Merge pull request #18089 from ArtfulCoder/oneNSAgain

SkyDNS is the only NS for Pods with DNSPolicy=ClusterFirst
2025-07-28 05:57:25 +00:00 · 2015-12-07 10:20:29 -08:00 · 2015-12-07 10:20:29 -08:00 · bb3f49e526
commit bb3f49e526
parent 33eda2ffb5 6c3a88cb3a
5 changed files with 28 additions and 13 deletions
--- a/cmd/integration/integration.go
+++ b/cmd/integration/integration.go
@ -216,7 +216,7 @@ func startComponents(firstManifestURL, secondManifestURL string) (string, string
 		3*time.Second,  /* NodeStatusUpdateFrequency */
 		10*time.Second, /* SyncFrequency */
 		40,             /* MaxPods */
-		cm)
+		cm, net.ParseIP("127.0.0.1"))
 	kubeletapp.RunKubelet(kcfg)
 	// Kubelet (machine)
@ -249,7 +249,8 @@ func startComponents(firstManifestURL, secondManifestURL string) (string, string
 		10*time.Second, /* SyncFrequency */
 		40, /* MaxPods */
-		cm)
+		cm,
 		net.ParseIP("127.0.0.1"))
 	kubeletapp.RunKubelet(kcfg)
 	return apiServer.URL, configFilePath
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@ -701,7 +701,7 @@ func SimpleKubelet(client *client.Client,
 	osInterface kubecontainer.OSInterface,
 	fileCheckFrequency, httpCheckFrequency, minimumGCAge, nodeStatusUpdateFrequency, syncFrequency time.Duration,
 	maxPods int,
-	containerManager cm.ContainerManager) *KubeletConfig {
+	containerManager cm.ContainerManager, clusterDNS net.IP) *KubeletConfig {
 	imageGCPolicy := kubelet.ImageGCPolicy{
 		HighThresholdPercent: 90,
 		LowThresholdPercent:  80,
@ -716,6 +716,7 @@ func SimpleKubelet(client *client.Client,
 		CAdvisorInterface:         cadvisorInterface,
 		CgroupRoot:                "",
 		Cloud:                     cloud,
 		ClusterDNS:                clusterDNS,
 		ConfigFile:                configFilePath,
 		ContainerManager:          containerManager,
 		ContainerRuntime:          "docker",
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@ -1465,7 +1465,7 @@ func (kl *Kubelet) podFieldSelectorRuntimeValue(fs *api.ObjectFieldSelector, pod
 // domains of the cluster.
 func (kl *Kubelet) getClusterDNS(pod *api.Pod) ([]string, []string, error) {
 	var hostDNS, hostSearch []string
-	// Get host DNS settings and append them to cluster DNS settings.
+	// Get host DNS settings
 	if kl.resolverConfig != "" {
 		f, err := os.Open(kl.resolverConfig)
 		if err != nil {
@ -1478,7 +1478,19 @@ func (kl *Kubelet) getClusterDNS(pod *api.Pod) ([]string, []string, error) {
 			return nil, nil, err
 		}
 	}
-	if pod.Spec.DNSPolicy != api.DNSClusterFirst {
+	useClusterFirstPolicy := pod.Spec.DNSPolicy == api.DNSClusterFirst
 	if useClusterFirstPolicy && kl.clusterDNS == nil {
 		// clusterDNS is not known.
 		// pod with ClusterDNSFirst Policy cannot be created
 		kl.recorder.Eventf(pod, api.EventTypeWarning, "MissingClusterDNS", "kubelet does not have ClusterDNS IP configured and cannot create Pod using %q policy. Falling back to DNSDefault policy.", pod.Spec.DNSPolicy)
 		log := fmt.Sprintf("kubelet does not have ClusterDNS IP configured and cannot create Pod using %q policy. pod:%q. Falling back to DNSDefault policy.", pod.Spec.DNSPolicy, kubecontainer.GetPodFullName(pod))
 		kl.recorder.Eventf(kl.nodeRef, api.EventTypeWarning, "MissingClusterDNS", log)
 		// fallback to DNSDefault
 		useClusterFirstPolicy = false
 	}
 	if !useClusterFirstPolicy {
 		// When the kubelet --resolv-conf flag is set to the empty string, use
 		// DNS settings that override the docker default (which is to use
 		// /etc/resolv.conf) and effectivly disable DNS lookups. According to
@ -1492,13 +1504,13 @@ func (kl *Kubelet) getClusterDNS(pod *api.Pod) ([]string, []string, error) {
 		}
 		return hostDNS, hostSearch, nil
 	}
 	var dns, dnsSearch []string
-	if kl.clusterDNS != nil {
+	// for a pod with DNSClusterFirst policy, the cluster DNS server is the only nameserver configured for
-		dns = append([]string{kl.clusterDNS.String()}, hostDNS...)
+	// the pod. The cluster DNS server itself will forward queries to other nameservers that is configured to use,
-	} else {
+	// in case the cluster DNS server cannot resolve the DNS query itself
-		dns = hostDNS
+	dns := []string{kl.clusterDNS.String()}
-	}
+
 	var dnsSearch []string
 	if kl.clusterDomain != "" {
 		nsSvcDomain := fmt.Sprintf("%s.svc.%s", pod.Namespace, kl.clusterDomain)
 		svcDomain := fmt.Sprintf("svc.%s", kl.clusterDomain)
--- a/pkg/kubelet/kubelet_test.go
+++ b/pkg/kubelet/kubelet_test.go
@ -1020,8 +1020,8 @@ func TestDNSConfigurationParams(t *testing.T) {
 		}
 	}
 	t.Logf("nameservers %+v", options[1].DNS)
-	if len(options[0].DNS) != len(options[1].DNS)+1 {
+	if len(options[0].DNS) != 1 {
-		t.Errorf("expected prepend of cluster nameserver, got %+v", options[0].DNS)
+		t.Errorf("expected cluster nameserver only, got %+v", options[0].DNS)
 	} else if options[0].DNS[0] != clusterNS {
 		t.Errorf("expected nameserver %s, got %v", clusterNS, options[0].DNS[0])
 	}
--- a/pkg/kubemark/hollow_kubelet.go
+++ b/pkg/kubemark/hollow_kubelet.go
@ -72,6 +72,7 @@ func NewHollowKubelet(
 			10*time.Second,         /* SyncFrequency */
 			40,                     /* MaxPods */
 			containerManager,
 			nil,
 		),
 	}
 }