be able to set DNS policy and config on the Kiali pod (#768)

fixes: kiali/kiali#7150
kiali · May 13, 2024 · 15aa80b · 15aa80b
1 parent 8254b51
commit 15aa80b
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 0 deletions.
diff --git a/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml b/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml
@@ -120,6 +120,14 @@ spec:
         readOnly: true
         volumeAttributes:
           secretProviderClass: kiali-secretprovider
+    dns:
+      # default: config is empty
+      config:
+        options:
+        - name: ndots
+          value: "1"
+      # default: policy is empty
+      policy: "ClusterFirst"
     hpa:
       api_version: ""
       # default: spec is empty

diff --git a/crd-docs/crd/kiali.io_kialis.yaml b/crd-docs/crd/kiali.io_kialis.yaml
@@ -335,6 +335,19 @@ spec:
                         optional:
                           description: "Indicates if the secret may or may not exist at the time the Kiali pod starts. This will default to 'false' if not specified. This is ignored if `csi` is specified - CSI secrets must exist when specified."
                           type: boolean
+                  dns:
+                    description: |
+                      The Kiali server pod's DNS configuration. Kubernetes supports different DNS policies and configurations.
+                      For further details, consult the Kubernetes documentation - https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
+                    type: object
+                    properties:
+                      config:
+                        description: DNS configuration that is applied to the DNS policy. See the Kubernetes documentation for the different configuration settings that are supported.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      policy:
+                        description: DNS policy. See the Kubernetes documentation for the different policies that are supported.
+                        type: string
                   hpa:
                     description: |
                       Determines what (if any) HorizontalPodAutoscaler should be created to autoscale the Kiali pod.

diff --git a/molecule/config-values-test/converge.yml b/molecule/config-values-test/converge.yml
@@ -88,6 +88,17 @@
       - kiali_configmap.api.namespaces.label_selector is not defined
       - kiali_configmap.api.namespaces.label_selector_include == "kiali.io/member-of=istio-system"
 
+  - name: Test the default deployment.dns is what we expect
+    vars:
+      kiali_pod_spec: "{{ kiali_pod.resources[0].spec }}"
+    assert:
+      that:
+      - kiali_configmap.deployment.dns | length == 2
+      - kiali_configmap.deployment.dns.policy | length == 0
+      - kiali_configmap.deployment.dns.config | length == 0
+      - kiali_pod_spec.dnsPolicy == "ClusterFirst"
+      - kiali_pod_spec.dnsConfig is not defined
+
   # This test will change some config settings to make sure things work like we expect.
   # We will add additional tasks and asserts in the future to test other config changes.
   # We load in the current kiali CR and then alter it with new config and deploy that new CR.
@@ -188,6 +199,17 @@
     set_fact:
       current_kiali_cr: "{{ current_kiali_cr | combine({'spec': {'auth': {'openshift': {'token_inactivity_timeout': 9876, 'token_max_age': 8765}}}}, recursive=True) }}"
 
+  - name: Change DNS config
+    vars:
+      dns_settings:
+        policy: "Default"
+        config:
+          options:
+          - name: "ndots"
+            value: "1"
+    set_fact:
+      current_kiali_cr: "{{ current_kiali_cr | combine({'spec': {'deployment': {'dns': dns_settings}}}, recursive=True) }}"
+
   - name: The new Kiali CR to be tested
     debug:
       msg: "{{ current_kiali_cr }}"
@@ -329,3 +351,16 @@
       - kiali_oauth_client_raw.resources[0].accessTokenMaxAgeSeconds == 8765
     when:
     - is_openshift == True
+
+  - name: Test the deployment.dns settings
+    vars:
+      kiali_pod_spec: "{{ kiali_pod.resources[0].spec }}"
+    assert:
+      that:
+      - kiali_configmap.deployment.dns | length == 2
+      - kiali_configmap.deployment.dns.policy == "Default"
+      - kiali_configmap.deployment.dns.config.options[0].name == "ndots"
+      - kiali_configmap.deployment.dns.config.options[0].value == "1"
+      - kiali_pod_spec.dnsPolicy == "Default"
+      - kiali_pod_spec.dnsConfig.options[0].name == "ndots"
+      - kiali_pod_spec.dnsConfig.options[0].value == "1"
diff --git a/roles/default/kiali-deploy/defaults/main.yml b/roles/default/kiali-deploy/defaults/main.yml
@@ -70,6 +70,9 @@ kiali_defaults:
     #cluster_wide_access:
     configmap_annotations: {}
     custom_secrets: []
+    dns:
+      config: {}
+      policy: ""
     host_aliases: []
     hpa:
       api_version: ""

diff --git a/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml b/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml
@@ -46,6 +46,15 @@ spec:
 {% if kiali_vars.deployment.host_aliases|length > 0 %}
       hostAliases:
         {{ kiali_vars.deployment.host_aliases | to_nice_yaml(indent=0) | trim | indent(8) }}
+{% endif %}
+{% if kiali_vars.deployment.dns | length > 0 %}
+{% if kiali_vars.deployment.dns.policy | length > 0 %}
+      dnsPolicy: "{{ kiali_vars.deployment.dns.policy }}"
+{% endif %}
+{% if kiali_vars.deployment.dns.config | length > 0 %}
+      dnsConfig:
+        {{ kiali_vars.deployment.dns.config | to_nice_yaml(indent=0) | trim | indent(8) }}
+{% endif %}
 {% endif %}
       containers:
       - image: {{ kiali_vars.deployment.image_name }}{{ '@' + kiali_vars.deployment.image_digest if kiali_vars.deployment.image_digest != '' else '' }}:{{ kiali_vars.deployment.image_version }}

diff --git a/roles/default/kiali-deploy/templates/openshift/deployment.yaml b/roles/default/kiali-deploy/templates/openshift/deployment.yaml
@@ -46,6 +46,15 @@ spec:
 {% if kiali_vars.deployment.host_aliases|length > 0 %}
       hostAliases:
         {{ kiali_vars.deployment.host_aliases | to_nice_yaml(indent=0) | trim | indent(8) }}
+{% endif %}
+{% if kiali_vars.deployment.dns | length > 0 %}
+{% if kiali_vars.deployment.dns.policy | length > 0 %}
+      dnsPolicy: "{{ kiali_vars.deployment.dns.policy }}"
+{% endif %}
+{% if kiali_vars.deployment.dns.config | length > 0 %}
+      dnsConfig:
+        {{ kiali_vars.deployment.dns.config | to_nice_yaml(indent=0) | trim | indent(8) }}
+{% endif %}
 {% endif %}
       containers:
       - image: {{ kiali_vars.deployment.image_name }}{{ '@' + kiali_vars.deployment.image_digest if kiali_vars.deployment.image_digest != '' else '' }}:{{ kiali_vars.deployment.image_version }}