Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix DNS lookup failures in L4 services #3775

Merged
merged 2 commits into from
Feb 19, 2019
Merged

Fix DNS lookup failures in L4 services #3775

merged 2 commits into from
Feb 19, 2019

Conversation

kppullin
Copy link
Contributor

What this PR does / why we need it:

While adding an e2e test for #3615 (comment) I ran into DNS lookup failures when resolving DNS for external name TCP & UDP services. Any external name TCP & UDP services defined with a hostname (vs raw IP address) do not work due to the failing DNS lookups.

This PR fixes these DNS failures.

Details

Before this change, nginx.tmpl set the nameservers variable on tcp_udp_configuration.lua. However, no code references this variable. Instead, both balancer.lua and tcp_udp_balancer.lua load dns.lua, and dns.lua always references configuration.nameservers.

This PR removes the nameservers variable from tcp_udp_configuration, updates the nginx template's stream config to initialize the nameservers variable on configuration.lua, and adds an e2e test to validate a L4 TCP external name service by performing a DNS lookup on google's nameservers.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 17, 2019
ElvinEfendi
ElvinEfendi reviewed Feb 19, 2019
View reviewed changes
test/e2e/tcpudp/tcp.go
Update(svc)
Expect(err).NotTo(HaveOccurred(), "unexpected error updating service")

// Update the TCP configmap to link port 5353 to the DNS external name service
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you use UpdateNginxConfigMapData helper function instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took a look at UpdateNginxConfigMapData, however it appears hard coded to update the nginx-configuration configmap (copied below). This bit of test code here needs to update the tcp-services configmap. Would you suggest extending UpdateNginxConfigMapData to accept a parameter with the configmap name or leave as is?

config, err := f.KubeClientSet.
		CoreV1().
		ConfigMaps(f.IngressController.Namespace).
		Get("nginx-configuration", metav1.GetOptions{})

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, I missed that.

ElvinEfendi
ElvinEfendi reviewed Feb 19, 2019
View reviewed changes
rootfs/etc/nginx/template/nginx.tmpl
configuration = res
configuration.nameservers = { {{ buildResolversForLua $cfg.Resolver $cfg.DisableIpv6DNS }} }
end

Copy link
Member

@ElvinEfendi ElvinEfendi Feb 19, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not the concern of this PR, but we should really have just configuration.lua. This applies to other stream subsyste Lu code duplication as well.

There's an interface ngx.config.subsystem available where we can dynamically check whether it is http or stream subsystem when the module loads. An example: https://github.com/openresty/lua-resty-core/blob/b4c6bd2554a6a27dbca5d637fb18be9a54ec61f6/lib/resty/core/base.lua#L18

@ElvinEfendi
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 19, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ElvinEfendi, kppullin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 19, 2019
@k8s-ci-robot k8s-ci-robot merged commit 201718e into kubernetes:master Feb 19, 2019
@kppullin
Copy link
Contributor Author

Thank you @ElvinEfendi!

@kppullin kppullin deleted the fix-l4-dns-resolve-failures branch February 19, 2019 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ElvinEfendi ElvinEfendi ElvinEfendi left review comments

@aledbf aledbf Awaiting requested review from aledbf

Assignees

@ElvinEfendi ElvinEfendi

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kppullin @ElvinEfendi @k8s-ci-robot @kppullin-nt