kubeadm: Create dnsIP by selecting the tenth IP from k8s svc CIDR

[madhukar32]

What this PR does / why we need it:

Creates dnsIP by selecting the ninth IP from k8s svc cluster IP, instead of appending 0 to the k8s svcIP string.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #51997

Special notes for your reviewer:
This is helpful when we have service cluster range CIDR as 10.87.116.64/26 (for example), previously this would have failed while parsing the dnsIP, as we used to append a 0 to the k8s svc clusterIP string. This will get the same dnsIP 10.96.0.10 for very widely used service cluster range CIDR 10.96.0.0/12

Release note:

None

[madhukar32]

/assign @krousey

[dixudx]

Why adding 9?

[madhukar32]

Just to stick with dnsIP which is being assigned today.

Assuming that svcIP is 10.96.0.1 with the above logic the user will get dnsIP as 10.96.0.10. This is the same IP which a k8s user is getting today. Open for any other suggestion

[dixudx]

@madhukar32 Well, I think this will result in a conflict. We cannot guarantee 10.96.0.10 has been reserved only for dnsIP. It could be a svcIP, right?

[madhukar32]

@dixudx: Ok I am new to k8s so I might be completely wrong, please correct me.

We create this dnsIP in the above code(which is the svcIP for kube-dns svc) and then go and create the actual service here. After kube-dns svc is created it will be actually reserved for kube-dns svc only. Until and unless it is forcefully deleted. So we are pretty much reserving an IP today also isn't it?

[dixudx]

@madhukar32 Also this value will exceed 255, right? What's more, dnsIP consumes ip resources from service ip pool, which means we can only create half of services as before. This may cause big trouble for large cluster upgrading.

I think we'd better avoid such hard-coded way.

[madhukar32]

@dixudx: On the value, I have cross verified that it will not exceed 255 https://play.golang.org/p/KlUAsNrzFJhttps://play.golang.org/p/KlUAsNrzFJ
Just to clarify here, when I say dnsIP its the service clusterIP of kube-dns svc and it is suppose to be from service ip pool.

[GheRivero]

The 9th ip will only have the same behaviour when the service ip is .1 (but is most consistent this solution than the one we have now)

[luxas]

please use "k8s.io/kubernetes/pkg/registry/core/service/ipallocator".GetIndexedIP(svcSubnet, 10) or similar for this

[madhukar32]

@luxas: Thanks! Thats a good idea, will update the commit

[luxas]

/ok-to-test

[kevin-wangzefeng]

/retest

[madhukar32]

/retest

[madhukar32]

@kubernetes/sig-cluster-lifecycle-pr-reviews /assign @luxas

[k8s-ci-robot]

@madhukar32: Reiterating the mentions to trigger a notification:
@kubernetes/sig-cluster-lifecycle-pr-reviews.

In response to this:

@kubernetes/sig-cluster-lifecycle-pr-reviews /assign @luxas

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[luxas]

Please add --service-subnet to the kubeadm phase addons kube-dns flag with this change...

[madhukar32]

@luxas: 👍 Have added --service-cidr flag for kubeadm phase addons kube-dns. Similar to the one we have for kubeadm init

[madhukar32]

/retest

[madhukar32]

/retest

[madhukar32]

@luxas: Could you please review this once again. Have added --service-cidr flag for kubeadm phase addons kube-dns

[mattymo]

@madhukar32 Thanks for this PR! It will make the mandatory kubedns useful when using a custom service subnet.

[madhukar32]

@luxas : Could you please review this

[madhukar32]

CC @kubernetes/sig-cluster-lifecycle-pr-reviews

[k8s-ci-robot]

@madhukar32: Reiterating the mentions to trigger a notification:
@kubernetes/sig-cluster-lifecycle-pr-reviews

In response to this:

CC @kubernetes/sig-cluster-lifecycle-pr-reviews

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[luxas]

@madhukar32 If you rebase this PR I can look at it and approve it

[madhukar32]

@luxas have rebased this PR. Could you please review now

[luxas]

Thanks @madhukar32!
This basically looks good to me, but please fix the small nit and add an unit test while you do improve the code here :)

[luxas]

while you're here, please add an unit test for this function

[luxas]

and a nit: I'd prefer if you only passed serviceSubnet string here, not the full cfg object

[madhukar32]

@luxas thanks for reviewing, have taken care of your comments. Could you please check now?

[luxas]

/lgtm
/approve no-issue

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: luxas, madhukar32

Associated issue: 51997

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• cmd/kubeadm/OWNERS [luxas]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[k8s-github-robot]

Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions here.