Closed christianang closed 2 years ago
Wondering whether we should also validate that the items in nameservers
are are all valid IP addresses, and that they match the TKG_IP_FAMILY
.
Hi @christianang what's the use-case for different settings on worker nodes vs control plane nodes?
And what's the impetuous/urgency for this request?
Hi @christianang what's the use-case for different settings on worker nodes vs control plane nodes?
The primary use-case, that I know of, for different settings on the control plane node vs worker node is to allow the control plane to discover and communicate with the vCenter, but not allow processes on the worker node to discover the vCenter address.
And what's the impetuous/urgency for this request?
Not particularly urgent, but our team has spare cycles and we know this is a feature that users have asked for.
Ack. I'm +1 on this, though authoritative PM will be Disha Chopra. She's not a member of this repo yet, so reassigning to @christianang as implementer.
Wondering whether we should also validate that the items in nameservers are are all valid IP addresses, and that they match the TKG_IP_FAMILY.
@mcwumbly after thinking about this a bit, I'm tempted to not do the validation of the IPs against the TKG_IP_FAMILY. Currently we would have to put this kind of validation in the CLI itself. I'm not entirely confident there are any clear use-cases for using an IP that doesn't match the TKG_IP_FAMILY, but I'm also not sure if I want to entirely disallow it, if a user wanted to do this for whatever reason. Perhaps we can revisit if we are sure this isn't something we would want a user to do or perhaps if we can do this validation in ytt (which will be possible if this https://github.com/vmware-tanzu/carvel-ytt/pull/433 PR to ytt is merged).
we can revisit if we are sure this isn't something we would want a user to do or perhaps if we can do this validation in ytt
sounds good. we can revisit later.
Describe the feature request
As a cluster operator, I would like to configure different DNS servers per cluster on vSphere. I would also like to be able to configure the control-plane node's DNS servers independently from the DNS servers on the worker nodes. I would like to configure this via a data value in my cluster's configuration file.
This is currently only scoped to vSphere because each cluster-api provider will have a different way to configure nameservers on their nodes. We can add support for other IaaSes after vSphere. Additionally, I haven't investigated if all providers allow you to configure nameservers through their cluster-api provider API so there may be additional work that needs to be done on providers to make this work for all IaaSes.
Design/Acceptance
Given I set
WORKER_NODE_NAMESERVERS
to the IP of my nameserver(s) in cluster configuration yaml And I create the cluster on vSphere usingtanzu cluster create my-cluster -f ./my-configuration.yaml
When I ssh onto the worker node and Iresolvectl
status Then I see my nameserver(s) in the list of dns servers.Given I set
CONTROL_PLANE_NODE_NAMESERVERS
to the IP of my nameserver(s) in cluster configuration yaml And I create the cluster on vSphere usingtanzu cluster create my-cluster -f ./my-configuration.yaml
When I ssh onto the control-plane node and Iresolvectl
status Then I see my nameserver(s) in the list of dns servers.Given I see either
WORKER_NODE_NAMESERVERS
orCONTROL_PLANE_NODE_NAMESERVERS
set, but I am not using vSphere When I runtanzu cluster create my-cluster -f ./my-configuration.yaml
Then I see a ytt template validation error(I should also be able to do all the above using
tanzu management-cluster create
as well)Describe alternatives you've considered
Affected product area (please put an X in all that apply)
Additional context
For reference, when we start work on this, we can accomplish this by using something similar to the following overlay: