From 9fbf9ae1e1a74ec4b1740836739e1eaeac944d1a Mon Sep 17 00:00:00 2001 From: Dominik Froehlich Date: Thu, 12 Dec 2024 13:48:08 +0100 Subject: [PATCH] fix: use UDP for upstream DNS by default (#1032) --- pkg/admission/mutator/shoot.go | 13 ++++++++++++ pkg/admission/mutator/shoot_test.go | 32 +++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/pkg/admission/mutator/shoot.go b/pkg/admission/mutator/shoot.go index f01cb1d15..f1fe18561 100644 --- a/pkg/admission/mutator/shoot.go +++ b/pkg/admission/mutator/shoot.go @@ -15,6 +15,7 @@ import ( gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" ) @@ -108,6 +109,18 @@ func (s *shoot) Mutate(_ context.Context, newObj, oldObj client.Object) error { Raw: modifiedJSON, } } + + // Disable TCP to upstream DNS queries by default on Azure. DNS over TCP may cause performance issues on larger clusters. + if shoot.Spec.SystemComponents != nil { + if shoot.Spec.SystemComponents.NodeLocalDNS != nil { + if shoot.Spec.SystemComponents.NodeLocalDNS.Enabled { + if shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS == nil { + shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS = ptr.To(false) + } + } + } + } + return nil } diff --git a/pkg/admission/mutator/shoot_test.go b/pkg/admission/mutator/shoot_test.go index b4bbb130a..bc1d04620 100644 --- a/pkg/admission/mutator/shoot_test.go +++ b/pkg/admission/mutator/shoot_test.go @@ -185,5 +185,37 @@ var _ = Describe("Shoot mutator", func() { })) }) }) + + Context("Mutate shoot NodeLocalDNS default for ForceTCPToUpstreamDNS property", func() { + BeforeEach(func() { + shoot.Spec.SystemComponents = &gardencorev1beta1.SystemComponents{ + NodeLocalDNS: &gardencorev1beta1.NodeLocalDNS{ + Enabled: true, + }, + } + }) + + It("should not touch the ForceTCPToUpstreamDNS property if NodeLocalDNS is disabled", func() { + shoot.Spec.SystemComponents.NodeLocalDNS.Enabled = false + err := shootMutator.Mutate(ctx, shoot, nil) + Expect(err).NotTo(HaveOccurred()) + Expect(shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).To(BeNil()) + }) + + It("should not touch the ForceTCPToUpstreamDNS property if it is already set", func() { + shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS = ptr.To(true) + err := shootMutator.Mutate(ctx, shoot, nil) + Expect(err).NotTo(HaveOccurred()) + Expect(shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).ToNot(BeNil()) + Expect(*shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).To(BeTrue()) + }) + + It("should set the ForceTCPToUpstreamDNS property to false by default", func() { + err := shootMutator.Mutate(ctx, shoot, nil) + Expect(err).NotTo(HaveOccurred()) + Expect(shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).ToNot(BeNil()) + Expect(*shoot.Spec.SystemComponents.NodeLocalDNS.ForceTCPToUpstreamDNS).To(BeFalse()) + }) + }) }) })