Skip to content

Commit 86c54da

Browse files
bmcelveebmcelvee
authored
Merge pull request #33237 from bmcelvee/OSDOCS-2221
OSDOCS-2221: Add procedure for controlling DNS pod placement
2 parents 2fe7edd + 84e3900 commit 86c54da

File tree

2 files changed

+63
-0
lines changed

2 files changed

+63
-0
lines changed

modules/nw-controlling-dns-pod-placement.adoc

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * networking/dns-operator.adoc
4+
5+
[id="nw-controlling-dns-pod-placement_{context}"]
6+
= Controlling DNS pod placement
7+
8+
The DNS Operator has two daemon sets: one for CoreDNS and one for managing the `/etc/hosts` file. The daemon set for `/etc/hosts` must run on every node host to add an entry for the cluster image registry to support pulling images. Security policies can prohibit communication between pairs of nodes, which prevents the daemon set for CoreDNS from running on every node.
9+
10+
As a cluster administrator, you can use a custom node selector to configure the daemon set for CoreDNS to run or not run on certain nodes.
11+
12+
13+
.Prerequisites
14+
15+
* You installed the `oc` CLI.
16+
* You are logged in to the cluster with a user with `cluster-admin` privileges.
17+
18+
.Procedure
19+
20+
* To prevent communication between certain nodes, configure the `spec.nodePlacement.nodeSelector` API field:
21+
22+
. Modify the DNS Operator object named `default`:
23+
+
24+
[source, terminal]
25+
----
26+
$ oc edit dns.operator/default
27+
----
28+
+
29+
. Specify a node selector that includes only control plane nodes in the `spec.nodePlacement.nodeSelector` API field:
30+
+
31+
[source,yaml]
32+
----
33+
spec:
34+
nodePlacement:
35+
nodeSelector:
36+
node-role.kubernetes.io/worker: ""
37+
----
38+
39+
* To allow the daemon set for CoreDNS to run on nodes, configure a taint and toleration:
40+
+
41+
. Modify the DNS Operator object named `default`:
42+
+
43+
[source,terminal]
44+
----
45+
$ oc edit dns.operator/default
46+
----
47+
+
48+
. Specify a taint key and a toleration for the taint:
49+
+
50+
[source,yaml]
51+
----
52+
spec:
53+
nodePlacement:
54+
tolerations:
55+
- effect: NoExecute
56+
key: "dns-only"
57+
operators: Equal
58+
value: abc
59+
tolerationSeconds: 3600 <1>
60+
----
61+
<1> If the taint is `dns-only`, it can be tolerated indefinitely. You can omit `tolerationSeconds`.

networking/dns-operator.adoc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@ OpenShift.
1111

1212
include::modules/nw-dns-operator.adoc[leveloffset=+1]
1313

14+
include::modules/nw-controlling-dns-pod-placement.adoc[leveloffset=+1]
15+
1416
include::modules/nw-dns-view.adoc[leveloffset=+1]
1517

1618
include::modules/nw-dns-forward.adoc[leveloffset=+1]

0 commit comments

Comments
 (0)