Have cluster-creator-login use ClusterIP rancher service

Bogdan-Adrian Burciurequested to merge
coredns_dependency into main

What does this MR do and why?

This is probably not doing much, but just switch to the internal K8s service for reaching Rancher server API.

Motivation behind it is that before this change cluster-creator-login kube-job needed to resolve rancher.sylva, due to:

  cluster-creator-login:
    kustomization_spec:
      postBuild:
        substitute:
          RANCHER_EXTERNAL_URL: '{{ .Values.external_hostnames.rancher }}'

being used in the script and the fact that

  • Ingress hosts (FQDNs) are not resolvable by CoreDNS natively
  • for Sylva mgmt cluster, this is possible through the coredns unit, which allows for the CoreDNS configuration (inside a ConfigMap) to look like:
[git:longhorn-node-annotation]root@hpe-server-4:sylva-core# kubectl --kubeconfig management-cluster-kubeconfig -n kube-system get cm rke2-coredns-rke2-coredns -o yaml
apiVersion: v1
data:
  Corefile: |
    sylva:53 {
        errors
        forward sylva 192.168.199.204
    }
    .:53 {
        errors
        health {
           lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf {
           max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: rke2-coredns
    meta.helm.sh/release-namespace: kube-system
  creationTimestamp: "2023-12-13T15:32:16Z"
  labels:
    app.kubernetes.io/instance: rke2-coredns
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: rke2-coredns
    helm.sh/chart: rke2-coredns-1.24.002
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: CoreDNS
    kustomize.toolkit.fluxcd.io/name: coredns
    kustomize.toolkit.fluxcd.io/namespace: sylva-system
  name: rke2-coredns-rke2-coredns
  namespace: kube-system
  resourceVersion: "4065"
  uid: c1cc456d-4f15-4f15-b6d7-40342f518f86
[git:longhorn-node-annotation]root@hpe-server-4:sylva-core#

where the DNS forwarder for the .sylva domain is the -n k8s-gateway Service/k8s-gateway:

[git:longhorn-node-annotation]root@hpe-server-4:sylva-core# kubectl --kubeconfig management-cluster-kubeconfig get svc -A -o wide | grep 204
k8s-gateway                 k8s-gateway                                                LoadBalancer   10.43.154.69    192.168.199.204   53:31893/UDP                          17h   app.kubernetes.io/instance=k8s-gateway,app.kubernetes.io/name=k8s-gateway
:

A dependency on coredns unit would have been needed for cluster-creator-login unit.

Related reference(s)

Test coverage

Edited by Bogdan-Adrian Burciu

Merge request reports