From 5c25b579896be6d904f87c7aba8887f4f57e95fc Mon Sep 17 00:00:00 2001 From: emiran-orange <71817149+emiran-orange@users.noreply.github.com> Date: Tue, 8 Nov 2022 15:44:25 +0100 Subject: [PATCH] Ability to define options for DNS upstream servers (#9311) * Ability to define options for DNS upstream servers * Doc and sample inventory vars --- docs/dns-stack.md | 6 ++++++ docs/vars.md | 1 + .../sample/group_vars/k8s_cluster/k8s-cluster.yml | 3 +++ roles/kubernetes-apps/ansible/defaults/main.yml | 4 ++++ .../ansible/templates/coredns-config.yml.j2 | 14 ++++++-------- .../ansible/templates/nodelocaldns-config.yml.j2 | 14 ++++++++++++-- 6 files changed, 32 insertions(+), 10 deletions(-) diff --git a/docs/dns-stack.md b/docs/dns-stack.md index 9d172b832..50d9724cc 100644 --- a/docs/dns-stack.md +++ b/docs/dns-stack.md @@ -50,6 +50,12 @@ is not set, a default resolver is chosen (depending on cloud provider or 8.8.8.8 DNS servers to be added *after* the cluster DNS. Used by all ``resolvconf_mode`` modes. These serve as backup DNS servers in early cluster deployment when no cluster DNS is available yet. +### dns_upstream_forward_extra_opts + +Whether or not upstream DNS servers come from `upstream_dns_servers` variable or /etc/resolv.conf, related forward block in coredns (and nodelocaldns) configuration can take options (see for details). +These are configurable in inventory in as a dictionary in the `dns_upstream_forward_extra_opts` variable. +By default, no other option than the ones hardcoded (see `roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2` and `roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2`). + ### coredns_external_zones Array of optional external zones to coredns forward queries to. It's injected into diff --git a/docs/vars.md b/docs/vars.md index f75ff0069..b3f26945d 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -169,6 +169,7 @@ variables to match your requirements. * *searchdomains* - Array of up to 4 search domains * *remove_default_searchdomains* - Boolean. If enabled, `searchdomains` variable can hold 6 search domains. * *dns_etchosts* - Content of hosts file for coredns and nodelocaldns +* *dns_upstream_forward_extra_opts* - Options to add in the forward section of coredns/nodelocaldns related to upstream DNS servers For more information, see [DNS Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.md). diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml index 016fe7811..8b8978163 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml @@ -205,6 +205,9 @@ enable_coredns_k8s_external: false coredns_k8s_external_zone: k8s_external.local # Enable endpoint_pod_names option for kubernetes plugin enable_coredns_k8s_endpoint_pod_names: false +# Set forward options for upstream DNS servers in coredns (and nodelocaldns) config +# dns_upstream_forward_extra_opts: +# policy: sequential # Can be docker_dns, host_resolvconf or none resolvconf_mode: host_resolvconf diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml index 83b07080f..66b767341 100644 --- a/roles/kubernetes-apps/ansible/defaults/main.yml +++ b/roles/kubernetes-apps/ansible/defaults/main.yml @@ -14,6 +14,10 @@ coredns_deployment_nodeselector: "kubernetes.io/os: linux" coredns_default_zone_cache_block: | cache 30 +# dns_upstream_forward_extra_opts apply to coredns forward section as well as nodelocaldns upstream target forward section +# dns_upstream_forward_extra_opts: +# policy: sequential + # nodelocaldns nodelocaldns_cpu_requests: 100m nodelocaldns_memory_limit: 200Mi diff --git a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 index 1ee1601d4..44eea93bc 100644 --- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 @@ -46,17 +46,15 @@ data: {% endif %} } prometheus :9153 -{% if upstream_dns_servers is defined and upstream_dns_servers|length > 0 %} - forward . {{ upstream_dns_servers|join(' ') }} { + forward . {{ upstream_dns_servers|join(' ') if upstream_dns_servers is defined and upstream_dns_servers|length > 0 else '/etc/resolv.conf' }} { prefer_udp max_concurrent 1000 - } -{% else %} - forward . /etc/resolv.conf { - prefer_udp - max_concurrent 1000 - } +{% if dns_upstream_forward_extra_opts is defined %} +{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %} + {{ optname }} {{ optvalue }} +{% endfor %} {% endif %} + } {% if enable_coredns_k8s_external %} k8s_external {{ coredns_k8s_external_zone }} {% endif %} diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2 index 9ea695c48..231c8bac1 100644 --- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2 @@ -80,7 +80,12 @@ data: reload loop bind {{ nodelocaldns_ip }} - forward . {{ upstreamForwardTarget }} + forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} { +{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %} + {{ optname }} {{ optvalue }} +{% endfor %} + }{% endif %} + prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_prometheus_port }} {% if dns_etchosts | default(None) %} hosts /etc/coredns/hosts { @@ -157,7 +162,12 @@ data: reload loop bind {{ nodelocaldns_ip }} - forward . {{ upstreamForwardTarget }} + forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} { +{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %} + {{ optname }} {{ optvalue }} +{% endfor %} + }{% endif %} + prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_secondary_prometheus_port }} {% if dns_etchosts | default(None) %} hosts /etc/coredns/hosts {