From e15275eebcd1634717f7e4f34542098c5af68ca9 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Wed, 24 Apr 2024 15:16:00 -0500 Subject: [PATCH 1/3] fix: drop dnsmasq alternate ports and host ports We'll be wanting to use a load balancer IP always for dnsmasq to receive traffic at. --- components/ironic/dnsmasq-cm.yaml | 2 +- components/ironic/dnsmasq-ss.yaml | 8 ++++---- containers/dnsmasq/dnsmasq.conf.j2 | 1 - 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/components/ironic/dnsmasq-cm.yaml b/components/ironic/dnsmasq-cm.yaml index b4ea67db9..e0875d13b 100644 --- a/components/ironic/dnsmasq-cm.yaml +++ b/components/ironic/dnsmasq-cm.yaml @@ -10,7 +10,7 @@ data: # external IP address of Ingress. Used to populate DNS A records for the # Understack components INGRESS_IP: 192.168.1.177 - DNS_PORT: '1053' + DNS_PORT: '53' LOG_DNS_QUERIES: 'true' LOG_DHCP_QUERIES: 'true' # If you want to print rendered dnsmasq.conf in the logs diff --git a/components/ironic/dnsmasq-ss.yaml b/components/ironic/dnsmasq-ss.yaml index 93ad75a65..3564a2a6c 100644 --- a/components/ironic/dnsmasq-ss.yaml +++ b/components/ironic/dnsmasq-ss.yaml @@ -37,12 +37,12 @@ spec: - configMapRef: name: ironic-dnsmasq ports: - - containerPort: 1053 + - name: dns + containerPort: 53 protocol: UDP - hostPort: 53 - - containerPort: 1067 + - name: dhcp + containerPort: 67 protocol: UDP - hostPort: 67 volumeMounts: - name: pod-tmp mountPath: /tmp diff --git a/containers/dnsmasq/dnsmasq.conf.j2 b/containers/dnsmasq/dnsmasq.conf.j2 index acadf1321..c2aee287f 100644 --- a/containers/dnsmasq/dnsmasq.conf.j2 +++ b/containers/dnsmasq/dnsmasq.conf.j2 @@ -15,7 +15,6 @@ bind-interfaces # DNS port to listen on, set to 0 to disable port={{ env.DNS_PORT | default(53) }} -dhcp-alternate-port=1067,68 {% if env.LOG_DNS_QUERIES | default(False, True) %} # enable DNS logging From e37b26cb9b188a20b27a9f7c19ec274e343c2f34 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Wed, 24 Apr 2024 15:21:56 -0500 Subject: [PATCH 2/3] fix: create the required service for the dnsmasq statefulset statefulsets need to have a service that is their headless service so that the pod IPs can be retrieved. https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/ https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ --- components/ironic/dnsmasq-ss.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/components/ironic/dnsmasq-ss.yaml b/components/ironic/dnsmasq-ss.yaml index 3564a2a6c..e09b4ae38 100644 --- a/components/ironic/dnsmasq-ss.yaml +++ b/components/ironic/dnsmasq-ss.yaml @@ -1,9 +1,29 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: ironic-dnsmasq + labels: + application: ironic-dnsmasq +spec: + ports: + - name: dns + port: 53 + protocol: UDP + - name: dhcp + port: 67 + protocol: UDP + clusterIP: None + selector: + application: ironic-dnsmasq +--- apiVersion: apps/v1 kind: StatefulSet metadata: name: ironic-dnsmasq namespace: openstack spec: + serviceName: ironic-dnsmasq replicas: 1 selector: matchLabels: From 2ba2e2b6dfae108a81bc0d400e96f0dd8e679578 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Wed, 24 Apr 2024 15:24:45 -0500 Subject: [PATCH 3/3] fix: drop ingress-nginx using a hostPort Don't use a hostPort for ingress-nginx. --- bootstrap/ingress-nginx/values.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/bootstrap/ingress-nginx/values.yaml b/bootstrap/ingress-nginx/values.yaml index b13eb6679..6c939de5e 100644 --- a/bootstrap/ingress-nginx/values.yaml +++ b/bootstrap/ingress-nginx/values.yaml @@ -1,7 +1,2 @@ controller: replicaCount: 1 - hostPort: - enabled: true - ports: - http: 80 - https: 443