Skip to content

Commit 1de50f5

Browse files
thomasferrandizthomasferrandiz
committed
rke2-coredns: fix an issue where node-local-dns did not work with cilium and lrp
For now the Local Redirect Policy feature of cilium is buggy so we can't redirect packets by service. Instead we match the rke2-coredns Service IP address to redirect the packets to the node-local-dns pod.
1 parent 57bee00 commit 1de50f5

File tree

3 files changed

+17
-10
lines changed

3 files changed

+17
-10
lines changed

packages/rke2-coredns/generated-changes/overlay/templates/daemonset-nodelocal.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,11 +33,11 @@ spec:
3333
dnsPolicy: Default # Don't use cluster DNS.
3434
tolerations:
3535
- operator: Exists
36-
{{- if eq .Values.nodelocal.ipvs false }}
36+
{{- if and (eq .Values.nodelocal.ipvs false) (eq .Values.nodelocal.use_cilium_lrp false) }}
3737
initContainers:
3838
- name: wait-coredns
3939
image: {{ template "system_default_registry" . }}{{ .Values.nodelocal.initimage.repository }}:{{ .Values.nodelocal.initimage.tag }}
40-
command: ['sh', '-c', "until nc -zv -u {{ template "clusterDNSServerIP" . }} 53; do echo waiting for dns service; sleep 2; done"]
40+
command: ['sh', '-c', 'until nc -zv -u {{ template "clusterDNSServerIP" . }} 53; do echo waiting for dns service; sleep 2; done']
4141
{{- end }}
4242
containers:
4343
- name: node-cache
@@ -62,10 +62,10 @@ spec:
6262
privileged: true
6363
ports:
6464
- containerPort: 53
65-
name: udp-53
65+
name: dns
6666
protocol: UDP
6767
- containerPort: 53
68-
name: tcp-53
68+
name: dns-tcp
6969
protocol: TCP
7070
- containerPort: 9253
7171
name: metrics

packages/rke2-coredns/generated-changes/overlay/templates/lrp-nodelocal.yaml

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,19 +4,26 @@ kind: CiliumLocalRedirectPolicy
44
metadata:
55
name: "lrp-nodelocal"
66
spec:
7+
skipRedirectFromBackend: true
78
redirectFrontend:
8-
serviceMatcher:
9-
serviceName: {{ default (include "coredns.fullname" .) .Values.service.name }}
10-
namespace: {{ .Release.Namespace }}
9+
addressMatcher:
10+
ip: "{{ template "clusterDNSServerIP" . }}"
11+
toPorts:
12+
- name: tcp-53
13+
port: "53"
14+
protocol: TCP
15+
- name: udp-53
16+
port: "53"
17+
protocol: UDP
1118
redirectBackend:
1219
localEndpointSelector:
1320
matchLabels:
1421
k8s-app: node-local-dns
1522
toPorts:
1623
- port: "53"
17-
name: udp-53
24+
name: dns
1825
protocol: UDP
1926
- port: "53"
20-
name: tcp-53
27+
name: dns-tcp
2128
protocol: TCP
2229
{{- end }}

packages/rke2-coredns/package.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
url: https://github.com/coredns/helm/releases/download/coredns-1.45.0/coredns-1.45.0.tgz
2-
packageVersion: 00
2+
packageVersion: 01

0 commit comments

Comments
 (0)