AWS Custom-DNS: Update services that run on control plane nodes

sadasu · sadasu · commit 34ca4700986c · 2025-03-21T13:51:51.000-04:00
New `update-dns-server` script that adds DNS resolvers to
/etc/NetworkManager/conf.d/dns-servers.conf. The script adds
the host's own IP address and the cloud metadata server's IP
address to the conf file. These would then get added to the
local resolv.conf by NetworkManager.
This script is run as part of aws-update-dns.service
This service runs when the DNSType on the AWS platform
is set to "ClusterHosted".
diff --git a/templates/common/aws/files/usr-local-bin-update-dns-server.yaml b/templates/common/aws/files/usr-local-bin-update-dns-server.yaml
@@ -0,0 +1,25 @@
+mode: 0755
+path: "/usr/local/bin/update-dns-server"
+contents:
+  inline: |
+    #!/bin/bash
+    # For AWS, updating the NetworkManager configuration file to
+    # include the IP address of the local node as the default DNS
+    # resolver when UserProvisionedDNS is enabled.
+    # A CoreDNS static pod running on the node is responsible for
+    # resolving the api, api-int and *.apps URLs.
+
+    mkdir -p /etc/NetworkManager/conf.d
+
+    cat <<EOF | tee /etc/NetworkManager/conf.d/dns-servers.conf
+    # Added by OpenShift
+    [global-dns-domain-*]
+    servers=$(ip --json route get 8.8.8.8 | jq -r ".[0].prefsrc"),169.254.169.254
+    EOF
+
+    # network manager may already be running at this point.
+    # reload to update /etc/resolv.conf with this configuration
+    nmcli general reload conf
+    nmcli general reload dns-rc
+
+    echo "Done updating dns-server.conf"
diff --git a/templates/common/aws/units/aws-update-dns.service.yaml b/templates/common/aws/units/aws-update-dns.service.yaml
@@ -0,0 +1,19 @@
+name: aws-update-dns.service
+enabled: {{if and (eq .Infra.Status.PlatformStatus.Type "AWS") (.Infra.Status.PlatformStatus.AWS) (.Infra.Status.PlatformStatus.AWS.CloudLoadBalancerConfig) (eq .Infra.Status.PlatformStatus.AWS.CloudLoadBalancerConfig.DNSType "ClusterHosted") }}true{{else}}false{{end}}
+contents: |
+  [Unit]
+  Description=Update Default AWS Resolver
+  # We don't need to do this on the firstboot
+  After=firstboot-osupdate.target
+  # Wait for NetworkManager to report it's online
+  After=NetworkManager-wait-online.service
+  # Run before kubelet
+  Before=kubelet-dependencies.target
+
+  [Service]
+  Type=oneshot
+  RemainAfterExit=yes
+  ExecStart=/usr/local/bin/update-dns-server
+
+  [Install]
+  RequiredBy=kubelet-dependencies.target
