-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop using ClusterFirstWithHostNet DNSPolicy for antrea-agent #4548
Stop using ClusterFirstWithHostNet DNSPolicy for antrea-agent #4548
Conversation
Codecov Report
@@ Coverage Diff @@
## main #4548 +/- ##
==========================================
- Coverage 68.51% 68.49% -0.03%
==========================================
Files 400 400
Lines 58216 58192 -24
==========================================
- Hits 39887 39858 -29
- Misses 15564 15582 +18
+ Partials 2765 2752 -13
|
8df0283
to
ffaa9ec
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
ffaa9ec
to
d3292b5
Compare
/test-all |
The DaemonSet for a CNI should not use ClusterFirstWithHostNet and should not have a dependency on cluster DNS, since cluster DNS itself depends on the CNI. Therefore, we revert to the "default" DNSPolicy for host-network Pods. The only dependency we had on cluster DNS was in the Flow Exporter, where we would try to connect to the Flow Aggregator using DNS name "flow-aggregator.flow-aggregator.svc" (by default). This would only work on Linux, and not on Windows (for Windows Nodes, the Cluster IP had to be provided instead). We update the Flow Exporter to resolve the Service Cluster IP using the K8s API instead. Notable changes: * go-ipfix is upgraded to v0.6.0 to support configuring the server name for Flow Aggregator certificate verification in the Flow Exporter * the flowAggregatorAddress parameter is no longer required in the Flow Aggregator configuration * the format for the flowCollectorAddr parameter in the Flow Exporter configuration (antrea-agent) is changed in a non backwards-compatible way. The "host" name must be provided as "flow-aggregator/flow-aggregator" instead of "flow-aggregator.flow-aggregator.svc". Fixes antrea-io#3279 Signed-off-by: Antonin Bas <abas@vmware.com>
Signed-off-by: Antonin Bas <abas@vmware.com>
d3292b5
to
a33037b
Compare
/test-all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…-io#4548) The DaemonSet for a CNI should not use ClusterFirstWithHostNet and should not have a dependency on cluster DNS, since cluster DNS itself depends on the CNI. Therefore, we revert to the "default" DNSPolicy for host-network Pods. The only dependency we had on cluster DNS was in the Flow Exporter, where we would try to connect to the Flow Aggregator using DNS name "flow-aggregator.flow-aggregator.svc" (by default). This would only work on Linux, and not on Windows (for Windows Nodes, the Cluster IP had to be provided instead). We update the Flow Exporter to resolve the Service Cluster IP using the K8s API instead. Notable changes: * go-ipfix is upgraded to v0.6.0 to support configuring the server name for Flow Aggregator certificate verification in the Flow Exporter * the flowAggregatorAddress parameter is no longer required in the Flow Aggregator configuration * the format for the flowCollectorAddr parameter in the Flow Exporter configuration (antrea-agent) is changed in a non backwards-compatible way. The "host" name must be provided as "flow-aggregator/flow-aggregator" instead of "flow-aggregator.flow-aggregator.svc". Fixes antrea-io#3279 Signed-off-by: Antonin Bas <abas@vmware.com>
The DaemonSet for a CNI should not use ClusterFirstWithHostNet and should not have a dependency on cluster DNS, since cluster DNS itself depends on the CNI. Therefore, we revert to the "default" DNSPolicy for host-network Pods.
The only dependency we had on cluster DNS was in the Flow Exporter, where we would try to connect to the Flow Aggregator using DNS name "flow-aggregator.flow-aggregator.svc" (by default). This would only work on Linux, and not on Windows (for Windows Nodes, the Cluster IP had to be provided instead). We update the Flow Exporter to resolve the Service Cluster IP using the K8s API instead.
Notable changes:
Fixes #3279
Signed-off-by: Antonin Bas abas@vmware.com