m/n/kubernetes: factor out cluster domain
This removes the hardcoded Kubernetes cluster domain and pushes it out
to a single place at the root of the Kubernetes supervisor tree.
This will later be aligned with the cluster domain specified in the
identity design document, currently this does not change any behavior.
It also removes a bogous SAN from the Kubernetes API server certificate
(kubernetes.default.svc.cluster) for which there is no corresponding
search path.
Change-Id: I30b8907a7b846415f5002c09a24d2d37930a9cd1
Reviewed-on: https://review.monogon.dev/c/monogon/+/773
Tested-by: Jenkins CI
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
diff --git a/metropolis/node/kubernetes/service.go b/metropolis/node/kubernetes/service.go
index 03be33c..ff0f55c 100644
--- a/metropolis/node/kubernetes/service.go
+++ b/metropolis/node/kubernetes/service.go
@@ -45,6 +45,7 @@
type Config struct {
ServiceIPRange net.IPNet
ClusterNet net.IPNet
+ ClusterDomain string
KPKI *pki.PKI
Root *localstorage.Root
@@ -121,6 +122,7 @@
kubelet := kubeletService{
NodeName: s.c.Node.ID(),
ClusterDNS: []net.IP{address},
+ ClusterDomain: s.c.ClusterDomain,
KubeletDirectory: &s.c.Root.Data.Kubernetes.Kubelet,
EphemeralDirectory: &s.c.Root.Ephemeral,
KPKI: s.c.KPKI,
@@ -200,7 +202,7 @@
}
supervisor.Logger(ctx).Info("Registering K8s CoreDNS")
- clusterDNSDirective := dns.NewKubernetesDirective("cluster.local", masterKubeconfig)
+ clusterDNSDirective := dns.NewKubernetesDirective(s.c.ClusterDomain, masterKubeconfig)
s.c.Network.ConfigureDNS(clusterDNSDirective)
supervisor.Signal(ctx, supervisor.SignalHealthy)