Merge pull request #3580 from telepresenceio/thallgren/dns-svc-as-tld

Include "svc" as a top-level domain in the DNS resolver.

CHANGELOG.yml

@@ -33,6 +33,14 @@ items:
   - version: 2.19.0
     date: (TBD)
     notes:
+      - type: bugfix
+        title: Include svc as a top-level domain in the DNS resolver.
+        body: ->
+          It's not uncommon that use-cases involving Kafka or other middleware use FQNs that end with
+          "svc". The core-DNS resolver in Kubernetes can resolve such names. With this bugfix,
+          the Telepresence DNS resolver will also be able to resolve them, and thereby remove the need
+          to add ".svc" to the include-suffix list.
+        docs: https://github.com/telepresenceio/telepresence/issues/2814
       - type: feature
         title: Add ability to mount a webhook secret.
         body: >-

integration_test/svcdomain_test.go

@@ -0,0 +1,25 @@
+package integration_test
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"time"
+
+	"github.com/datawire/dlib/dlog"
+)
+
+func (s *connectedSuite) Test_SvcDomain() {
+	c := s.Context()
+	s.ApplyEchoService(c, "echo", 8080)
+	defer s.DeleteSvcAndWorkload(c, "deploy", "echo")
+
+	host := fmt.Sprintf("echo.%s.svc", s.AppNamespace())
+	s.Eventually(func() bool {
+		c, cancel := context.WithTimeout(c, 1800*time.Millisecond)
+		defer cancel()
+		dlog.Info(c, "LookupHost("+host+")")
+		_, err := net.DefaultResolver.LookupHost(c, host)
+		return s.NoErrorf(err, "%s did not resolve", host)
+	}, 10*time.Second, 2*time.Second)
+}

pkg/client/rootd/dns/server.go

@@ -308,6 +308,10 @@ func (s *Server) isExcluded(name string) bool {
 	return false
 }
 
+func (s *Server) isDomainExcluded(name string) bool {
+	return slices.Contains(s.excludeSuffixes, "."+name)
+}
+
 func (s *Server) resolveInCluster(c context.Context, q *dns.Question) (result dnsproxy.RRs, rCode int, err error) {
 	query := q.Name
 	if query == "localhost." {
@@ -515,10 +519,13 @@ func (s *Server) processSearchPaths(g *dgroup.Group, processor func(context.Cont
 
 				routes := make(map[string]struct{}, len(das.domains))
 				for _, domain := range das.domains {
-					if domain != "" {
+					if domain != "" && !s.isDomainExcluded(domain) {
 						routes[domain] = struct{}{}
 					}
 				}
+				if !s.isDomainExcluded("svc") {
+					routes["svc"] = struct{}{}
+				}
 				s.Lock()
 				s.routes = routes
 

pkg/client/userd/trafficmgr/session.go

@@ -10,6 +10,7 @@ import (
 	"net/url"
 	"os"
 	"os/user"
+	"slices"
 	"sort"
 	"strings"
 	"sync"
@@ -514,17 +515,20 @@ func connectError(t rpc.ConnectInfo_ErrType, err error) *rpc.ConnectInfo {
 // updateDaemonNamespacesLocked will create a new DNS search path from the given namespaces and
 // send it to the DNS-resolver in the daemon.
 func (s *session) updateDaemonNamespaces(c context.Context) {
+	const svcDomain = "svc"
+
 	s.wlWatcher.setNamespacesToWatch(c, s.GetCurrentNamespaces(true))
 
-	// Pass current mapped namespaces as plain names (no ending dot). The DNS-resolver will
-	// create special mapping for those, allowing names like myservice.mynamespace to be resolved
-	namespaces := s.GetCurrentNamespaces(false)
-	dlog.Debugf(c, "posting namespaces %v", namespaces)
+	domains := s.GetCurrentNamespaces(false)
+	if !slices.Contains(domains, svcDomain) {
+		domains = append(domains, svcDomain)
+	}
+	dlog.Debugf(c, "posting top-level domains %v to root daemon", domains)
 
-	if _, err := s.rootDaemon.SetDNSTopLevelDomains(c, &rootdRpc.Domains{Domains: namespaces}); err != nil {
-		dlog.Errorf(c, "error posting namespaces %v to root daemon: %v", namespaces, err)
+	if _, err := s.rootDaemon.SetDNSTopLevelDomains(c, &rootdRpc.Domains{Domains: domains}); err != nil {
+		dlog.Errorf(c, "error posting domains %v to root daemon: %v", domains, err)
 	}
-	dlog.Debug(c, "namespaces posted successfully")
+	dlog.Debug(c, "domains posted successfully")
 }
 
 func (s *session) Epilog(ctx context.Context) {