configure CoreDNS for enabling subdomain style bucket access

Signed-off-by: Daniel Horak <[email protected]>
red-hat-storage · May 30, 2024 · 0bb87f5 · 0bb87f5
1 parent 22ffc07
commit 0bb87f5
Show file tree

Hide file tree

Showing 8 changed files with 246 additions and 1 deletion.
diff --git a/conf/README.md b/conf/README.md
@@ -146,6 +146,7 @@ anywhere else.
 * `sts_enabled` - Enable STS deployment functionality.
 * `metallb_operator` - Enable MetalLB operator installation during OCP deployment.
 * `multi_storagecluster` - Enable multi-storagecluster deployment when set to true.
+* `rgw_enable_virtual_host_style_access` - Access buckets with DNS subdomain style (Virtual host style) for RGW (default: `True`)
 
 #### REPORTING
 

diff --git a/ocs_ci/deployment/deployment.py b/ocs_ci/deployment/deployment.py
@@ -4,6 +4,7 @@
 """
 
 from copy import deepcopy
+import ipaddress
 import json
 import logging
 import os
@@ -103,6 +104,8 @@
 from ocs_ci.utility.deployment import (
     create_external_secret,
     get_and_apply_icsp_from_catalog,
+    get_coredns_container_image,
+    get_ocp_release_image_from_running_cluster,
 )
 from ocs_ci.utility.flexy import load_cluster_info
 from ocs_ci.utility import (
@@ -1537,6 +1540,78 @@ def deploy_ocs_via_operator(self, image=None):
                 f"{constants.NODE_SELECTOR_ANNOTATION}"
             )
 
+        # Access buckets with DNS subdomain style (Virtual host style) for RGW
+        self.configure_virtual_host_style_acess_for_rgw()
+
+    def configure_virtual_host_style_acess_for_rgw(self):
+        """
+        Enable access buckets with DNS subdomain style (Virtual host style) for RGW
+        """
+        if not config.DEPLOYMENT.get("rgw_enable_virtual_host_style_access"):
+            logging.info(
+                "Skipping configuration of access buckets with DNS subdomain style (Virtual host style) for RGW "
+                "because DEPLOYMENT.rgw_enable_virtual_host_style_access is set to false."
+            )
+            return
+        if config.ENV_DATA.get("platform") not in constants.ON_PREM_PLATFORMS:
+            logging.info(
+                "Skipping configuration of access buckets with DNS subdomain style (Virtual host style) for RGW "
+                f"because {config.ENV_DATA.get('platform')} platform is not between {constants.ON_PREM_PLATFORMS}"
+            )
+            return
+        logging.info(
+            "Configuring access buckets with DNS subdomain style (Virtual host style) for RGW"
+        )
+
+        release_image = get_ocp_release_image_from_running_cluster()
+        pull_secret_path = os.path.join(constants.DATA_DIR, "pull-secret")
+        coredns_image = get_coredns_container_image(release_image, pull_secret_path)
+        coredns_deployment = templating.load_yaml(constants.COREDNS_DEPLOYMENT_YAML)
+        coredns_deployment["spec"]["template"]["spec"]["containers"][0][
+            "image"
+        ] = coredns_image
+        coredns_deployment_yaml = tempfile.NamedTemporaryFile(
+            mode="w+", prefix="coredns_deployment", suffix=".yaml", delete=False
+        )
+        templating.dump_data_to_temp_yaml(
+            coredns_deployment, coredns_deployment_yaml.name
+        )
+
+        logger.info("Creating ConfigMap for CoreDNS")
+        exec_cmd(f"oc create -f {constants.COREDNS_CONFIGMAP_YAML}")
+        logger.info("Creating CoreDNS Deployment")
+        exec_cmd(f"oc create -f {coredns_deployment_yaml.name}")
+        logger.info("Creating CoreDNS Service")
+        exec_cmd(f"oc create -f {constants.COREDNS_SERVICE_YAML}")
+        # get dns ip
+        dns_ip = exec_cmd(
+            f"oc get -n {self.namespace} svc odf-dns -ojsonpath={{..clusterIP}}"
+        ).stdout.decode()
+        try:
+            ipaddress.IPv4Address(dns_ip)
+        except ipaddress.AddressValueError:
+            logger.error("Failed to obtain IP of odf-dns Service")
+            raise
+        logger.info(
+            f"Patching dns.operator/default to forward 'data.local' zone to {dns_ip}:53 (odf-dns Service)"
+        )
+        exec_cmd(
+            "oc patch dns.operator/default --type=merge --patch '"
+            '{"spec":{"servers":[{"forwardPlugin":{"upstreams":["'
+            f"{dns_ip}:53"
+            '"]},"name":"rook-dns","zones":["data.local"]'
+            "}]}}'"
+        )
+        logger.info(
+            "Patching storagecluster/ocs-storagecluster to allow virtualHostnames"
+        )
+        exec_cmd(
+            "oc patch -n openshift-storage storagecluster/ocs-storagecluster --type=merge --patch '"
+            '{"spec":{"managedResources":{"cephObjectStores":{"virtualHostnames":'
+            '["rgw.data.local","rook-ceph-rgw-ocs-storagecluster-cephobjectstore.openshift-storage.svc"]'
+            "}}}}'"
+        )
+
     def cleanup_pgsql_db(self):
         """
         Perform cleanup for noobaa external pgsql DB in case external pgsq is enabled.

diff --git a/ocs_ci/framework/conf/default_config.yaml b/ocs_ci/framework/conf/default_config.yaml
@@ -117,6 +117,8 @@ DEPLOYMENT:
   aws_cred_path: "~/.aws/credentials"
   # STS in CCO manual mode
   sts_enabled: false
+  # Access buckets with DNS subdomain style (Virtual host style) for RGW
+  rgw_enable_virtual_host_style_access: true
 
 
 

diff --git a/ocs_ci/ocs/constants.py b/ocs_ci/ocs/constants.py
@@ -889,6 +889,13 @@
     TEMPLATE_DEPLOYMENT_DIR, "multus-cluster-net.yaml"
 )
 
+# CoreDNS configuration
+COREDNS_CONFIGMAP_YAML = os.path.join(TEMPLATE_DEPLOYMENT_DIR, "coredns-configmap.yaml")
+COREDNS_DEPLOYMENT_YAML = os.path.join(
+    TEMPLATE_DEPLOYMENT_DIR, "coredns-deployment.yaml"
+)
+COREDNS_SERVICE_YAML = os.path.join(TEMPLATE_DEPLOYMENT_DIR, "coredns-service.yaml")
+
 OPERATOR_SOURCE_NAME = "ocs-operatorsource"
 
 OPERATOR_SOURCE_SECRET_NAME = "ocs-operatorsource-secret"

diff --git a/ocs_ci/templates/ocs-deployment/coredns-configmap.yaml b/ocs_ci/templates/ocs-deployment/coredns-configmap.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: odf-dns
+  namespace: openshift-storage
+data:
+  Corefile: |
+    .:5353 {
+        errors
+        health {
+            lameduck 20s
+        }
+        log . {
+             class all
+        }
+        ready
+        file /etc/coredns/odf data.local in-addr.arpa ip6.arpa {
+            reload 30s
+        }
+        prometheus 127.0.0.1:9153
+        forward . /etc/resolv.conf {
+            policy sequential
+        }
+        cache 900
+        reload
+    }
+  odf: |
+    @ 3600 IN SOA ns.data.local. admin.data.local. (
+      2021041600 ; Serial
+      3600       ; Refresh
+      600        ; Retry
+      604800     ; Expire
+      600 )      ; Negative Cache TTL
+
+    s3      60 IN CNAME s3.openshift-storage.svc.cluster.local.
+    *.s3    60 IN CNAME s3.openshift-storage.svc.cluster.local.
+    rgw     60 IN CNAME rook-ceph-rgw-ocs-storagecluster-cephobjectstore.openshift-storage.svc.cluster.local.
+    *.rgw   60 IN CNAME rook-ceph-rgw-ocs-storagecluster-cephobjectstore.openshift-storage.svc.cluster.local.
diff --git a/ocs_ci/templates/ocs-deployment/coredns-deployment.yaml b/ocs_ci/templates/ocs-deployment/coredns-deployment.yaml
@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: odf-dns
+  namespace: openshift-storage
+  labels:
+    app: odf-dns
+spec:
+  selector:
+    matchLabels:
+      app: odf-dns
+  template:
+    metadata:
+      namespace: openshift-storage
+      labels:
+        app: odf-dns
+    spec:
+      containers:
+        - args:
+            - -conf
+            - /etc/coredns/Corefile
+          command:
+            - coredns
+          image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:16f82af39788414dcd7f889b5ee7e07bdc9760ee3d0320c65dcfe14d1f6786ce
+          imagePullPolicy: IfNotPresent
+          name: odf-dns
+          ports:
+            - containerPort: 5353
+              name: dns
+              protocol: UDP
+            - containerPort: 5353
+              name: dns-tcp
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 50m
+              memory: 70Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /etc/coredns
+              name: config-volume
+              readOnly: true
+      nodeSelector:
+        kubernetes.io/os: linux
+      preemptionPolicy: PreemptLowerPriority
+      priority: 2000001000
+      priorityClassName: system-node-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      serviceAccount: rook-ceph-system
+      serviceAccountName: rook-ceph-system
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - configMap:
+            name: odf-dns
+          name: config-volume
diff --git a/ocs_ci/templates/ocs-deployment/coredns-service.yaml b/ocs_ci/templates/ocs-deployment/coredns-service.yaml
@@ -0,0 +1,24 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: odf-dns
+  namespace: openshift-storage
+  labels:
+    app: odf-dns
+spec:
+  type: ClusterIP
+  selector:
+    app: odf-dns
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: dns
+    port: 53
+    protocol: UDP
+    targetPort: dns
+  - name: dns-tcp
+    port: 53
+    protocol: TCP
+    targetPort: dns-tcp
diff --git a/ocs_ci/utility/deployment.py b/ocs_ci/utility/deployment.py
@@ -11,7 +11,7 @@
 import requests
 
 from ocs_ci.framework import config
-from ocs_ci.ocs import constants
+from ocs_ci.ocs import constants, ocp
 from ocs_ci.ocs.exceptions import ExternalClusterDetailsException
 from ocs_ci.utility import templating
 from ocs_ci.utility.utils import (
@@ -200,3 +200,37 @@ def get_ocp_release_image_from_installer():
     for line in proc.stdout.decode().split("\n"):
         if "release image" in line:
             return line.split(" ")[2].strip()
+
+
+def get_ocp_release_image_from_running_cluster():
+    """
+    Return the OCP release image from ClusterVersion
+
+    Returns:
+         str: The OCP release image from ClusterVersion
+
+    """
+
+    ocp_cluster = ocp.OCP(
+        kind="",
+        resource_name="clusterversion",
+    )
+    return ocp_cluster.get()["items"][0]["status"]["desired"]["image"]
+
+
+def get_coredns_container_image(release_image, pull_secret_path):
+    """
+    Obtain the CoreDNS container image from the OCP release image.
+
+    Args:
+        release_image (str): Release image from the openshift installer
+        pull_secret_path (str): Path to the pull secret
+
+    Returns:
+        str: CoreDNS container image
+
+    """
+    logger.info("Obtaining the CoreDNS container image from the OCP release image")
+    cmd = f"oc adm release info --image-for='coredns' {release_image} -a {pull_secret_path}"
+    result = exec_cmd(cmd)
+    return result.stdout.decode().strip()