fix: use UDP for upstream DNS by default (#1032)

pkg/admission/mutator/shoot.go

@@ -15,6 +15,7 @@ import (
 	gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
@@ -108,6 +109,18 @@ func (s *shoot) Mutate(_ context.Context, newObj, oldObj client.Object) error {
 			Raw: modifiedJSON,
 		}
 	}
+
+	// Disable TCP to upstream DNS queries by default on Azure. DNS over TCP may cause performance issues on larger clusters.
+	if shoot.Spec.SystemComponents != nil {
+		if shoot.Spec.SystemComponents.NodeLocalDNS != nil {
+			if shoot.Spec.SystemComponents.NodeLocalDNS.Enabled {
+				if shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS == nil {
+					shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS = ptr.To(false)
+				}
+			}
+		}
+	}
+
 	return nil
 }
 

pkg/admission/mutator/shoot_test.go

@@ -185,5 +185,37 @@ var _ = Describe("Shoot mutator", func() {
 				}))
 			})
 		})
+
+		Context("Mutate shoot NodeLocalDNS default for ForceTCPToUpstreamDNS property", func() {
+			BeforeEach(func() {
+				shoot.Spec.SystemComponents = &gardencorev1beta1.SystemComponents{
+					NodeLocalDNS: &gardencorev1beta1.NodeLocalDNS{
+						Enabled: true,
+					},
+				}
+			})
+
+			It("should not touch the ForceTCPToUpstreamDNS property if NodeLocalDNS is disabled", func() {
+				shoot.Spec.SystemComponents.NodeLocalDNS.Enabled = false
+				err := shootMutator.Mutate(ctx, shoot, nil)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).To(BeNil())
+			})
+
+			It("should not touch the ForceTCPToUpstreamDNS property if it is already set", func() {
+				shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS = ptr.To(true)
+				err := shootMutator.Mutate(ctx, shoot, nil)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).ToNot(BeNil())
+				Expect(*shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).To(BeTrue())
+			})
+
+			It("should set the ForceTCPToUpstreamDNS property to false by default", func() {
+				err := shootMutator.Mutate(ctx, shoot, nil)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).ToNot(BeNil())
+				Expect(*shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).To(BeFalse())
+			})
+		})
 	})
 })