Merge pull request #393 from arkadeepsen/enable-ocp-dnsnameresolver

CFE-852: Enable ocp_dnsnameresolver CoreDNS plugin

cmd/dns-operator/main.go

@@ -59,12 +59,13 @@ func main() {
 	if err != nil {
 		logrus.Fatalf("failed to get kube config %v", err)
 	}
+	ctx := signals.SetupSignalHandler()
 	// Set up and start the operator.
-	op, err := operator.New(operatorConfig, kubeConfig)
+	op, err := operator.New(ctx, operatorConfig, kubeConfig)
 	if err != nil {
 		logrus.Fatalf("failed to create operator: %v", err)
 	}
-	if err := op.Start(signals.SetupSignalHandler()); err != nil {
+	if err := op.Start(ctx); err != nil {
 		logrus.Fatalf("failed to start operator: %v", err)
 	}
 }

go.mod

@@ -6,26 +6,30 @@ require (
 	github.com/apparentlymart/go-cidr v1.0.0
 	github.com/go-logr/logr v1.2.4
 	github.com/google/go-cmp v0.5.9
-	github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a
+	github.com/openshift/api v0.0.0-20231024112103-79b9cd5e6020
 	github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d
+	github.com/openshift/client-go v0.0.0-20231024221206-506d798bc61c
+	github.com/openshift/library-go v0.0.0-20231102154438-cfcf2b4fbc87
 	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.8.2
 	k8s.io/api v0.28.3
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3
 	k8s.io/kubectl v0.28.3
-	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/controller-runtime v0.16.3
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -49,6 +53,7 @@ require (
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/robfig/cron v1.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
 	golang.org/x/net v0.17.0 // indirect
@@ -63,10 +68,14 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.28.3 // indirect
+	k8s.io/apiserver v0.28.3 // indirect
 	k8s.io/component-base v0.28.3 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-aggregator v0.28.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )

go.sum

@@ -2,6 +2,8 @@ github.com/apparentlymart/go-cidr v1.0.0 h1:lGDvXx8Lv9QHjrAVP7jyzleG4F9+FkRhJcEs
 github.com/apparentlymart/go-cidr v1.0.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -16,6 +18,8 @@ github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJ
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -75,10 +79,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
-github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a h1:tz6xYik+q1q6o/AXoRZeGkk2idio130xeh2R1ZBNqGM=
-github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a/go.mod h1:4VWG+W22wrB4HfBL88P40DxLEpSOaiBVxUnfalfJo9k=
+github.com/openshift/api v0.0.0-20231024112103-79b9cd5e6020 h1:oJfieDRL/5RJLu11oSpgZsI8EmGniTrQn/SyC6BZc68=
+github.com/openshift/api v0.0.0-20231024112103-79b9cd5e6020/go.mod h1:qNtV0315F+f8ld52TLtPvrfivZpdimOzTi3kn9IVbtU=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
+github.com/openshift/client-go v0.0.0-20231024221206-506d798bc61c h1:xfag+wccUqc9EdrWsnprD6x5KG2WE+iKGFfFELCwwRA=
+github.com/openshift/client-go v0.0.0-20231024221206-506d798bc61c/go.mod h1:3BkYp+FtKD2TypMD0nTPkVsxUaY4fJPLEMFMlOLtrJM=
+github.com/openshift/library-go v0.0.0-20231102154438-cfcf2b4fbc87 h1:GcaI98ric0Q3WbZsTh8cIE39pgw12v3s3xuiIFO5zQ0=
+github.com/openshift/library-go v0.0.0-20231102154438-cfcf2b4fbc87/go.mod h1:8UzmrBMCn7+GzouL8DVYkL9COBQTB1Ggd13/mHJQCUg=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -92,6 +100,8 @@ github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdO
 github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
 github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
 github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
+github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ=
+github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -180,24 +190,31 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
 k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
 k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08=
+k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc=
 k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
 k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
+k8s.io/apiserver v0.28.3 h1:8Ov47O1cMyeDzTXz0rwcfIIGAP/dP7L8rWbEljRcg5w=
+k8s.io/apiserver v0.28.3/go.mod h1:YIpM+9wngNAv8Ctt0rHG4vQuX/I5rvkEMtZtsxW2rNM=
 k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
 k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
 k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI=
 k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-aggregator v0.28.3 h1:CVbj3+cpshSHR5dWPzLYx3sVpIDEPLlzMSxY/lAc9cM=
+k8s.io/kube-aggregator v0.28.3/go.mod h1:5DyLevbRTcWnT1f9b+lB3BfbXC1w7gDa/OtB6kKInCw=
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
 k8s.io/kubectl v0.28.3 h1:H1Peu1O3EbN9zHkJCcvhiJ4NUj6lb88sGPO5wrWIM6k=
 k8s.io/kubectl v0.28.3/go.mod h1:RDAudrth/2wQ3Sg46fbKKl4/g+XImzvbsSRZdP2RiyE=
-k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
-k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
 sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 h1:PFWFSkpArPNJxFX4ZKWAk9NSeRoZaXschn+ULa4xVek=
+sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96/go.mod h1:EOBQyBowOUsd7U4CJnMHNE0ri+zCXyouGdLwC/jZU+I=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

manifests/0000_70_dns-operator_00-cluster-role.yaml

@@ -111,3 +111,27 @@ rules:
   - clusteroperators/status
   verbs:
   - update
+
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - featuregates
+  verbs:
+  - get
+  - list
+  - watch
+
+- apiGroups:
+  - network.openshift.io
+  resources:
+  - dnsnameresolvers
+  verbs:
+  - list
+  - watch
+
+- apiGroups:
+  - network.openshift.io
+  resources:
+  - dnsnameresolvers/status
+  verbs:
+  - update

pkg/operator/controller/controller.go

@@ -3,9 +3,10 @@ package controller
 import (
 	"context"
 	"fmt"
-	"k8s.io/apimachinery/pkg/util/sets"
 	"net"
 
+	"k8s.io/apimachinery/pkg/util/sets"
+
 	configv1 "github.com/openshift/api/config/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 
@@ -68,12 +69,14 @@ var managedDNSNamespaceLabels = sets.NewString(
 // DNS resources.
 //
 // The controller will be pre-configured to watch for DNS resources.
-func New(mgr manager.Manager, config operatorconfig.Config) (controller.Controller, error) {
+func New(mgr manager.Manager, config Config) (controller.Controller, error) {
 	operatorCache := mgr.GetCache()
 	reconciler := &reconciler{
-		Config: config,
-		client: mgr.GetClient(),
-		cache:  operatorCache,
+		Config:                    config.Config,
+		client:                    mgr.GetClient(),
+		cache:                     operatorCache,
+		dnsNameResolverEnabled:    config.DNSNameResolverEnabled,
+		dnsNameResolverNamespaces: config.DNSNameResolverNamespaces,
 	}
 	c, err := controller.New(controllerName, mgr, controller.Options{Reconciler: reconciler})
 	if err != nil {
@@ -137,13 +140,33 @@ func New(mgr manager.Manager, config operatorconfig.Config) (controller.Controll
 	return c, nil
 }
 
+// Config holds all the configuration that must be provided when creating the
+// controller.
+type Config struct {
+	// DNSNameResolverEnabled indicates that the "DNSNameResolver" featuregate is enabled.
+	DNSNameResolverEnabled bool
+	// DNSNameResolverNamespaces are the namespaces which will be watched for the
+	// DNSNameResolver resources and updated by the CoreDNS pods if the "DNSNameResolver"
+	// featuregate is enabled.
+	DNSNameResolverNamespaces []string
+
+	operatorconfig.Config
+}
+
 // reconciler handles the actual dns reconciliation logic in response to
 // events.
 type reconciler struct {
 	operatorconfig.Config
 
 	client client.Client
 	cache  cache.Cache
+
+	// dnsNameResolverEnabled indicates that the "DNSNameResolver" featuregate is enabled.
+	dnsNameResolverEnabled bool
+	// dnsNameResolverNamespaces are the namespaces which will be watched for the
+	// DNSNameResolver resources and updated by the CoreDNS pods the "DNSNameResolver"
+	// featuregate is enabled.
+	dnsNameResolverNamespaces []string
 }
 
 // Reconcile expects request to refer to a dns and will do all the work

pkg/operator/controller/controller_cluster_role.go

@@ -20,7 +20,7 @@ func (r *reconciler) ensureDNSClusterRole() (bool, *rbacv1.ClusterRole, error) {
 	if err != nil {
 		return false, nil, err
 	}
-	desired := desiredDNSClusterRole()
+	desired := desiredDNSClusterRole(r.dnsNameResolverEnabled)
 
 	switch {
 	case !haveCR:
@@ -51,11 +51,27 @@ func (r *reconciler) currentDNSClusterRole() (bool, *rbacv1.ClusterRole, error)
 	return true, current, nil
 }
 
-func desiredDNSClusterRole() *rbacv1.ClusterRole {
+func desiredDNSClusterRole(dnsNameResolverEnabled bool) *rbacv1.ClusterRole {
 	cr := manifests.DNSClusterRole()
+	if dnsNameResolverEnabled {
+		addDNSNameResolverPolicyRule(cr)
+	}
 	return cr
 }
 
+func addDNSNameResolverPolicyRule(cr *rbacv1.ClusterRole) {
+	cr.Rules = append(cr.Rules, rbacv1.PolicyRule{
+		APIGroups: []string{"network.openshift.io"},
+		Resources: []string{"dnsnameresolvers"},
+		Verbs:     []string{"list", "watch"},
+	})
+	cr.Rules = append(cr.Rules, rbacv1.PolicyRule{
+		APIGroups: []string{"network.openshift.io"},
+		Resources: []string{"dnsnameresolvers/status"},
+		Verbs:     []string{"update"},
+	})
+}
+
 func (r *reconciler) updateDNSClusterRole(current, desired *rbacv1.ClusterRole) (bool, error) {
 	changed, updated := clusterRoleChanged(current, desired)
 	if !changed {

pkg/operator/controller/controller_dns_configmap.go

@@ -68,6 +68,11 @@ var corefileTemplate = template.Must(template.New("Corefile").Funcs(template.Fun
     cache {{ $.PositiveTTL }} {
         denial 9984 {{ $.NegativeTTL }}
     }
+    {{- if eq true $.OCPDNSNameResolver}}
+    ocp_dnsnameresolver {
+        namespaces {{range $.DNSNameResolverNamespaces}}{{.}} {{end}}
+    }
+    {{- end}}
 }
 {{end -}}
 .:5353 {
@@ -103,6 +108,11 @@ var corefileTemplate = template.Must(template.New("Corefile").Funcs(template.Fun
         denial 9984 {{ .NegativeTTL }}
     }
     reload
+    {{- if eq true $.OCPDNSNameResolver}}
+    ocp_dnsnameresolver {
+        namespaces {{range $.DNSNameResolverNamespaces}}{{.}} {{end}}
+    }
+    {{- end}}
 }
 hostname.bind:5353 {
     chaos
@@ -115,7 +125,7 @@ func (r *reconciler) ensureDNSConfigMap(dns *operatorv1.DNS, clusterDomain strin
 	if err != nil {
 		return false, nil, fmt.Errorf("failed to get configmap: %v", err)
 	}
-	desired, err := desiredDNSConfigMap(dns, clusterDomain, caBundleRevisionMap)
+	desired, err := desiredDNSConfigMap(dns, clusterDomain, caBundleRevisionMap, r.dnsNameResolverEnabled, r.dnsNameResolverNamespaces)
 	if err != nil {
 		return haveCM, current, fmt.Errorf("failed to build configmap: %v", err)
 	}
@@ -149,7 +159,7 @@ func (r *reconciler) currentDNSConfigMap(dns *operatorv1.DNS) (bool, *corev1.Con
 	return true, current, nil
 }
 
-func desiredDNSConfigMap(dns *operatorv1.DNS, clusterDomain string, caBundleRevisionMap map[string]string) (*corev1.ConfigMap, error) {
+func desiredDNSConfigMap(dns *operatorv1.DNS, clusterDomain string, caBundleRevisionMap map[string]string, dnsNameResolverEnabled bool, dnsNameResolverNamespaces []string) (*corev1.ConfigMap, error) {
 	if len(clusterDomain) == 0 {
 		clusterDomain = "cluster.local"
 	}
@@ -196,27 +206,31 @@ func desiredDNSConfigMap(dns *operatorv1.DNS, clusterDomain string, caBundleRevi
 	pTTL, nTTL := coreDNSCache(dns)
 
 	corefileParameters := struct {
-		ClusterDomain       string
-		Servers             interface{}
-		UpstreamResolvers   operatorv1.UpstreamResolvers
-		PolicyStr           func(policy operatorv1.ForwardingPolicy) string
-		LogLevel            string
-		CABundleRevisionMap map[string]string
-		CABundleFileName    string
-		LameDuckDuration    time.Duration
-		PositiveTTL         uint32
-		NegativeTTL         uint32
+		ClusterDomain             string
+		Servers                   interface{}
+		UpstreamResolvers         operatorv1.UpstreamResolvers
+		PolicyStr                 func(policy operatorv1.ForwardingPolicy) string
+		LogLevel                  string
+		CABundleRevisionMap       map[string]string
+		CABundleFileName          string
+		LameDuckDuration          time.Duration
+		PositiveTTL               uint32
+		NegativeTTL               uint32
+		OCPDNSNameResolver        bool
+		DNSNameResolverNamespaces []string
 	}{
-		ClusterDomain:       clusterDomain,
-		Servers:             dns.Spec.Servers,
-		UpstreamResolvers:   upstreamResolvers,
-		PolicyStr:           coreDNSPolicy,
-		LogLevel:            coreDNSLogLevel(dns),
-		CABundleRevisionMap: caBundleRevisionMap,
-		CABundleFileName:    caBundleFileName,
-		LameDuckDuration:    lameDuckDuration,
-		PositiveTTL:         pTTL,
-		NegativeTTL:         nTTL,
+		ClusterDomain:             clusterDomain,
+		Servers:                   dns.Spec.Servers,
+		UpstreamResolvers:         upstreamResolvers,
+		PolicyStr:                 coreDNSPolicy,
+		LogLevel:                  coreDNSLogLevel(dns),
+		CABundleRevisionMap:       caBundleRevisionMap,
+		CABundleFileName:          caBundleFileName,
+		LameDuckDuration:          lameDuckDuration,
+		PositiveTTL:               pTTL,
+		NegativeTTL:               nTTL,
+		OCPDNSNameResolver:        dnsNameResolverEnabled,
+		DNSNameResolverNamespaces: dnsNameResolverNamespaces,
 	}
 	corefile := new(bytes.Buffer)
 	if err := corefileTemplate.Execute(corefile, corefileParameters); err != nil {