From fa4752f0a090f8732705d341a9e5ae283ce24067 Mon Sep 17 00:00:00 2001 From: haam3r Date: Mon, 12 Aug 2024 11:53:06 +0300 Subject: [PATCH 1/4] Add support to STS for defining DNS policy and config --- deploy/eck-operator/templates/statefulset.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/deploy/eck-operator/templates/statefulset.yaml b/deploy/eck-operator/templates/statefulset.yaml index a970a17d8c..58d34871de 100644 --- a/deploy/eck-operator/templates/statefulset.yaml +++ b/deploy/eck-operator/templates/statefulset.yaml @@ -174,6 +174,20 @@ spec: {{- if .Values.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet + {{- else if .Values.dns.policy }} + dnsPolicy: {{ .Values.dns.policy }} + {{- end }} + {{- if .Values.dns }} + dnsConfig: + nameservers: + {{- range $ns := .Values.dns.nameservers }} + - {{ $ns | quote }} + searches: + {{- range $searches := .Values.dns.searches }} + - {{ $searches | quote }} + options: + {{- range $options := .Values.dns.options }} + - {{ $options | quote }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: From 600fb427fb9381e559837ea2d0496d360802c584 Mon Sep 17 00:00:00 2001 From: haam3r Date: Mon, 12 Aug 2024 12:33:44 +0300 Subject: [PATCH 2/4] Fix flow control and values.yaml definitions --- deploy/eck-operator/templates/statefulset.yaml | 15 +++++++++------ deploy/eck-operator/values.yaml | 16 +++++++++++++--- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/deploy/eck-operator/templates/statefulset.yaml b/deploy/eck-operator/templates/statefulset.yaml index 58d34871de..e51236fbfb 100644 --- a/deploy/eck-operator/templates/statefulset.yaml +++ b/deploy/eck-operator/templates/statefulset.yaml @@ -174,20 +174,23 @@ spec: {{- if .Values.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet - {{- else if .Values.dns.policy }} - dnsPolicy: {{ .Values.dns.policy }} + {{- else if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy }} {{- end }} - {{- if .Values.dns }} + {{- if .Values.dnsConfig }} dnsConfig: nameservers: - {{- range $ns := .Values.dns.nameservers }} + {{- range $ns := .Values.dnsConfig.nameservers }} - {{ $ns | quote }} + {{- end }} searches: - {{- range $searches := .Values.dns.searches }} + {{- range $searches := .Values.dnsConfig.searches }} - {{ $searches | quote }} + {{- end }} options: - {{- range $options := .Values.dns.options }} + {{- range $options := .Values.dnsConfig.options }} - {{ $options | quote }} + {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/deploy/eck-operator/values.yaml b/deploy/eck-operator/values.yaml index 7ed5334d5e..410b9a57e7 100644 --- a/deploy/eck-operator/values.yaml +++ b/deploy/eck-operator/values.yaml @@ -46,6 +46,15 @@ statefulsetAnnotations: {} # statefulsetLabels define additional labels that should be added to the operator StatefulSet. statefulsetLabels: {} +# dnsPolicy defines the DNS policy for the operator pod. +dnsPolicy: None + +# dnsConfig defines the DNS configuration for the operator pod. +dnsConfig: + nameservers: [] + options: [] + searches: [] + # podAnnotations define the annotations that should be added to the operator pod. podAnnotations: {} @@ -266,7 +275,8 @@ config: disableConfigWatch: false # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods. - exposedNodeLabels: [ "topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*" ] + exposedNodeLabels: + ["topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*"] # ipFamily specifies the IP family to use. Possible values: IPv4, IPv6 and "" (auto-detect) ipFamily: "" @@ -302,7 +312,6 @@ config: # Prometheus PodMonitor configuration # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor podMonitor: - # enabled determines whether a podMonitor should deployed to scrape the eck metrics. # This requires the prometheus operator and the config.metrics.port not to be 0 enabled: false @@ -333,7 +342,8 @@ podMonitor: # Prometheus ServiceMonitor configuration # Only used when config.enableSecureMetrics is true # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#servicemonitor -serviceMonitor: {} +serviceMonitor: + {} # namespace determines in which namespace the serviceMonitor will be deployed. # If not set the serviceMonitor will be created in the namespace where the Helm release is installed into From f71251cde51ebf6ef02da000265fa4afb9c5e6e1 Mon Sep 17 00:00:00 2001 From: haam3r Date: Mon, 12 Aug 2024 12:57:43 +0300 Subject: [PATCH 3/4] dns policy and config should be defined together. Document dns policy options --- .../eck-operator/templates/statefulset.yaml | 4 ++-- deploy/eck-operator/values.yaml | 19 ++++++++++--------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/deploy/eck-operator/templates/statefulset.yaml b/deploy/eck-operator/templates/statefulset.yaml index e51236fbfb..b314e67c60 100644 --- a/deploy/eck-operator/templates/statefulset.yaml +++ b/deploy/eck-operator/templates/statefulset.yaml @@ -174,10 +174,10 @@ spec: {{- if .Values.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet - {{- else if .Values.dnsPolicy }} + {{- else if and (.Values.dnsPolicy) (.Values.dnsConfig) }} dnsPolicy: {{ .Values.dnsPolicy }} {{- end }} - {{- if .Values.dnsConfig }} + {{- if and (.Values.dnsConfig) (.Values.dnsPolicy) }} dnsConfig: nameservers: {{- range $ns := .Values.dnsConfig.nameservers }} diff --git a/deploy/eck-operator/values.yaml b/deploy/eck-operator/values.yaml index 410b9a57e7..30e86e4412 100644 --- a/deploy/eck-operator/values.yaml +++ b/deploy/eck-operator/values.yaml @@ -46,15 +46,6 @@ statefulsetAnnotations: {} # statefulsetLabels define additional labels that should be added to the operator StatefulSet. statefulsetLabels: {} -# dnsPolicy defines the DNS policy for the operator pod. -dnsPolicy: None - -# dnsConfig defines the DNS configuration for the operator pod. -dnsConfig: - nameservers: [] - options: [] - searches: [] - # podAnnotations define the annotations that should be added to the operator pod. podAnnotations: {} @@ -155,6 +146,16 @@ webhook: # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled. # CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host. hostNetwork: false +# +# dnsPolicy defines the DNS policy for the operator pod. Available options are: +# - ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, is forwarded to an upstream nameserver by the DNS server +# - ClusterFirstWithHostNet: For Pods running with hostNetwork, you should explicitly set its DNS policy to "ClusterFirstWithHostNet". Otherwise, Pods running with hostNetwork and "ClusterFirst" will fallback to the behavior of the "Default" policy. +# - Default: The Pod inherits the name resolution configuration from the node that the Pods run on +# - None: It allows a Pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec. +dnsPolicy: "" + +# dnsConfig defines the DNS configuration for the operator pod. +dnsConfig: {} softMultiTenancy: # enabled determines whether the operator is installed with soft multi-tenancy extensions. From 61d03180b52c325d1c3f2863d972529fcbb71ff7 Mon Sep 17 00:00:00 2001 From: haam3r Date: Mon, 12 Aug 2024 14:19:12 +0300 Subject: [PATCH 4/4] Take full yaml direct from values --- deploy/eck-operator/templates/statefulset.yaml | 13 +------------ deploy/eck-operator/values.yaml | 8 ++++++++ 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/deploy/eck-operator/templates/statefulset.yaml b/deploy/eck-operator/templates/statefulset.yaml index b314e67c60..b8fdd6ae1b 100644 --- a/deploy/eck-operator/templates/statefulset.yaml +++ b/deploy/eck-operator/templates/statefulset.yaml @@ -179,18 +179,7 @@ spec: {{- end }} {{- if and (.Values.dnsConfig) (.Values.dnsPolicy) }} dnsConfig: - nameservers: - {{- range $ns := .Values.dnsConfig.nameservers }} - - {{ $ns | quote }} - {{- end }} - searches: - {{- range $searches := .Values.dnsConfig.searches }} - - {{ $searches | quote }} - {{- end }} - options: - {{- range $options := .Values.dnsConfig.options }} - - {{ $options | quote }} - {{- end }} + {{- .Values.dnsConfig | toYaml | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/deploy/eck-operator/values.yaml b/deploy/eck-operator/values.yaml index 30e86e4412..f9f0e37845 100644 --- a/deploy/eck-operator/values.yaml +++ b/deploy/eck-operator/values.yaml @@ -155,6 +155,14 @@ hostNetwork: false dnsPolicy: "" # dnsConfig defines the DNS configuration for the operator pod. +# dnsConfig: +# nameservers: +# - 169.254.20.10 +# searches: +# - svc.cluster.local +# options: +# - name: ndots +# value: "2" dnsConfig: {} softMultiTenancy: