Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation for domain-name of custom dhcp options used in VPCs #615

Closed
plkokanov opened this issue Sep 21, 2022 · 0 comments · Fixed by #644
Closed

Add validation for domain-name of custom dhcp options used in VPCs #615

plkokanov opened this issue Sep 21, 2022 · 0 comments · Fixed by #644
Labels
area/ops-productivity Operator productivity related (how to improve operations) area/quality Output qualification (tests, checks, scans, automation in general, etc.) related kind/bug Bug platform/aws Amazon web services platform/infrastructure status/closed Issue is closed (either delivered or triaged)

Comments

@plkokanov
Copy link

How to categorize this issue?

/area ops-productivity
/area quality
/kind bug
/platform aws

What would you like to be added:
Extend the infrastructure config validator so that it also checks if a VPC's dhcp options set domain-name key has the correct value corresponding to the region where the nodes are created. The correct value for the domain-name for the us-east-1 is ec2.internal

Why is this needed:
When users specify a VPC ID in the shoot spec, the referenced VPC can use custom dhcp options. The domain-name value inside these options could be missing which leads to the following problem: kubernetes/cloud-provider-aws#384

An incorrect dhcp options would look like this:

{
    "DhcpOptions": [
        {
            "DhcpConfigurations": [
                {
                    "Key": "domain-name-servers",
                    "Values": [
                        {
                            "Value": "AmazonProvidedDNS"
                        }
                    ]
                }
            ],
            "DhcpOptionsId": "dopt-546be43d",
            "OwnerId": "008447767675",
            "Tags": []
        }
    ]
}

A correct one would look like this:

{
    "DhcpOptions": [
        {
            "DhcpConfigurations": [
                {
                    "Key": "domain-name",
                    "Values": [
                        {
                            "Value": "us-west-2.compute.internal"
                        }
                    ]
                },
                {
                    "Key": "domain-name-servers",
                    "Values": [
                        {
                            "Value": "AmazonProvidedDNS"
                        }
                    ]
                }
            ],
            "DhcpOptionsId": "dopt-546be43d",
            "OwnerId": "008447767675",
            "Tags": []
        }
    ]
}

Additionally, when setting the domain-name key field to some non-default value (e.g. compute.custom) a similar problem appears - the nodes will be created in the cluster with names like ip-10-180-25-59.custom.domain, however the Private IP DNS name in the instance resource on AWS side will still be with a default value - ip-10-180-29-19.eu-west-2.compute.internal and the machines will again fail to join the cluster.

The dhcp options id can be retrieved from the VPC's DhcpOptionsId field.

The validation that we introduce could be only temporary depending on whether/how/if kubernetes/cloud-provider-aws#384 will be fixed
@gardener-robot gardener-robot added area/ops-productivity Operator productivity related (how to improve operations) area/quality Output qualification (tests, checks, scans, automation in general, etc.) related kind/bug Bug platform/aws Amazon web services platform/infrastructure labels Sep 21, 2022
@AleksandarSavchev AleksandarSavchev mentioned this issue Nov 11, 2022
Merged
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Dec 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ops-productivity Operator productivity related (how to improve operations) area/quality Output qualification (tests, checks, scans, automation in general, etc.) related kind/bug Bug platform/aws Amazon web services platform/infrastructure status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
2 participants
@plkokanov @gardener-robot