Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cni: fix regression in falling back to DNS owned by dockerd #20189

Merged
merged 1 commit into from
Mar 22, 2024
Merged

cni: fix regression in falling back to DNS owned by dockerd #20189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/20189.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
cni: Fixed a regression where default DNS set by `dockerd` or other task drivers was not respected
```
13 changes: 8 additions & 5 deletions client/allocrunner/networking_cni.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,12 +184,15 @@ func (c *cniNetworkConfigurator) cniToAllocNet(res *cni.Result) (*structs.AllocN

}

// Use the first DNS results.
// Use the first DNS results, if non-empty
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe not the best place for this, but it may be useful to have a place listing the multitude of possibilities for DNS config sources 😅

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah agreed... we're missing a DNS section of our Networking docs. That'd be a good place to describe how all that works. Once I've made some more progress on tproxy DNS I'll see about whipping that up.

if len(res.DNS) > 0 {
netStatus.DNS = &structs.DNSConfig{
Servers: res.DNS[0].Nameservers,
Searches: res.DNS[0].Search,
Options: res.DNS[0].Options,
cniDNS := res.DNS[0]
if len(cniDNS.Nameservers) > 0 {
netStatus.DNS = &structs.DNSConfig{
Servers: cniDNS.Nameservers,
Searches: cniDNS.Search,
Options: cniDNS.Options,
}
}
}

Expand Down
18 changes: 10 additions & 8 deletions client/allocrunner/networking_cni_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,11 @@ import (
"testing"

"github.com/containerd/go-cni"
"github.com/containernetworking/cni/pkg/types"
"github.com/hashicorp/nomad/ci"
"github.com/hashicorp/nomad/helper/testlog"
"github.com/shoenig/test"
"github.com/shoenig/test/must"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

Expand Down Expand Up @@ -148,9 +149,8 @@ func TestCNI_cniToAllocNet_NoInterfaces(t *testing.T) {
func TestCNI_cniToAllocNet_Fallback(t *testing.T) {
ci.Parallel(t)

// Calico's CNI plugin v3.12.3 has been observed to return the
// following:
cniResult := &cni.Result{
// Calico's CNI plugin v3.12.3 has been observed to return the following:
Interfaces: map[string]*cni.Config{
"cali39179aa3-74": {},
"eth0": {
Expand All @@ -161,18 +161,20 @@ func TestCNI_cniToAllocNet_Fallback(t *testing.T) {
},
},
},
// cni.Result will return a single empty struct, not an empty slice
DNS: []types.DNS{{}},
}

// Only need a logger
c := &cniNetworkConfigurator{
logger: testlog.HCLogger(t),
}
allocNet, err := c.cniToAllocNet(cniResult)
require.NoError(t, err)
require.NotNil(t, allocNet)
assert.Equal(t, "192.168.135.232", allocNet.Address)
assert.Equal(t, "eth0", allocNet.InterfaceName)
assert.Nil(t, allocNet.DNS)
must.NoError(t, err)
must.NotNil(t, allocNet)
test.Eq(t, "192.168.135.232", allocNet.Address)
test.Eq(t, "eth0", allocNet.InterfaceName)
test.Nil(t, allocNet.DNS)
}

// TestCNI_cniToAllocNet_Invalid asserts an error is returned if a CNI plugin
Expand Down
86 changes: 44 additions & 42 deletions client/allocrunner/taskrunner/task_runner_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2935,41 +2935,39 @@ func TestTaskRunner_IdentityHook_Disabled(t *testing.T) {
func TestTaskRunner_AllocNetworkStatus(t *testing.T) {
ci.Parallel(t)

// Mock task with group network
alloc1 := mock.Alloc()
task1 := alloc1.Job.TaskGroups[0].Tasks[0]
alloc1.AllocatedResources.Shared.Networks = []*structs.NetworkResource{
{
Device: "eth0",
IP: "192.168.0.100",
DNS: &structs.DNSConfig{
Servers: []string{"1.1.1.1", "8.8.8.8"},
Searches: []string{"test.local"},
Options: []string{"ndots:1"},
},
ReservedPorts: []structs.Port{{Label: "admin", Value: 5000}},
DynamicPorts: []structs.Port{{Label: "http", Value: 9876}},
}}
task1.Driver = "mock_driver"
task1.Config = map[string]interface{}{"run_for": "2s"}

// Mock task with task networking only
alloc2 := mock.Alloc()
task2 := alloc2.Job.TaskGroups[0].Tasks[0]
task2.Driver = "mock_driver"
task2.Config = map[string]interface{}{"run_for": "2s"}
alloc := mock.Alloc()
task := alloc.Job.TaskGroups[0].Tasks[0]
task.Driver = "mock_driver"
task.Config = map[string]interface{}{"run_for": "2s"}

groupNetworks := []*structs.NetworkResource{{
Device: "eth0",
IP: "192.168.0.100",
DNS: &structs.DNSConfig{
Servers: []string{"1.1.1.1", "8.8.8.8"},
Searches: []string{"test.local"},
Options: []string{"ndots:1"},
},
ReservedPorts: []structs.Port{{Label: "admin", Value: 5000}},
DynamicPorts: []structs.Port{{Label: "http", Value: 9876}},
}}

groupNetworksWithoutDNS := []*structs.NetworkResource{{
Device: "eth0",
IP: "192.168.0.100",
ReservedPorts: []structs.Port{{Label: "admin", Value: 5000}},
DynamicPorts: []structs.Port{{Label: "http", Value: 9876}},
}}

testCases := []struct {
name string
alloc *structs.Allocation
task *structs.Task
fromCNI *structs.DNSConfig
expect *drivers.DNSConfig
name string
networks []*structs.NetworkResource
fromCNI *structs.DNSConfig
expect *drivers.DNSConfig
}{
{
name: "task with group networking overrides CNI",
alloc: alloc1,
task: task1,
name: "task with group networking overrides CNI",
networks: groupNetworks,
fromCNI: &structs.DNSConfig{
Servers: []string{"10.37.105.17"},
Searches: []string{"node.consul"},
Expand All @@ -2982,9 +2980,7 @@ func TestTaskRunner_AllocNetworkStatus(t *testing.T) {
},
},
{
name: "task with CNI alone",
alloc: alloc2,
task: task1,
name: "task with CNI alone",
fromCNI: &structs.DNSConfig{
Servers: []string{"10.37.105.17"},
Searches: []string{"node.consul"},
Expand All @@ -2997,20 +2993,23 @@ func TestTaskRunner_AllocNetworkStatus(t *testing.T) {
},
},
{
name: "task with group networking alone",
alloc: alloc1,
task: task1,
fromCNI: nil,
name: "task with group networking alone wth DNS",
networks: groupNetworks,
fromCNI: nil,
expect: &drivers.DNSConfig{
Servers: []string{"1.1.1.1", "8.8.8.8"},
Searches: []string{"test.local"},
Options: []string{"ndots:1"},
},
},
{
name: "task without group networking",
alloc: alloc2,
task: task2,
name: "task with group networking and no CNI dns",
networks: groupNetworksWithoutDNS,
fromCNI: &structs.DNSConfig{},
expect: &drivers.DNSConfig{},
},
{
name: "task without group networking or CNI",
fromCNI: nil,
expect: nil,
},
Expand All @@ -3019,7 +3018,10 @@ func TestTaskRunner_AllocNetworkStatus(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {

conf, cleanup := testTaskRunnerConfig(t, tc.alloc, tc.task.Name, nil)
testAlloc := alloc.Copy()
testAlloc.AllocatedResources.Shared.Networks = tc.networks

conf, cleanup := testTaskRunnerConfig(t, testAlloc, task.Name, nil)
t.Cleanup(cleanup)

// note this will never actually be set if we don't have group/CNI
Expand Down
Loading