diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go index c53649a6482..dfd740ed2e0 100644 --- a/cmd/antrea-agent/agent.go +++ b/cmd/antrea-agent/agent.go @@ -528,7 +528,7 @@ func run(o *Options) error { nodeConfig, podNetworkWait, l7Reconciler, - uint32(o.config.FqdnCacheMinTTL), + uint32(o.config.FQDNCacheMinTTL), ) if err != nil { return fmt.Errorf("error creating new NetworkPolicy controller: %v", err) diff --git a/cmd/antrea-agent/options.go b/cmd/antrea-agent/options.go index 1d16a2c88d1..4b08d4435e9 100644 --- a/cmd/antrea-agent/options.go +++ b/cmd/antrea-agent/options.go @@ -155,8 +155,7 @@ func (o *Options) validate(args []string) error { return fmt.Errorf("nodeType %s requires feature gate ExternalNode to be enabled", o.config.NodeType) } - // validate FqdnCacheMinTTL - if o.config.FqdnCacheMinTTL < 0 { + if o.config.FQDNCacheMinTTL < 0 { return fmt.Errorf("fqdnCacheMinTTL must be greater than or equal to 0") } diff --git a/pkg/agent/controller/networkpolicy/fqdn_test.go b/pkg/agent/controller/networkpolicy/fqdn_test.go index a3109a91de3..1d4cf28cdf0 100644 --- a/pkg/agent/controller/networkpolicy/fqdn_test.go +++ b/pkg/agent/controller/networkpolicy/fqdn_test.go @@ -824,9 +824,9 @@ func TestParseDNSResponseOnFQDNCacheMinTTL(t *testing.T) { dnsMsg := getDNSMsg(tc.responseTTL) _, responseIPs, err := f.parseDNSResponse(dnsMsg) require.NoError(t, err) - expectedTTL := currentTime.Add(tc.expectedTTL * time.Second) - assert.Equal(t, expectedTTL, responseIPs[testIPv4].expirationTime) - assert.Equal(t, expectedTTL, responseIPs[testIPv6].expirationTime) + expectedExpirationTime := currentTime.Add(tc.expectedTTL * time.Second) + assert.Equal(t, expectedExpirationTime, responseIPs[testIPv4].expirationTime) + assert.Equal(t, expectedExpirationTime, responseIPs[testIPv6].expirationTime) }) } } diff --git a/pkg/agent/controller/networkpolicy/networkpolicy_controller.go b/pkg/agent/controller/networkpolicy/networkpolicy_controller.go index 949496d7f29..7e0d792cef4 100644 --- a/pkg/agent/controller/networkpolicy/networkpolicy_controller.go +++ b/pkg/agent/controller/networkpolicy/networkpolicy_controller.go @@ -196,7 +196,8 @@ func NewNetworkPolicyController(antreaClientGetter client.AntreaClientProvider, gwPort, tunPort uint32, nodeConfig *config.NodeConfig, podNetworkWait *utilwait.Group, - l7Reconciler *l7engine.Reconciler, fqdnCacheMinTTL uint32) (*Controller, error) { + l7Reconciler *l7engine.Reconciler, + fqdnCacheMinTTL uint32) (*Controller, error) { idAllocator := newIDAllocator(asyncRuleDeleteInterval, dnsInterceptRuleID) c := &Controller{ antreaClientProvider: antreaClientGetter, diff --git a/pkg/config/agent/config.go b/pkg/config/agent/config.go index 2e9d09f0f45..52f72900563 100644 --- a/pkg/config/agent/config.go +++ b/pkg/config/agent/config.go @@ -155,10 +155,10 @@ type AgentConfig struct { // Defaults to "". It must be a host string or a host:port pair of the DNS server (e.g. 10.96.0.10, // 10.96.0.10:53, [fd00:10:96::a]:53). DNSServerOverride string `yaml:"dnsServerOverride,omitempty"` - // The minTTL setting helps address the problem of applications caching DNS response IPs indefinitely. + // The FQDNCacheMinTTL setting helps address the problem of applications caching DNS response IPs indefinitely. // The Cluster administrators should configure this value, ideally setting it to be equal to or greater than the maximum TTL // value of the application's DNS cache. - FqdnCacheMinTTL int `yaml:"fqdnCacheMinTTL,omitempty"` + FQDNCacheMinTTL int `yaml:"fqdnCacheMinTTL,omitempty"` // Cipher suites to use. TLSCipherSuites string `yaml:"tlsCipherSuites,omitempty"` // TLS min version. diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go index 8fffae7a93e..475f5921ca7 100644 --- a/test/e2e/antreapolicy_test.go +++ b/test/e2e/antreapolicy_test.go @@ -5275,12 +5275,13 @@ func testAntreaClusterNetworkPolicyStats(t *testing.T, data *TestData) { // It validates the functionality of the new minTTL configuration, which is used for scenarios // where applications may cache DNS responses beyond the TTL defined in original DNS response. // The minTTL value enforces that resolved IPs remain in datapath rules for as long as -// applications might cache them, thereby preventing intermittent network connectivity issues to the FQDN concerned. -// Actual test logic runs in testWithFQDNCacheMinTTL, which gets called by TestFQDNCacheMinTTL with 2 fqdnCacheMinTTL values -// where `0` represents a default value when fqdnCacheMinTTL is unset . +// applications might cache them, thereby preventing intermittent network connectivity issues +// to the FQDN concerned. Actual test logic runs in testWithFQDNCacheMinTTL, which gets called +// by TestFQDNCacheMinTTL with 2 fqdnCacheMinTTL values where `0` represents a default value +// when fqdnCacheMinTTL is unset . func TestFQDNCacheMinTTL(t *testing.T) { - testWithFQDNCacheMinTTL(t, 0) - testWithFQDNCacheMinTTL(t, 10) + t.Run("FQDNCacheMinTTL-unset", func(t *testing.T) { testWithFQDNCacheMinTTL(t, 0) }) + t.Run("FQDNCacheMinTTL-set-to-10s", func(t *testing.T) { testWithFQDNCacheMinTTL(t, 10) }) } func testWithFQDNCacheMinTTL(t *testing.T, fqdnCacheMinTTL int) { @@ -5295,12 +5296,6 @@ func testWithFQDNCacheMinTTL(t *testing.T, fqdnCacheMinTTL int) { skipIfIPv6Cluster(t) skipIfNotRequired(t, "mode-irrelevant") - if fqdnCacheMinTTL == 0 { - t.Logf("Running the test with FQDNCacheMinTTL unset") - } else { - t.Logf("Running the test with FQDNCacheMinTTL set to %d ", fqdnCacheMinTTL) - } - data, err := setupTest(t) if err != nil { t.Fatalf("Error when setting up test: %v", err) @@ -5339,8 +5334,8 @@ func testWithFQDNCacheMinTTL(t *testing.T, fqdnCacheMinTTL int) { createCustomDNSPod(t, data, configMap.Name) // set the custom DNS server IP address in Antrea ConfigMap. - setDNSServerAddressInAntrea(t, data, dnsServiceIP) - defer setDNSServerAddressInAntrea(t, data, "") //reset after the test. + setDNSServerAddressInAntrea(t, data, dnsServiceIP, fqdnCacheMinTTL) + defer setDNSServerAddressInAntrea(t, data, "", 0) //reset after the test. createPolicyForFQDNCacheMinTTL(t, data, testFQDN, "test-anp-fqdn", "custom-dns", "fqdn-cache-test") require.NoError(t, NewPodBuilder(toolboxPodName, data.testNamespace, ToolboxImage). @@ -5359,7 +5354,6 @@ func testWithFQDNCacheMinTTL(t *testing.T, fqdnCacheMinTTL int) { } return stdout, nil } - setFQDNCacheMinTTLInAntrea(t, data, fqdnCacheMinTTL) assert.EventuallyWithT(t, func(t *assert.CollectT) { _, err := curlFQDN(testFQDN) @@ -5390,33 +5384,31 @@ func testWithFQDNCacheMinTTL(t *testing.T, fqdnCacheMinTTL int) { // The wait time here should be slightly longer than the reload value specified in the custom DNS configuration. // TODO: This assertion verifies the fix to the issue described in https://github.com/antrea-io/antrea/issues/6229. t.Logf("Trying to curl the existing cached IP of the domain: %s", fqdnIP) - assert.EventuallyWithT(t, func(t *assert.CollectT) { - _, err := curlFQDN(fqdnIP) - assert.Error(t, err) - }, 20*time.Second, 1*time.Second) - -} -// setDNSServerAddressInAntrea sets or resets the custom DNS server IP address in Antrea ConfigMap. -func setDNSServerAddressInAntrea(t *testing.T, data *TestData, dnsServiceIP string) { - agentChanges := func(config *agentconfig.AgentConfig) { - config.DNSServerOverride = dnsServiceIP + if fqdnCacheMinTTL == 0 { + // fqdnCacheMinTTL is unset , hence we expect an error in connection . + assert.EventuallyWithT(t, func(t *assert.CollectT) { + _, err := curlFQDN(fqdnIP) + assert.Error(t, err) + }, 20*time.Second, 1*time.Second) + } else { + // fqdnCacheMinTTL is set hence we expect no error at least till the period equivalent to fqdnCacheMinTTL's value. + assert.EventuallyWithT(t, func(t *assert.CollectT) { + _, err := curlFQDN(fqdnIP) + assert.NoError(t, err) + }, time.Duration(fqdnCacheMinTTL)*time.Second, 1*time.Second) } - err := data.mutateAntreaConfigMap(nil, agentChanges, false, true) - require.NoError(t, err, "Error when setting up custom DNS server IP in Antrea configmap") - - t.Logf("DNSServerOverride set to %q in Antrea Agent config", dnsServiceIP) } -// setFQDNCacheMinTTLInAntrea sets or resets the FQDNCacheMinTTL in Antrea ConfigMap. -func setFQDNCacheMinTTLInAntrea(t *testing.T, data *TestData, fqdnCacheMinTTL int) { +// setDNSServerAddressInAntrea sets or resets the custom DNS server IP address and FQDNCacheMinTTL in Antrea ConfigMap. +func setDNSServerAddressInAntrea(t *testing.T, data *TestData, dnsServiceIP string, fqdnCacheMinTTL int) { agentChanges := func(config *agentconfig.AgentConfig) { - config.FqdnCacheMinTTL = fqdnCacheMinTTL + config.DNSServerOverride = dnsServiceIP + config.FQDNCacheMinTTL = fqdnCacheMinTTL } err := data.mutateAntreaConfigMap(nil, agentChanges, false, true) - require.NoError(t, err, "Error when setting up FQDNCacheMinTTL in Antrea configmap") - - t.Logf("FQDNCacheMinTTL set to %d in Antrea Agent config", fqdnCacheMinTTL) + require.NoError(t, err, "Error when setting up custom DNS server IP and FQDNCacheMinTTL in Antrea configmap") + t.Logf("DNSServerOverride set to %q and FQDNCacheMinTTL set to %d in Antrea Agent config", dnsServiceIP, fqdnCacheMinTTL) } // createPolicyForFQDNCacheMinTTL creates a FQDN policy in the specified Namespace.