dns-controller: Filter node InternalIPs by pod network families

tioxy · Oct 30, 2021 · 2cebd7e · 2cebd7e
1 parent f0b5a0e
commit 2cebd7e
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 9 deletions.
diff --git a/dns-controller/cmd/dns-controller/main.go b/dns-controller/cmd/dns-controller/main.go
@@ -54,6 +54,7 @@ func main() {
 	fmt.Printf("dns-controller version %s\n", BuildVersion)
 	var dnsServer, dnsProviderID, gossipListen, gossipSecret, watchNamespace, metricsListen, gossipProtocol, gossipSecretSecondary, gossipListenSecondary, gossipProtocolSecondary string
 	var gossipSeeds, gossipSeedsSecondary, zones []string
+	var internalIpv4, internalIpv6 bool
 	var watchIngress bool
 	var updateInterval int
 
@@ -73,6 +74,8 @@ func main() {
 	flag.StringVar(&gossipListenSecondary, "gossip-listen-secondary", fmt.Sprintf("0.0.0.0:%d", wellknownports.DNSControllerGossipMemberlist), "address:port on which to bind for gossip")
 	flags.StringVar(&gossipSecretSecondary, "gossip-secret-secondary", gossipSecret, "Secret to use to secure gossip")
 	flags.StringSliceVar(&gossipSeedsSecondary, "gossip-seed-secondary", gossipSeedsSecondary, "If set, will enable gossip zones and seed using the provided addresses")
+	flags.BoolVar(&internalIpv4, "internal-ipv4", internalIpv4, "Internal network has IPv4")
+	flags.BoolVar(&internalIpv6, "internal-ipv6", internalIpv6, "Internal network has IPv6")
 	flags.StringVar(&watchNamespace, "watch-namespace", "", "Limits the functionality for pods, services and ingress to specific namespace, by default all")
 	flag.IntVar(&route53.MaxBatchSize, "route53-batch-size", route53.MaxBatchSize, "Maximum number of operations performed per changeset batch")
 	flag.StringVar(&metricsListen, "metrics-listen", "", "The address on which to listen for Prometheus metrics.")
@@ -85,6 +88,18 @@ func main() {
 	flags.AddGoFlagSet(flag.CommandLine)
 	flags.Parse(os.Args)
 
+	var internalRecordTypes []dns.RecordType
+	if internalIpv4 {
+		internalRecordTypes = append(internalRecordTypes, dns.RecordTypeA)
+	}
+	if internalIpv6 {
+		internalRecordTypes = append(internalRecordTypes, dns.RecordTypeAAAA)
+	}
+	if len(internalRecordTypes) == 0 {
+		klog.Errorf("must specify at least one of --internal-ipv4 or --internal-ipv6")
+		os.Exit(1)
+	}
+
 	if metricsListen != "" {
 		go func() {
 			http.Handle("/metrics", promhttp.Handler())
@@ -185,7 +200,7 @@ func main() {
 	}
 
 	// @step: initialize the watchers
-	if err := initializeWatchers(client, dnsController, watchNamespace, watchIngress); err != nil {
+	if err := initializeWatchers(client, dnsController, watchNamespace, watchIngress, internalRecordTypes); err != nil {
 		klog.Errorf("%s", err)
 		os.Exit(1)
 	}
@@ -195,10 +210,10 @@ func main() {
 }
 
 // initializeWatchers is responsible for creating the watchers
-func initializeWatchers(client kubernetes.Interface, dnsctl *dns.DNSController, namespace string, watchIngress bool) error {
+func initializeWatchers(client kubernetes.Interface, dnsctl *dns.DNSController, namespace string, watchIngress bool, internalRecordTypes []dns.RecordType) error {
 	klog.V(1).Infof("initializing the watch controllers, namespace: %q", namespace)
 
-	nodeController, err := watchers.NewNodeController(client, dnsctl)
+	nodeController, err := watchers.NewNodeController(client, dnsctl, internalRecordTypes)
 	if err != nil {
 		return fmt.Errorf("failed to initialize the node controller, error: %v", err)
 	}

diff --git a/dns-controller/pkg/watchers/node.go b/dns-controller/pkg/watchers/node.go
@@ -37,19 +37,26 @@ import (
 // Unlike other watchers, NodeController only creates alias records referenced by records from other controllers
 type NodeController struct {
 	util.Stoppable
-	client kubernetes.Interface
-	scope  dns.Scope
+	client   kubernetes.Interface
+	scope    dns.Scope
+	haveType map[dns.RecordType]bool
 }
 
 // NewNodeController creates a NodeController
-func NewNodeController(client kubernetes.Interface, dns dns.Context) (*NodeController, error) {
-	scope, err := dns.CreateScope("node")
+func NewNodeController(client kubernetes.Interface, dnsContext dns.Context, internalRecordTypes []dns.RecordType) (*NodeController, error) {
+	scope, err := dnsContext.CreateScope("node")
 	if err != nil {
 		return nil, fmt.Errorf("error building dns scope: %v", err)
 	}
+
 	c := &NodeController{
-		client: client,
-		scope:  scope,
+		client:   client,
+		scope:    scope,
+		haveType: map[dns.RecordType]bool{},
+	}
+
+	for _, recordType := range internalRecordTypes {
+		c.haveType[recordType] = true
 	}
 
 	return c, nil
@@ -155,6 +162,9 @@ func (c *NodeController) updateNodeRecords(node *v1.Node) string {
 		if utils.IsIPv6IP(a.Address) {
 			recordType = dns.RecordTypeAAAA
 		}
+		if !c.haveType[recordType] {
+			continue
+		}
 		records = append(records, dns.Record{
 			RecordType:  recordType,
 			FQDN:        "node/" + node.Name + "/internal",

diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go
@@ -478,6 +478,13 @@ func (tf *TemplateFunctions) DNSControllerArgv() ([]string, error) {
 			argv = append(argv, "--zone=*/"+zone)
 		}
 	}
+
+	if cluster.Spec.IsIPv6Only() {
+		argv = append(argv, "--internal-ipv6")
+	} else {
+		argv = append(argv, "--internal-ipv4")
+	}
+
 	// permit wildcard updates
 	argv = append(argv, "--zone=*/*")
 	// Verbose, but not crazy logging