include additional sandns entry for pod ip (#2608)

Signed-off-by: Abhijeet V <[email protected]>

.gitignore

@@ -147,3 +147,5 @@ pids
 
 # Optional REPL history
 .node_repl_history
+
+.vscode/

libs/go/sia/host/utils/utils.go

@@ -48,7 +48,7 @@ func GetHostname(fqdn bool) string {
 
 // GetK8SHostnames Generate pod/svc hostnames based on k8s spec:
 // https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods
-func GetK8SHostnames(clusterZone string) (string, []string) {
+func GetK8SHostnames(clusterZone string, podIpSandns bool) (string, []string) {
 	k8sDnsEntries := []string{}
 	// we're going to generate two sets of additional sanDNS entries for our
 	// instances running within K8S - pod and service entries. it requires
@@ -84,6 +84,9 @@ func GetK8SHostnames(clusterZone string) (string, []string) {
 		k8sDnsEntries = append(k8sDnsEntries, fmt.Sprintf("%s.%s.pod.%s", podIPWithDashes, podNamespace, clusterZone))
 		if podService != "" {
 			k8sDnsEntries = append(k8sDnsEntries, fmt.Sprintf("%s.%s.%s.pod.%s", podIPWithDashes, podService, podNamespace, clusterZone))
+			if podIpSandns {
+				k8sDnsEntries = append(k8sDnsEntries, fmt.Sprintf("%s.%s.%s.svc.%s", podIPWithDashes, podService, podNamespace, clusterZone))
+			}
 		}
 	}
 	if podHostname != "" {

libs/go/sia/host/utils/utils_test.go

@@ -42,17 +42,19 @@ func TestGetK8SHostnames(test *testing.T) {
 		siaPodNamespace string
 		siaPodService   string
 		siaPodSubdomain string
+		podIpSandns			bool
 		sanDNSList      []string
 	}{
-		{"no-entries", "", "", "", "", "", []string{}},
-		{"pod-ip-no-ns", "", "10.11.12.13", "", "", "", []string{}},
-		{"pod-ns-only", "", "", "api-ns", "", "", []string{}},
-		{"pod-ip-only", "", "10.11.12.13", "api-ns", "", "", []string{"10-11-12-13.api-ns.pod.cluster.local"}},
-		{"pod-ip-svc", "", "10.11.12.13", "api-ns", "api", "", []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}},
-		{"pod-name-no-ns", "pod-1", "", "", "", "", []string{}},
-		{"pod-name-only", "pod-1", "", "api-ns", "", "", []string{"pod-1.api-ns.svc.cluster.local"}},
-		{"pod-name-subdomain", "pod-1", "", "api-ns", "", "api-sub", []string{"pod-1.api-sub.api-ns.svc.cluster.local"}},
-		{"pod-all-values", "pod-1", "10.11.12.13", "api-ns", "api", "api-sub", []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "pod-1.api-sub.api-ns.svc.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}},
+		{"no-entries", "", "", "", "", "", false, []string{}},
+		{"pod-ip-no-ns", "", "10.11.12.13", "", "", "", false, []string{}},
+		{"pod-ns-only", "", "", "api-ns", "", "", false, []string{}},
+		{"pod-ip-only", "", "10.11.12.13", "api-ns", "", "", false, []string{"10-11-12-13.api-ns.pod.cluster.local"}},
+		{"pod-ip-svc", "", "10.11.12.13", "api-ns", "api", "", false, []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}},
+		{"pod-name-no-ns", "pod-1", "", "", "", "", false, []string{}},
+		{"pod-name-only", "pod-1", "", "api-ns", "", "", false, []string{"pod-1.api-ns.svc.cluster.local"}},
+		{"pod-name-subdomain", "pod-1", "", "api-ns", "", "api-sub", false, []string{"pod-1.api-sub.api-ns.svc.cluster.local"}},
+		{"pod-all-values", "pod-1", "10.11.12.13", "api-ns", "api", "api-sub", false, []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "pod-1.api-sub.api-ns.svc.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}},
+		{"pod-all-values-podip-sandns", "pod-1", "10.11.12.13", "api-ns", "api", "api-sub", true, []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.svc.cluster.local", "pod-1.api-sub.api-ns.svc.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}},
 	}
 	for _, tt := range tests {
 		test.Run(tt.name, func(t *testing.T) {
@@ -61,7 +63,7 @@ func TestGetK8SHostnames(test *testing.T) {
 			_ = os.Setenv("ATHENZ_SIA_POD_NAMESPACE", tt.siaPodNamespace)
 			_ = os.Setenv("ATHENZ_SIA_POD_SERVICE", tt.siaPodService)
 			_ = os.Setenv("ATHENZ_SIA_POD_SUBDOMAIN", tt.siaPodSubdomain)
-			ns, sanList := GetK8SHostnames("cluster.local")
+			ns, sanList := GetK8SHostnames("cluster.local", tt.podIpSandns)
 			assert.Equal(t, tt.siaPodNamespace, ns)
 			assert.Equal(t, len(tt.sanDNSList), len(sanList))
 			for i := 0; i < len(sanList); i++ {

provider/aws/sia-eks/cmd/siad/main.go

@@ -91,7 +91,7 @@ func main() {
 	opts.ZTSCACertFile = *ztsCACert
 	opts.ZTSServerName = *ztsServerName
 	opts.ZTSAWSDomains = strings.Split(*dnsDomains, ",")
-	spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local")
+	spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local", false)
 	opts.SpiffeNamespace = spiffeNamespace
 	if len(addlSanDNSEntries) > 0 {
 		opts.AddlSanDNSEntries = append(opts.AddlSanDNSEntries, addlSanDNSEntries...)

provider/gcp/sia-gke/cmd/siad/main.go

@@ -107,7 +107,7 @@ func main() {
 	opts.ZTSCACertFile = *ztsCACert
 	opts.ZTSServerName = *ztsServerName
 	opts.ZTSCloudDomains = strings.Split(*dnsDomains, ",")
-	spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local")
+	spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local", false)
 	opts.SpiffeNamespace = spiffeNamespace
 	if len(addlSanDNSEntries) > 0 {
 		opts.AddlSanDNSEntries = append(opts.AddlSanDNSEntries, addlSanDNSEntries...)