add support for auto detecting cluster domain

Previously, the cluster domain is hardcoded
to `cluster.local`.

This PR adds support for auto detecting
the domain by running a DNS query.

Author: Ye Ji

CHANGELOG.md

@@ -7,6 +7,9 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 # [Unreleased](https://github.com/cockroachdb/cockroach-operator/compare/v2.6.0...master)
 
+## Changed
+* Cluster domain for cert generation is now autodetected by running a DNS query
+
 ## Fixed
 
 * Grant operator deletecollection permissions to fix fullcluster restart flow

pkg/resource/BUILD.bazel

@@ -28,6 +28,7 @@ go_library(
         "//pkg/labels:go_default_library",
         "//pkg/ptr:go_default_library",
         "//pkg/security:go_default_library",
+        "//pkg/util:go_default_library",
         "//pkg/utilfeature:go_default_library",
         "@com_github_cockroachdb_errors//:go_default_library",
         "@com_github_go_logr_logr//:go_default_library",

pkg/resource/cluster.go

@@ -18,6 +18,7 @@ package resource
 
 import (
 	"fmt"
+	"github.com/cockroachdb/cockroach-operator/pkg/util"
 	"os"
 	"strings"
 	"time"
@@ -300,7 +301,7 @@ func (cluster Cluster) CASecretName() string {
 }
 
 func (cluster Cluster) Domain() string {
-	return "svc.cluster.local"
+	return fmt.Sprintf("svc.%s", util.GetClusterDomain())
 }
 
 func (cluster Cluster) SecureMode() string {

pkg/resource/webhook_certificates.go

@@ -19,6 +19,7 @@ package resource
 import (
 	"context"
 	"fmt"
+	"github.com/cockroachdb/cockroach-operator/pkg/util"
 
 	"github.com/cockroachdb/cockroach-operator/pkg/security"
 	"github.com/cockroachdb/errors"
@@ -97,7 +98,7 @@ func CreateWebhookCertificate(ctx context.Context, api SecretsInterface, ns stri
 		webhookService,
 		fmt.Sprintf("%s.%s", webhookService, ns),
 		fmt.Sprintf("%s.%s.svc", webhookService, ns),
-		fmt.Sprintf("%s.%s.svc.cluster.local", webhookService, ns),
+		fmt.Sprintf("%s.%s.svc.%s", webhookService, ns, util.GetClusterDomain()),
 	))
 
 	if err != nil {

pkg/util/BUILD.bazel

@@ -4,6 +4,7 @@ go_library(
     name = "go_default_library",
     srcs = [
         "api_kind_checker.go",
+        "cluster_domain.go",
         "tmp_dir.go",
     ],
     importpath = "github.com/cockroachdb/cockroach-operator/pkg/util",

pkg/util/cluster_domain.go

@@ -0,0 +1,44 @@
+/*
+Copyright 2022 The Cockroach Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"context"
+	"net"
+	"time"
+)
+
+
+var clusterDomain = "cluster.local"
+
+func init() {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	const host = "kubernetes.default.svc"
+	cname, err := net.DefaultResolver.LookupCNAME(ctx, host)
+	if err == nil {
+		clusterDomain = cname[len(host)+1:len(cname)-1]
+	}
+}
+
+// GetClusterDomain returns the cluster domain of the k8s cluster.
+// It is auto-detected by running a DNS query when the controller starts up.
+// It defaults to "cluster.local" if we cannot determine the domain.
+func GetClusterDomain() string {
+	return clusterDomain
+}