Add workaround patch to strip "search ." from resolv.conf

* systemd adds "search ." to hosts /run/systemd/resolve/resolv.conf on hosts with a fqdn hostname * Kubelet v1.25 began propagating "search ." from the host node into containers' `/etc/resolv.conf` * musl-based DNS resolvers don't behave correctly when `search .` is used in their `/etc/resolv.conf`. This breaks Alpine images * Adapt the same workaround used by Openshift to strip the "search ." * This only applies to bare-metal Typhoon nodes (where hostnames are set to fqdn's), nodes on cloud platforms aren't affected in the Typhoon configuration Kubernetes tracking issue: kubernetes/kubernetes#112135 Rel: * systemd/systemd#17201 * kubernetes/kubernetes#109441 * coreos/fedora-coreos-tracker#1287 * openshift/okd-machine-os#159
elemental-lf · Aug 31, 2022 · 26a19b2 · 26a19b2
1 parent e8e7dab
commit 26a19b2
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -5,7 +5,8 @@ Notable changes between versions.
 ## Latest
 
 * Kubernetes [v1.25.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1250)
-  * Disable LocalStorageCapacityIsolationFSQuotaMonitoring feature gate ([#1220](https://github.com/poseidon/typhoon/pull/1220))
+  * Disable LocalStorageCapacityIsolationFSQuotaMonitoring feature gate ([#1220](https://github.com/poseidon/typhoon/pull/1220), fixes [kubernetes#112081](https://github.com/kubernetes/kubernetes/issues/112081))
+  * Add workaround to revert adding "search ." to containers' `/etc/resolv.conf` ([#1224](https://github.com/poseidon/typhoon/pull/1224), fixes [kubernetes#112135](https://github.com/kubernetes/kubernetes/issues/112135))
 * Migrate most Kubelet flags to KubeletConfiguration file ([#1219](https://github.com/poseidon/typhoon/pull/1219))
 * Configure Kubelet Graceful Node Shutdown ([#1222](https://github.com/poseidon/typhoon/pull/1222))
   * Allow up to 30s for critical pods to gracefully shutdown on node shutdown

diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml
@@ -159,6 +159,21 @@ systemd:
             $${KUBELET_IMAGE_URL}:$${KUBELET_IMAGE_TAG}
         ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
         ExecStartPost=-/usr/bin/podman stop bootstrap
+    - name: fix-resolv-conf-search.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Remove search . from /etc/resolv.conf
+        DefaultDependencies=no
+        Requires=systemd-resolved.service
+        After=systemd-resolved.service
+        BindsTo=systemd-resolved.service
+        [Service]
+        Type=oneshot
+        ExecStartPre=/usr/bin/sleep 5
+        ExecStart=/usr/bin/sed -i -e "s/^search .$//" /run/systemd/resolve/resolv.conf
+        [Install]
+        WantedBy=multi-user.target
 storage:
   directories:
     - path: /var/lib/etcd

diff --git a/bare-metal/fedora-coreos/kubernetes/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/butane/worker.yaml
@@ -109,6 +109,21 @@ systemd:
         PathExists=/etc/kubernetes/kubeconfig
         [Install]
         WantedBy=multi-user.target
+    - name: fix-resolv-conf-search.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Remove search . from /etc/resolv.conf
+        DefaultDependencies=no
+        Requires=systemd-resolved.service
+        After=systemd-resolved.service
+        BindsTo=systemd-resolved.service
+        [Service]
+        Type=oneshot
+        ExecStartPre=/usr/bin/sleep 5
+        ExecStart=/usr/bin/sed -i -e "s/^search .$//" /run/systemd/resolve/resolv.conf
+        [Install]
+        WantedBy=multi-user.target
 storage:
   directories:
     - path: /etc/kubernetes