Do not assume systemd-resolved for resolv.conf

We currently assume on some distribution that systemd-resolved is used and therefore we can use /run/systemd/resolve/resolv.conf to pass to the kubelet configuration. This breaks if the distribution is configured differently (use another DNS service) and force us to special case. Instead, detect if systemd-resolved is running dynamically and set kube_resolv_conf default accordingly.
kubernetes-sigs · Dec 18, 2024 · e4d3a6f · e4d3a6f
1 parent 03de8ff
commit e4d3a6f
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 43 deletions.
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
@@ -6,7 +6,7 @@ kubelet_address: "{{ ip | default(fallback_ip) }}{{ (',' + ip6) if enable_dual_s
 kubelet_bind_address: "{{ ip | default('0.0.0.0') }}"
 
 # resolv.conf to base dns config
-kube_resolv_conf: "/etc/resolv.conf"
+kube_resolv_conf: "{{ '/run/systemd/resolve/resolv.conf' if 'systemd-resolved' in active_dns_services else '/etc/resolv.conf' }}"
 
 # Set to empty to avoid cgroup creation
 kubelet_enforce_node_allocatable: "\"\""

diff --git a/roles/kubernetes/node/vars/fedora.yml b/roles/kubernetes/node/vars/fedora.yml
diff --git a/roles/kubernetes/node/vars/ubuntu-18.yml b/roles/kubernetes/node/vars/ubuntu-18.yml
diff --git a/roles/kubernetes/node/vars/ubuntu-20.yml b/roles/kubernetes/node/vars/ubuntu-20.yml
diff --git a/roles/kubernetes/node/vars/ubuntu-22.yml b/roles/kubernetes/node/vars/ubuntu-22.yml
diff --git a/roles/kubernetes/node/vars/ubuntu-24.yml b/roles/kubernetes/node/vars/ubuntu-24.yml
diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
@@ -58,21 +58,17 @@
     - not (disable_host_nameservers | default(false))
     - dns_mode in ['coredns', 'coredns_dual']
 
-- name: NetworkManager | Check if host has NetworkManager
-  # noqa command-instead-of-module - Should we use service_facts for this?
-  command: systemctl is-active --quiet NetworkManager.service
-  register: networkmanager_enabled
-  failed_when: false
-  changed_when: false
-  check_mode: false
+- name: Register which network services are active
+  systemd:
+    name: "{{ item }}.service"
+  loop:
+    - NetworkManager
+    - systemd-resolved
+  register: network_services
 
-- name: Check systemd-resolved
-  # noqa command-instead-of-module - Should we use service_facts for this?
-  command: systemctl is-active systemd-resolved
-  register: systemd_resolved_enabled
-  failed_when: false
-  changed_when: false
-  check_mode: false
+- name: Save list of active network service
+  set_fact:
+    active_dns_services: "{{ network_services.results | selectattr('status.ActiveState', '==', 'active') | map(attribute='item') }}"
 
 - name: Set default dns if remove_default_searchdomains is false
   set_fact:

diff --git a/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml b/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml
@@ -8,7 +8,7 @@
     mode: '0600'
     backup: true
   when:
-    - nameserverentries != "127.0.0.53" or systemd_resolved_enabled.rc != 0
+    - nameserverentries != "127.0.0.53" or 'systemd-resolved' not in active_dns_services
   notify: Preinstall | update resolvconf for networkmanager
 
 - name: Set default dns if remove_default_searchdomains is false

diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
@@ -29,8 +29,8 @@
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
-    - systemd_resolved_enabled.rc != 0
-    - networkmanager_enabled.rc != 0
+    - ('systemd-resolved' not in active_dns_services )
+    - ('NetworkManager' not in active_dns_services )
   tags:
     - bootstrap-os
     - resolvconf
@@ -40,27 +40,26 @@
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
-    - systemd_resolved_enabled.rc == 0
+    - ('systemd-resolved' in active_dns_services )
   tags:
     - bootstrap-os
     - resolvconf
 
-- name: Apply networkmanager unmanaged devices settings
-  import_tasks: 0062-networkmanager-unmanaged-devices.yml
-  when:
-    - networkmanager_enabled.rc == 0
-  tags:
-    - bootstrap-os
-
-- name: Apply networkmanager DNS settings
-  import_tasks: 0063-networkmanager-dns.yml
-  when:
-    - dns_mode != 'none'
-    - resolvconf_mode == 'host_resolvconf'
-    - networkmanager_enabled.rc == 0
+- name: NetworkManager | Apply settings
+  when: ('NetworkManager' in active_dns_services )
   tags:
     - bootstrap-os
-    - resolvconf
+  block:
+    - name: Apply networkmanager unmanaged devices settings
+      import_tasks: 0062-networkmanager-unmanaged-devices.yml
+
+    - name: Apply networkmanager DNS settings
+      import_tasks: 0063-networkmanager-dns.yml
+      when:
+        - dns_mode != 'none'
+        - resolvconf_mode == 'host_resolvconf'
+      tags:
+        - resolvconf
 
 - name: Install required system packages
   import_tasks: 0070-system-packages.yml