns.operator.openshift.io/owning-dns: default
        name: dns-default
        namespace: openshift-dns 
      1. Login to a dns-default pod and confirm it's there
      $ oc rsh -n openshift-dns -c dns $(oc get pod -n openshift-dns -l dns.operator.openshift.io/daemonset-dns=default -o name | head -1) cat /etc/coredns/Corefile
      .:5353 {
          bufsize 1232
          errors
          log . {
              class error
          }
          hosts {                                  ### THESE LINES
              192.168.10.101  test1.fakedomain.xyz ### THESE LINES
              192.168.10.102  test2.fakedomain.xyz ### THESE LINES
              fallthrough                          ### THESE LINES
          }
          health {
              lameduck 20s
          }
          ready
          kubernetes cluster.local in-addr.arpa ip6.arpa {
              pods insecure
              fallthrough in-addr.arpa ip6.arpa
          }
          prometheus 127.0.0.1:9153
          forward . /etc/resolv.conf {
              policy sequential
          }
          cache 900 {
              denial 9984 30
          }
          reload
      }
      hostname.bind:5353 {
          chaos
      } 
      1. Login to a console pod, which uses Cluster DNS, and dig these domains
      $ oc rsh -n openshift-console $(oc get pod -n openshift-console -l component=ui -o name | head -1) dig test1.fakedomain.xyz +short
      192.168.10.101
      
      $ oc rsh -n openshift-console $(oc get pod -n openshift-console -l component=ui -o name | head -1) dig test2.fakedomain.xyz +short
      192.168.10.102 

      Ideally, we wouldn't have to unmanage the dns operator to do this but it looks like CoreDNS in Openshift 4.14.42 has this capability if added. Ideally this would be backported to the oldest supported version of Openshift (customer is running 4.15.8 currently)

       

      [1] https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/networking/dns-operator#nw-dns-forward_dns-operator

      [2] https://github.com/coredns/coredns/tree/master/plugin/hosts

      [3] https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/operator_apis/index#spec-servers-2

      [4] https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/operator_apis/index#spec-servers-forwardplugin

       

              rh-ee-smodeel Subin M
              rhn-support-acardena Albert Cardenas
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                None
                None