Skip to content

Commit

Permalink
Merge pull request #4921 from jparrill/backport_r2.4/OCPBUGS-29391
Browse files Browse the repository at this point in the history
[release-2.4] 🐛 fix: Fix instance PrivateDNSName when domain-name is set in dhcpOpts
  • Loading branch information
k8s-ci-robot authored Apr 11, 2024
2 parents 3ee30c2 + 362a226 commit 1c23009
Show file tree
Hide file tree
Showing 18 changed files with 442 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVolumes",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ Resources:
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- ec2:DescribeDhcpOptions
- ec2:DescribeVpcAttribute
- ec2:DescribeVpcEndpoints
- ec2:DescribeVolumes
Expand Down
8 changes: 8 additions & 0 deletions controllers/awsmachine_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ func TestAWSMachineReconcilerIntegrationTests(t *testing.T) {
}}})
g.Expect(err).To(BeNil())
cs.Cluster = &clusterv1.Cluster{ObjectMeta: metav1.ObjectMeta{Name: "test-cluster"}}
cs.AWSCluster.Spec.NetworkSpec.VPC = infrav1.VPCSpec{
ID: "vpc-exists",
CidrBlock: "10.0.0.0/16",
}
cs.AWSCluster.Status.Network.APIServerELB.DNSName = DNSName
cs.AWSCluster.Spec.ControlPlaneLoadBalancer = &infrav1.AWSLoadBalancerSpec{
LoadBalancerType: infrav1.LoadBalancerTypeClassic,
Expand Down Expand Up @@ -283,6 +287,10 @@ func TestAWSMachineReconcilerIntegrationTests(t *testing.T) {
g.Expect(err).To(BeNil())
cs.Cluster = &clusterv1.Cluster{ObjectMeta: metav1.ObjectMeta{Name: "test-cluster"}}
cs.AWSCluster.Status.Network.APIServerELB.DNSName = DNSName
cs.AWSCluster.Spec.NetworkSpec.VPC = infrav1.VPCSpec{
ID: "vpc-exists",
CidrBlock: "10.0.0.0/16",
}
cs.AWSCluster.Spec.ControlPlaneLoadBalancer = &infrav1.AWSLoadBalancerSpec{
LoadBalancerType: infrav1.LoadBalancerTypeClassic,
}
Expand Down
62 changes: 62 additions & 0 deletions pkg/cloud/services/ec2/instances.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
"github.com/pkg/errors"
"k8s.io/utils/ptr"

Expand Down Expand Up @@ -913,6 +914,8 @@ func (s *Service) SDKToInstance(v *ec2.Instance) (*infrav1.Instance, error) {

func (s *Service) getInstanceAddresses(instance *ec2.Instance) []clusterv1.MachineAddress {
addresses := []clusterv1.MachineAddress{}
// Check if the DHCP Option Set has domain name set
domainName := s.GetDHCPOptionSetDomainName(s.EC2Client, instance.VpcId)
for _, eni := range instance.NetworkInterfaces {
privateDNSAddress := clusterv1.MachineAddress{
Type: clusterv1.MachineInternalDNS,
Expand All @@ -922,8 +925,18 @@ func (s *Service) getInstanceAddresses(instance *ec2.Instance) []clusterv1.Machi
Type: clusterv1.MachineInternalIP,
Address: aws.StringValue(eni.PrivateIpAddress),
}

addresses = append(addresses, privateDNSAddress, privateIPAddress)

if domainName != nil {
// Add secondary private DNS Name with domain name set in DHCP Option Set
additionalPrivateDNSAddress := clusterv1.MachineAddress{
Type: clusterv1.MachineInternalDNS,
Address: fmt.Sprintf("%s.%s", strings.Split(privateDNSAddress.Address, ".")[0], *domainName),
}
addresses = append(addresses, additionalPrivateDNSAddress)
}

// An elastic IP is attached if association is non nil pointer
if eni.Association != nil {
publicDNSAddress := clusterv1.MachineAddress{
Expand All @@ -937,6 +950,7 @@ func (s *Service) getInstanceAddresses(instance *ec2.Instance) []clusterv1.Machi
addresses = append(addresses, publicDNSAddress, publicIPAddress)
}
}

return addresses
}

Expand Down Expand Up @@ -1035,6 +1049,54 @@ func (s *Service) ModifyInstanceMetadataOptions(instanceID string, options *infr
return nil
}

// GetDHCPOptionSetDomainName returns the domain DNS name for the VPC from the DHCP Options.
func (s *Service) GetDHCPOptionSetDomainName(ec2client ec2iface.EC2API, vpcID *string) *string {
log := s.scope.GetLogger()

if vpcID == nil {
log.Info("vpcID is nil, skipping DHCP Option Set discovery")
return nil
}

vpcInput := &ec2.DescribeVpcsInput{
VpcIds: []*string{vpcID},
}

vpcResult, err := ec2client.DescribeVpcs(vpcInput)
if err != nil {
log.Info("failed to describe VPC, skipping DHCP Option Set discovery", "vpcID", *vpcID, "Error", err.Error())
return nil
}

dhcpInput := &ec2.DescribeDhcpOptionsInput{
DhcpOptionsIds: []*string{vpcResult.Vpcs[0].DhcpOptionsId},
}

dhcpResult, err := ec2client.DescribeDhcpOptions(dhcpInput)
if err != nil {
log.Error(err, "failed to describe DHCP Options Set", "DhcpOptionsSet", *dhcpResult)
return nil
}

for _, dhcpConfig := range dhcpResult.DhcpOptions[0].DhcpConfigurations {
if *dhcpConfig.Key == "domain-name" {
if len(dhcpConfig.Values) == 0 {
return nil
}
domainName := dhcpConfig.Values[0].Value
// default domainName is 'ec2.internal' in us-east-1 and 'region.compute.internal' in the other regions.
if (s.scope.Region() == "us-east-1" && *domainName == "ec2.internal") ||
(s.scope.Region() != "us-east-1" && *domainName == fmt.Sprintf("%s.compute.internal", s.scope.Region())) {
return nil
}

return domainName
}
}

return nil
}

// filterGroups filters a list for a string.
func filterGroups(list []string, strToFilter string) (newList []string) {
for _, item := range list {
Expand Down
Loading

0 comments on commit 1c23009

Please sign in to comment.