diff --git a/hack/release.toml b/hack/release.toml index e74381316c..6673156a7a 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -31,6 +31,23 @@ Talos is built with Go 1.22.3. description = """\ Talos Linux now compresses kernel and initramfs using ZSTD. Linux arm64 kernel is now compressed (previously it was uncompressed). +""" + + [notes.forward-kube-dns-to-host] + title = "DNS Forwarding for CoreDNS pods" + description = """\ +Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it +with: + +```yaml +machine: + features: + hostDNS: + enabled: true + forwardKubeDNSToHost: false +``` + +Please note that on running cluster you will have to kill CoreDNS pods for this change to apply. """ [make_deps] diff --git a/pkg/machinery/config/contract.go b/pkg/machinery/config/contract.go index d23a296b34..ae944f756d 100644 --- a/pkg/machinery/config/contract.go +++ b/pkg/machinery/config/contract.go @@ -149,3 +149,8 @@ func (contract *VersionContract) UseRSAServiceAccountKey() bool { func (contract *VersionContract) ClusterNameForWorkers() bool { return contract.Greater(TalosVersion1_7) } + +// HostDNSForwardKubeDNSToHost returns true if version of Talos forces host dns router to be used as upstream for Kubernetes CoreDNS pods. +func (contract *VersionContract) HostDNSForwardKubeDNSToHost() bool { + return contract.Greater(TalosVersion1_7) +} diff --git a/pkg/machinery/config/contract_test.go b/pkg/machinery/config/contract_test.go index 87c71978ca..fd36544462 100644 --- a/pkg/machinery/config/contract_test.go +++ b/pkg/machinery/config/contract_test.go @@ -61,6 +61,7 @@ func TestContractCurrent(t *testing.T) { assert.True(t, contract.HostDNSEnabled()) assert.True(t, contract.UseRSAServiceAccountKey()) assert.True(t, contract.ClusterNameForWorkers()) + assert.True(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_8(t *testing.T) { @@ -81,6 +82,7 @@ func TestContract1_8(t *testing.T) { assert.True(t, contract.HostDNSEnabled()) assert.True(t, contract.UseRSAServiceAccountKey()) assert.True(t, contract.ClusterNameForWorkers()) + assert.True(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_7(t *testing.T) { @@ -101,6 +103,7 @@ func TestContract1_7(t *testing.T) { assert.True(t, contract.HostDNSEnabled()) assert.True(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_6(t *testing.T) { @@ -121,6 +124,7 @@ func TestContract1_6(t *testing.T) { assert.False(t, contract.HostDNSEnabled()) assert.False(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_5(t *testing.T) { @@ -141,6 +145,7 @@ func TestContract1_5(t *testing.T) { assert.False(t, contract.HostDNSEnabled()) assert.False(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_4(t *testing.T) { @@ -161,6 +166,7 @@ func TestContract1_4(t *testing.T) { assert.False(t, contract.HostDNSEnabled()) assert.False(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_3(t *testing.T) { @@ -181,6 +187,7 @@ func TestContract1_3(t *testing.T) { assert.False(t, contract.HostDNSEnabled()) assert.False(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_2(t *testing.T) { @@ -201,6 +208,7 @@ func TestContract1_2(t *testing.T) { assert.False(t, contract.HostDNSEnabled()) assert.False(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_1(t *testing.T) { @@ -221,6 +229,7 @@ func TestContract1_1(t *testing.T) { assert.False(t, contract.HostDNSEnabled()) assert.False(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } func TestContract1_0(t *testing.T) { @@ -241,4 +250,5 @@ func TestContract1_0(t *testing.T) { assert.False(t, contract.HostDNSEnabled()) assert.False(t, contract.UseRSAServiceAccountKey()) assert.False(t, contract.ClusterNameForWorkers()) + assert.False(t, contract.HostDNSForwardKubeDNSToHost()) } diff --git a/pkg/machinery/config/generate/init.go b/pkg/machinery/config/generate/init.go index d81c0d706e..0f7a95e375 100644 --- a/pkg/machinery/config/generate/init.go +++ b/pkg/machinery/config/generate/init.go @@ -96,7 +96,7 @@ func (in *Input) init() ([]config.Document, error) { if in.Options.VersionContract.HostDNSEnabled() { machine.MachineFeatures.HostDNSSupport = &v1alpha1.HostDNSConfig{ HostDNSEnabled: pointer.To(true), - HostDNSForwardKubeDNSToHost: in.Options.HostDNSForwardKubeDNSToHost.Ptr(), + HostDNSForwardKubeDNSToHost: ptrOrNil(in.Options.HostDNSForwardKubeDNSToHost.ValueOrZero() || in.Options.VersionContract.HostDNSForwardKubeDNSToHost()), } } @@ -229,3 +229,11 @@ func (in *Input) init() ([]config.Document, error) { return []config.Document{v1alpha1Config}, nil } + +func ptrOrNil(b bool) *bool { + if b { + return &b + } + + return nil +} diff --git a/pkg/machinery/config/generate/worker.go b/pkg/machinery/config/generate/worker.go index ca7a443fa8..35fcbff0c5 100644 --- a/pkg/machinery/config/generate/worker.go +++ b/pkg/machinery/config/generate/worker.go @@ -97,7 +97,7 @@ func (in *Input) worker() ([]config.Document, error) { if in.Options.VersionContract.HostDNSEnabled() { machine.MachineFeatures.HostDNSSupport = &v1alpha1.HostDNSConfig{ HostDNSEnabled: pointer.To(true), - HostDNSForwardKubeDNSToHost: in.Options.HostDNSForwardKubeDNSToHost.Ptr(), + HostDNSForwardKubeDNSToHost: ptrOrNil(in.Options.HostDNSForwardKubeDNSToHost.ValueOrZero() || in.Options.VersionContract.HostDNSForwardKubeDNSToHost()), } } diff --git a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-controlplane.yaml b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-controlplane.yaml index 5df40c88a5..1558053d99 100644 --- a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-controlplane.yaml +++ b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-controlplane.yaml @@ -25,6 +25,7 @@ machine: port: 7445 hostDNS: enabled: true + forwardKubeDNSToHost: true cluster: id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w= secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic= diff --git a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-worker.yaml b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-worker.yaml index 74fa2f80b0..2a65ad232f 100644 --- a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-worker.yaml +++ b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/base-worker.yaml @@ -25,6 +25,7 @@ machine: port: 7445 hostDNS: enabled: true + forwardKubeDNSToHost: true cluster: id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w= secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic= diff --git a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-controlplane.yaml b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-controlplane.yaml index f25edb226d..c295152415 100644 --- a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-controlplane.yaml +++ b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-controlplane.yaml @@ -44,6 +44,7 @@ machine: port: 7445 hostDNS: enabled: true + forwardKubeDNSToHost: true cluster: id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w= secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic= diff --git a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-worker.yaml b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-worker.yaml index d4a8a6509d..125e898ec1 100644 --- a/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-worker.yaml +++ b/pkg/machinery/config/types/v1alpha1/testdata/stability/v1.8/overrides-worker.yaml @@ -44,6 +44,7 @@ machine: port: 7445 hostDNS: enabled: true + forwardKubeDNSToHost: true cluster: id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w= secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=