add support for auto detecting cluster domain

Ye Ji · Ye Ji · commit 59d0f4bccc9d · 2022-05-05T14:11:47.000-04:00
Previously, the cluster domain is hardcoded
to `cluster.local`.

This PR adds support for auto detecting
the domain by running a DNS query.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,9 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 # [Unreleased](https://github.com/cockroachdb/cockroach-operator/compare/v2.6.0...master)
 
+## Changed
+* Cluster domain for cert generation is now autodetected by running a DNS query
+
 ## Fixed
 
 * Grant operator deletecollection permissions to fix fullcluster restart flow
diff --git a/pkg/resource/BUILD.bazel b/pkg/resource/BUILD.bazel
@@ -28,6 +28,7 @@ go_library(
         "//pkg/labels:go_default_library",
         "//pkg/ptr:go_default_library",
         "//pkg/security:go_default_library",
+        "//pkg/util:go_default_library",
         "//pkg/utilfeature:go_default_library",
         "@com_github_cockroachdb_errors//:go_default_library",
         "@com_github_go_logr_logr//:go_default_library",
diff --git a/pkg/resource/cluster.go b/pkg/resource/cluster.go
@@ -18,6 +18,7 @@ package resource
 
 import (
 	"fmt"
+	"github.com/cockroachdb/cockroach-operator/pkg/util"
 	"os"
 	"strings"
 	"time"
@@ -300,7 +301,7 @@ func (cluster Cluster) CASecretName() string {
 }
 
 func (cluster Cluster) Domain() string {
-	return "svc.cluster.local"
+	return fmt.Sprintf("svc.%s", util.GetClusterDomain())
 }
 
 func (cluster Cluster) SecureMode() string {
diff --git a/pkg/resource/webhook_certificates.go b/pkg/resource/webhook_certificates.go
@@ -19,6 +19,7 @@ package resource
 import (
 	"context"
 	"fmt"
+	"github.com/cockroachdb/cockroach-operator/pkg/util"
 
 	"github.com/cockroachdb/cockroach-operator/pkg/security"
 	"github.com/cockroachdb/errors"
@@ -97,7 +98,7 @@ func CreateWebhookCertificate(ctx context.Context, api SecretsInterface, ns stri
 		webhookService,
 		fmt.Sprintf("%s.%s", webhookService, ns),
 		fmt.Sprintf("%s.%s.svc", webhookService, ns),
-		fmt.Sprintf("%s.%s.svc.cluster.local", webhookService, ns),
+		fmt.Sprintf("%s.%s.svc.%s", webhookService, ns, util.GetClusterDomain()),
 	))
 
 	if err != nil {
diff --git a/pkg/util/BUILD.bazel b/pkg/util/BUILD.bazel
@@ -4,6 +4,7 @@ go_library(
     name = "go_default_library",
     srcs = [
         "api_kind_checker.go",
+        "cluster_domain.go",
         "tmp_dir.go",
     ],
     importpath = "github.com/cockroachdb/cockroach-operator/pkg/util",
diff --git a/pkg/util/cluster_domain.go b/pkg/util/cluster_domain.go
@@ -0,0 +1,28 @@
+package util
+
+import (
+	"context"
+	"net"
+	"time"
+)
+
+
+var clusterDomain = "cluster.local"
+
+func init() {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	const host = "kubernetes.default.svc"
+	cname, err := net.DefaultResolver.LookupCNAME(ctx, host)
+	if err == nil {
+		clusterDomain = cname[len(host)+1:len(cname)-1]
+	}
+}
+
+// GetClusterDomain returns the cluster domain of the k8s cluster.
+// It is auto-detected by running a DNS query when the controller starts up.
+// It defaults to "cluster.local" if we cannot determine the domain.
+func GetClusterDomain() string {
+	return clusterDomain
+}

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ package resource`
`18`	`18`
`19`	`19`	`import (`
`20`	`20`	`"fmt"`
	`21`	`+ "github.com/cockroachdb/cockroach-operator/pkg/util"`
`21`	`22`	`"os"`
`22`	`23`	`"strings"`
`23`	`24`	`"time"`
`@@ -300,7 +301,7 @@ func (cluster Cluster) CASecretName() string {`
`300`	`301`	`}`
`301`	`302`
`302`	`303`	`func (cluster Cluster) Domain() string {`
`303`		`- return "svc.cluster.local"`
	`304`	`+ return fmt.Sprintf("svc.%s", util.GetClusterDomain())`
`304`	`305`	`}`
`305`	`306`
`306`	`307`	`func (cluster Cluster) SecureMode() string {`