Skip to content

Commit

Permalink
Merge pull request #50 from AlonaKaplan/psa
Browse files Browse the repository at this point in the history
Make secondary-dns deployment PSA ready
  • Loading branch information
kubevirt-bot authored Dec 19, 2022
2 parents 5e9280c + 9d86261 commit 27f994c
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 6 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
DNS for KubeVirt VirtualMachines secondary interfaces

## Prerequisites
1. The KubeSecondaryDNS Deployment should be reachable from outside the cluster.
1. The KubeSecondaryDNS Deployment which listens on port 5353 should be reachable from outside the cluster.
It can be exposed using NodePort, Load Balancer, Ingress or any other methodology.
The IP to reach the KubeSecondaryDNS from outside the cluster would be called from now on
"KubeSecondaryDNS public IP".
2. The secondary interfaces IPs must appear on the VMI status.
For this IPs should be either declared statically (i.e with CNI) or to have a guest agent installed.
For this, IPs should be either declared statically (i.e with CNI) or to have a guest agent installed.
3. Kubevirt must be installed, else the plugin would have an error.
4. If necessary, establish connectivity to KubeSecondaryDNS public IP via a relevant DNS entity that is used to
reach the authoritative KubeSecondaryDNS server, such as DNSResolver, TLD NameServer, etc.
Expand Down
2 changes: 1 addition & 1 deletion cluster/cluster.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

export KUBEVIRT_PROVIDER=${KUBEVIRT_PROVIDER:-'k8s-1.25'}
export KUBEVIRT_NUM_NODES=1
export KUBEVIRTCI_TAG='2211212125-021efaa'
export KUBEVIRTCI_TAG='2212161203-bcbedfe'

KUBEVIRTCI_REPO='https://github.com/kubevirt/kubevirtci.git'
# The CLUSTER_PATH var is used in cluster folder and points to the _kubevirtci where the cluster is deployed from.
Expand Down
1 change: 1 addition & 0 deletions cluster/up.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ set -ex pipefail

export DEPLOY_CNAO=${DEPLOY_CNAO:-true}
export DEPLOY_KUBEVIRT=${DEPLOY_KUBEVIRT:-true}
export KUBEVIRT_PSA=${KUBEVIRT_PSA:-false}

source ./cluster/cluster.sh

Expand Down
2 changes: 1 addition & 1 deletion hack/create-nodeport.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ if [ -z $NAMESPACE ]; then
exit 1
fi

${KUBECTL} expose -n ${NAMESPACE} deployment/secondary-dns --name=dns-nodeport --type=NodePort --port=31111 --target-port=53 --protocol='UDP'
${KUBECTL} expose -n ${NAMESPACE} deployment/secondary-dns --name=dns-nodeport --type=NodePort --port=31111 --target-port=5353 --protocol='UDP'
${KUBECTL} patch -n ${NAMESPACE} service/dns-nodeport --type='json' --patch='[{"op": "replace", "path": "/spec/ports/0/nodePort", "value":31111}]'
17 changes: 15 additions & 2 deletions manifests/secondarydns.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ data:
DOMAIN: ""
NAME_SERVER_IP: ""
Corefile: |
.:53 {
.:5353 {
auto {
directory /zones db\.(.*) {1}
reload 45s
Expand Down Expand Up @@ -75,15 +75,24 @@ spec:
kubectl.kubernetes.io/default-container: status-monitor
spec:
serviceAccountName: secondary
securityContext:
runAsUser: 1000
runAsNonRoot: true
seccompProfile:
type: "RuntimeDefault"
containers:
- args:
- -conf
- /etc/coredns/Corefile
image: k8s.gcr.io/coredns/coredns:v1.8.6
imagePullPolicy: IfNotPresent
name: secondary-dns
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
ports:
- containerPort: 53
- containerPort: 5353
name: dns
protocol: UDP
resources:
Expand All @@ -100,6 +109,10 @@ spec:
mountPath: /zones
readOnly: true
- name: status-monitor
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
image: registry:5000/kubevirt/kubesecondarydns:latest
volumeMounts:
- name: secdns-zones
Expand Down

0 comments on commit 27f994c

Please sign in to comment.