Merge pull request #378 from gcs278/release-4.12-protocolStrategy

[release-4.12] OCPBUGS-15251: Add support for protocolStrategy API field to enable force_tcp configuration
openshift · Sep 8, 2023 · d149aee · d149aee
2 parents 1c136fe + 5f89cdd
commit d149aee
Show file tree

Hide file tree

Showing 99 changed files with 9,191 additions and 10,996 deletions.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/apparentlymart/go-cidr v1.0.0
 	github.com/google/go-cmp v0.5.8
 	github.com/kevinburke/go-bindata v3.11.0+incompatible
-	github.com/openshift/api v0.0.0-20220930102857-d010b4db08e3
+	github.com/openshift/api v0.0.0-20230816022509-b8dd6b6a619c
 	github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d
 	github.com/sirupsen/logrus v1.8.1
 	k8s.io/api v0.25.2

diff --git a/go.sum b/go.sum
@@ -217,8 +217,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
 github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
-github.com/openshift/api v0.0.0-20220930102857-d010b4db08e3 h1:0ldAlV3J+5KMZJhYRrVqyjsGWqW8iSjD4pFOlzTSKxw=
-github.com/openshift/api v0.0.0-20220930102857-d010b4db08e3/go.mod h1:HJAEIh4gLXPDdWxgCbvmJjzd9QIxyPZJtPU0u2W4vH4=
+github.com/openshift/api v0.0.0-20230816022509-b8dd6b6a619c h1:ELVtVPJIzr+DbsqJ57cb2feJmGpmam5tMLN0k5oVQe0=
+github.com/openshift/api v0.0.0-20230816022509-b8dd6b6a619c/go.mod h1:aQ6LDasvHMvHZXqLHnX2GRmnfTWCF/iIwz8EMTTIE9A=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

diff --git a/manifests/0000_70_dns-operator_00.crd.yaml b/manifests/0000_70_dns-operator_00.crd.yaml
diff --git a/pkg/operator/controller/controller_dns_configmap.go b/pkg/operator/controller/controller_dns_configmap.go
@@ -55,6 +55,9 @@ var corefileTemplate = template.Must(template.New("Corefile").Funcs(template.Fun
         {{- end}}
         {{- end}}
         policy {{ CoreDNSForwardingPolicy .Policy }}
+        {{- if eq "TCP" $fp.ProtocolStrategy }}
+        force_tcp
+        {{- end}}
     }
     {{- end}}
     errors
@@ -91,6 +94,9 @@ var corefileTemplate = template.Must(template.New("Corefile").Funcs(template.Fun
         {{- end}}
         {{- end}}
         policy {{ CoreDNSForwardingPolicy .Policy }}
+        {{- if eq "TCP" $.UpstreamResolvers.ProtocolStrategy }}
+        force_tcp
+        {{- end}}
     }
     {{- end}}
     cache {{ .PositiveTTL }} {
@@ -159,8 +165,9 @@ func desiredDNSConfigMap(dns *operatorv1.DNS, clusterDomain string, caBundleRevi
 				Type: operatorv1.SystemResolveConfType,
 			},
 		},
-		Policy:          operatorv1.SequentialForwardingPolicy,
-		TransportConfig: dns.Spec.UpstreamResolvers.TransportConfig,
+		Policy:           operatorv1.SequentialForwardingPolicy,
+		TransportConfig:  dns.Spec.UpstreamResolvers.TransportConfig,
+		ProtocolStrategy: dns.Spec.UpstreamResolvers.ProtocolStrategy,
 	}
 
 	if len(dns.Spec.UpstreamResolvers.Upstreams) > 0 {

diff --git a/pkg/operator/controller/controller_dns_configmap_test.go b/pkg/operator/controller/controller_dns_configmap_test.go
@@ -908,6 +908,88 @@ func TestDesiredDNSConfigmapUpstreamResolvers(t *testing.T) {
 			},
 			expectedCoreFile: mustLoadTestFile(t, "tls_with_non_existing_cabundle"),
 		},
+		{
+			name: "CR of protocolStrategy of TCP on ForwardPlugin",
+			dns: &operatorv1.DNS{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: DefaultDNSController,
+				},
+				Spec: operatorv1.DNSSpec{
+					Servers: []operatorv1.Server{
+						{
+							Name:  "foo",
+							Zones: []string{"foo.com"},
+							ForwardPlugin: operatorv1.ForwardPlugin{
+								Upstreams:        []string{"1.1.1.1", "2.2.2.2:5353"},
+								Policy:           operatorv1.RoundRobinForwardingPolicy,
+								ProtocolStrategy: operatorv1.ProtocolStrategyTCP,
+							},
+						},
+					},
+				},
+			},
+			expectedCoreFile: mustLoadTestFile(t, "forwardplugin_protocolstrategy_tcp"),
+		},
+		{
+			name: "CR of protocolStrategy of None or Default on ForwardPlugin",
+			dns: &operatorv1.DNS{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: DefaultDNSController,
+				},
+				Spec: operatorv1.DNSSpec{
+					Servers: []operatorv1.Server{
+						{
+							Name:  "foo",
+							Zones: []string{"foo.com"},
+							ForwardPlugin: operatorv1.ForwardPlugin{
+								Upstreams:        []string{"1.1.1.1", "2.2.2.2:5353"},
+								Policy:           operatorv1.RoundRobinForwardingPolicy,
+								ProtocolStrategy: operatorv1.ProtocolStrategyDefault,
+							},
+						},
+					},
+				},
+			},
+			expectedCoreFile: mustLoadTestFile(t, "forwardplugin_protocolstrategy_none"),
+		},
+		{
+			name: "CR with upstreamResolver with protocolStrategy of TCP",
+			dns: &operatorv1.DNS{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: DefaultDNSController,
+				},
+				Spec: operatorv1.DNSSpec{
+					UpstreamResolvers: operatorv1.UpstreamResolvers{
+						Upstreams: []operatorv1.Upstream{
+							{
+								Type: operatorv1.SystemResolveConfType,
+							},
+						},
+						ProtocolStrategy: operatorv1.ProtocolStrategyTCP,
+					},
+				},
+			},
+			expectedCoreFile: mustLoadTestFile(t, "upstreamresolver_protocolstrategy_tcp"),
+		},
+		{
+			name: "CR with upstreamResolver with protocolStrategy of Default or None",
+			dns: &operatorv1.DNS{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: DefaultDNSController,
+				},
+				Spec: operatorv1.DNSSpec{
+					UpstreamResolvers: operatorv1.UpstreamResolvers{
+						Upstreams: []operatorv1.Upstream{
+							{
+								Type: operatorv1.SystemResolveConfType,
+							},
+						},
+						ProtocolStrategy: operatorv1.ProtocolStrategyDefault,
+					},
+				},
+			},
+			expectedCoreFile: mustLoadTestFile(t, "upstreamresolver_protocolstrategy_none"),
+		},
 	}
 
 	clusterDomain := "cluster.local"

diff --git a/pkg/operator/controller/testdata/forwardplugin_protocolstrategy_none b/pkg/operator/controller/testdata/forwardplugin_protocolstrategy_none
@@ -0,0 +1,41 @@
+# foo
+foo.com:5353 {
+    prometheus 127.0.0.1:9153
+    forward . 1.1.1.1 2.2.2.2:5353 {
+        policy round_robin
+    }
+    errors
+    log . {
+        class error
+    }
+    bufsize 512
+    cache 900 {
+        denial 9984 30
+    }
+}
+.:5353 {
+    bufsize 512
+    errors
+    log . {
+        class error
+    }
+    health {
+        lameduck 20s
+    }
+    ready
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    prometheus 127.0.0.1:9153
+    forward . /etc/resolv.conf {
+        policy sequential
+    }
+    cache 900 {
+        denial 9984 30
+    }
+    reload
+}
+hostname.bind:5353 {
+    chaos
+}
diff --git a/pkg/operator/controller/testdata/forwardplugin_protocolstrategy_tcp b/pkg/operator/controller/testdata/forwardplugin_protocolstrategy_tcp
@@ -0,0 +1,42 @@
+# foo
+foo.com:5353 {
+    prometheus 127.0.0.1:9153
+    forward . 1.1.1.1 2.2.2.2:5353 {
+        policy round_robin
+        force_tcp
+    }
+    errors
+    log . {
+        class error
+    }
+    bufsize 512
+    cache 900 {
+        denial 9984 30
+    }
+}
+.:5353 {
+    bufsize 512
+    errors
+    log . {
+        class error
+    }
+    health {
+        lameduck 20s
+    }
+    ready
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    prometheus 127.0.0.1:9153
+    forward . /etc/resolv.conf {
+        policy sequential
+    }
+    cache 900 {
+        denial 9984 30
+    }
+    reload
+}
+hostname.bind:5353 {
+    chaos
+}
diff --git a/pkg/operator/controller/testdata/upstreamresolver_protocolstrategy_none b/pkg/operator/controller/testdata/upstreamresolver_protocolstrategy_none
@@ -0,0 +1,26 @@
+.:5353 {
+    bufsize 512
+    errors
+    log . {
+        class error
+    }
+    health {
+        lameduck 20s
+    }
+    ready
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    prometheus 127.0.0.1:9153
+    forward . /etc/resolv.conf {
+        policy sequential
+    }
+    cache 900 {
+        denial 9984 30
+    }
+    reload
+}
+hostname.bind:5353 {
+    chaos
+}
diff --git a/pkg/operator/controller/testdata/upstreamresolver_protocolstrategy_tcp b/pkg/operator/controller/testdata/upstreamresolver_protocolstrategy_tcp
@@ -0,0 +1,27 @@
+.:5353 {
+    bufsize 512
+    errors
+    log . {
+        class error
+    }
+    health {
+        lameduck 20s
+    }
+    ready
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    prometheus 127.0.0.1:9153
+    forward . /etc/resolv.conf {
+        policy sequential
+        force_tcp
+    }
+    cache 900 {
+        denial 9984 30
+    }
+    reload
+}
+hostname.bind:5353 {
+    chaos
+}