From 31fc88fd8357717036d71303fb901698292033ff Mon Sep 17 00:00:00 2001 From: Abhijeet V <31417623+abvaidya@users.noreply.github.com> Date: Tue, 7 May 2024 15:07:45 -0700 Subject: [PATCH] include additional sandns entry for pod ip (#2608) Signed-off-by: Abhijeet V <31417623+abvaidya@users.noreply.github.com> --- .gitignore | 2 ++ libs/go/sia/host/utils/utils.go | 5 ++++- libs/go/sia/host/utils/utils_test.go | 22 ++++++++++++---------- provider/aws/sia-eks/cmd/siad/main.go | 2 +- provider/gcp/sia-gke/cmd/siad/main.go | 2 +- 5 files changed, 20 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index 2dcf4f18ebf..ce3cda5189e 100644 --- a/.gitignore +++ b/.gitignore @@ -147,3 +147,5 @@ pids # Optional REPL history .node_repl_history + +.vscode/ diff --git a/libs/go/sia/host/utils/utils.go b/libs/go/sia/host/utils/utils.go index 2ab21aa8c40..c45b37a2c10 100644 --- a/libs/go/sia/host/utils/utils.go +++ b/libs/go/sia/host/utils/utils.go @@ -48,7 +48,7 @@ func GetHostname(fqdn bool) string { // GetK8SHostnames Generate pod/svc hostnames based on k8s spec: // https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods -func GetK8SHostnames(clusterZone string) (string, []string) { +func GetK8SHostnames(clusterZone string, podIpSandns bool) (string, []string) { k8sDnsEntries := []string{} // we're going to generate two sets of additional sanDNS entries for our // instances running within K8S - pod and service entries. it requires @@ -84,6 +84,9 @@ func GetK8SHostnames(clusterZone string) (string, []string) { k8sDnsEntries = append(k8sDnsEntries, fmt.Sprintf("%s.%s.pod.%s", podIPWithDashes, podNamespace, clusterZone)) if podService != "" { k8sDnsEntries = append(k8sDnsEntries, fmt.Sprintf("%s.%s.%s.pod.%s", podIPWithDashes, podService, podNamespace, clusterZone)) + if podIpSandns { + k8sDnsEntries = append(k8sDnsEntries, fmt.Sprintf("%s.%s.%s.svc.%s", podIPWithDashes, podService, podNamespace, clusterZone)) + } } } if podHostname != "" { diff --git a/libs/go/sia/host/utils/utils_test.go b/libs/go/sia/host/utils/utils_test.go index 561f45c5410..649485eb003 100644 --- a/libs/go/sia/host/utils/utils_test.go +++ b/libs/go/sia/host/utils/utils_test.go @@ -42,17 +42,19 @@ func TestGetK8SHostnames(test *testing.T) { siaPodNamespace string siaPodService string siaPodSubdomain string + podIpSandns bool sanDNSList []string }{ - {"no-entries", "", "", "", "", "", []string{}}, - {"pod-ip-no-ns", "", "10.11.12.13", "", "", "", []string{}}, - {"pod-ns-only", "", "", "api-ns", "", "", []string{}}, - {"pod-ip-only", "", "10.11.12.13", "api-ns", "", "", []string{"10-11-12-13.api-ns.pod.cluster.local"}}, - {"pod-ip-svc", "", "10.11.12.13", "api-ns", "api", "", []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}}, - {"pod-name-no-ns", "pod-1", "", "", "", "", []string{}}, - {"pod-name-only", "pod-1", "", "api-ns", "", "", []string{"pod-1.api-ns.svc.cluster.local"}}, - {"pod-name-subdomain", "pod-1", "", "api-ns", "", "api-sub", []string{"pod-1.api-sub.api-ns.svc.cluster.local"}}, - {"pod-all-values", "pod-1", "10.11.12.13", "api-ns", "api", "api-sub", []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "pod-1.api-sub.api-ns.svc.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}}, + {"no-entries", "", "", "", "", "", false, []string{}}, + {"pod-ip-no-ns", "", "10.11.12.13", "", "", "", false, []string{}}, + {"pod-ns-only", "", "", "api-ns", "", "", false, []string{}}, + {"pod-ip-only", "", "10.11.12.13", "api-ns", "", "", false, []string{"10-11-12-13.api-ns.pod.cluster.local"}}, + {"pod-ip-svc", "", "10.11.12.13", "api-ns", "api", "", false, []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}}, + {"pod-name-no-ns", "pod-1", "", "", "", "", false, []string{}}, + {"pod-name-only", "pod-1", "", "api-ns", "", "", false, []string{"pod-1.api-ns.svc.cluster.local"}}, + {"pod-name-subdomain", "pod-1", "", "api-ns", "", "api-sub", false, []string{"pod-1.api-sub.api-ns.svc.cluster.local"}}, + {"pod-all-values", "pod-1", "10.11.12.13", "api-ns", "api", "api-sub", false, []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "pod-1.api-sub.api-ns.svc.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}}, + {"pod-all-values-podip-sandns", "pod-1", "10.11.12.13", "api-ns", "api", "api-sub", true, []string{"10-11-12-13.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.pod.cluster.local", "10-11-12-13.api.api-ns.svc.cluster.local", "pod-1.api-sub.api-ns.svc.cluster.local", "api.api-ns.svc.cluster.local", "api.api-ns.svc"}}, } for _, tt := range tests { test.Run(tt.name, func(t *testing.T) { @@ -61,7 +63,7 @@ func TestGetK8SHostnames(test *testing.T) { _ = os.Setenv("ATHENZ_SIA_POD_NAMESPACE", tt.siaPodNamespace) _ = os.Setenv("ATHENZ_SIA_POD_SERVICE", tt.siaPodService) _ = os.Setenv("ATHENZ_SIA_POD_SUBDOMAIN", tt.siaPodSubdomain) - ns, sanList := GetK8SHostnames("cluster.local") + ns, sanList := GetK8SHostnames("cluster.local", tt.podIpSandns) assert.Equal(t, tt.siaPodNamespace, ns) assert.Equal(t, len(tt.sanDNSList), len(sanList)) for i := 0; i < len(sanList); i++ { diff --git a/provider/aws/sia-eks/cmd/siad/main.go b/provider/aws/sia-eks/cmd/siad/main.go index 75b790e1059..15b2f654614 100644 --- a/provider/aws/sia-eks/cmd/siad/main.go +++ b/provider/aws/sia-eks/cmd/siad/main.go @@ -91,7 +91,7 @@ func main() { opts.ZTSCACertFile = *ztsCACert opts.ZTSServerName = *ztsServerName opts.ZTSAWSDomains = strings.Split(*dnsDomains, ",") - spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local") + spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local", false) opts.SpiffeNamespace = spiffeNamespace if len(addlSanDNSEntries) > 0 { opts.AddlSanDNSEntries = append(opts.AddlSanDNSEntries, addlSanDNSEntries...) diff --git a/provider/gcp/sia-gke/cmd/siad/main.go b/provider/gcp/sia-gke/cmd/siad/main.go index 443659cd490..c1d4e4ef4c2 100644 --- a/provider/gcp/sia-gke/cmd/siad/main.go +++ b/provider/gcp/sia-gke/cmd/siad/main.go @@ -107,7 +107,7 @@ func main() { opts.ZTSCACertFile = *ztsCACert opts.ZTSServerName = *ztsServerName opts.ZTSCloudDomains = strings.Split(*dnsDomains, ",") - spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local") + spiffeNamespace, addlSanDNSEntries := utils.GetK8SHostnames("cluster.local", false) opts.SpiffeNamespace = spiffeNamespace if len(addlSanDNSEntries) > 0 { opts.AddlSanDNSEntries = append(opts.AddlSanDNSEntries, addlSanDNSEntries...)