refactored local dns proxy. (#348)

* refactored local dns proxy.

* refactored local dns proxy.

* refactored local dns proxy.

* refactored local dns proxy.

Author: cybwan

charts/fsm/README.md

@@ -349,7 +349,7 @@ The following table lists the configurable parameters of the fsm chart and their
 | fsm.injector.resource | object | `{"limits":{"cpu":"1","memory":"512M"},"requests":{"cpu":"0.5","memory":"128M"}}` | Sidecar injector's container resource parameters |
 | fsm.injector.tolerations | list | `[]` | Node tolerations applied to control plane pods. The specified tolerations allow pods to schedule onto nodes with matching taints. |
 | fsm.injector.webhookTimeoutSeconds | int | `20` | Mutating webhook timeout |
-| fsm.localDNSProxy | object | `{"enable":false,"generateIPv6BasedOnIPv4":false,"searchesWithNamespace":true,"searchesWithTrustDomain":true,"wildcard":{"enable":false,"ips":[{"ipv4":"127.0.0.2"}]}}` | Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers |
+| fsm.localDNSProxy | object | `{"enable":false,"generateIPv6BasedOnIPv4":false,"searchesWithNamespace":true,"searchesWithTrustDomain":true,"wildcard":{"enable":false,"ips":[{"ipv4":"127.0.0.2"}],"los":[]}}` | Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers |
 | fsm.localProxyMode | string | `"Localhost"` | Proxy mode for the proxy sidecar. Acceptable values are ['Localhost', 'PodIP'] |
 | fsm.maxDataPlaneConnections | int | `0` | Sets the max data plane connections allowed for an instance of fsm-controller, set to 0 to not enforce limits |
 | fsm.meshName | string | `"fsm"` | Identifier for the instance of a service mesh within a cluster |

charts/fsm/templates/fsm-deployment.yaml

@@ -104,6 +104,9 @@ spec:
               containerPort: 9091
             - name: webhook
               containerPort: 9443
+            - name: dns-proxy
+              containerPort: 15053
+              protocol: UDP
           command: ['/fsm-controller']
           args: [
             "--verbosity", "{{.Values.fsm.controllerLogLevel}}",

charts/fsm/templates/fsm-service.yaml

@@ -20,5 +20,9 @@ spec:
     - name: webhook
       port: 9443
       targetPort: 9443
+    - name: dns-proxy
+      port: 53
+      targetPort: 15053
+      protocol: UDP
   selector:
     app: fsm-controller

charts/fsm/values.schema.json

@@ -1251,6 +1251,7 @@
                       "description": "The wildcard schema for local DNS Proxy",
                       "required": [
                         "enable",
+                        "los",
                         "ips"
                       ],
                       "properties": {
@@ -1260,6 +1261,30 @@
                           "title": "The enable schema for wildcard",
                           "description": "Indicates whether wildcard is enabled or not"
                         },
+                        "los": {
+                          "$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/los",
+                          "type": "array",
+                          "title": "The los schema for wildcard",
+                          "items": {
+                            "type": "object",
+                            "required": [
+                              "ipv4"
+                            ],
+                            "properties": {
+                              "ipv4": {
+                                "$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/los/properties/ipv4",
+                                "type": "string",
+                                "title": "ipv4",
+                                "pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})$"
+                              },
+                              "ipv6": {
+                                "$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/los/properties/ipv6",
+                                "type": "string",
+                                "title": "ipv6"
+                              }
+                            }
+                          }
+                        },
                         "ips": {
                           "$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/ips",
                           "type": "array",

charts/fsm/values.yaml

@@ -510,6 +510,7 @@ fsm:
     generateIPv6BasedOnIPv4: false
     wildcard:
       enable: false
+      los: []
       ips:
         - ipv4: 127.0.0.2
   # -- Sets the max data plane connections allowed for an instance of fsm-controller, set to 0 to not enforce limits

cmd/fsm-bootstrap/crds/config.flomesh.io_meshconfigs.yaml

@@ -2224,9 +2224,29 @@ spec:
                               - ipv4
                               type: object
                             type: array
+                          los:
+                            description: LOs defines loopback addresses for resolve
+                              DN.
+                            items:
+                              description: ResolveAddr is the type to represent FSM's
+                                Resolve Addr configuration.
+                              properties:
+                                ipv4:
+                                  description: IPv4 defines a ipv4 address for resolve
+                                    DN.
+                                  type: string
+                                ipv6:
+                                  description: IPv6 defines a ipv6 address for resolve
+                                    DN.
+                                  type: string
+                              required:
+                              - ipv4
+                              type: object
+                            type: array
                         required:
                         - enable
                         - ips
+                        - los
                         type: object
                     required:
                     - enable

cmd/fsm-controller/fsm-controller.go

@@ -15,6 +15,7 @@ import (
 
 	"github.com/go-logr/zerologr"
 
+	"github.com/flomesh-io/fsm/pkg/dns"
 	connectorClientset "github.com/flomesh-io/fsm/pkg/gen/client/connector/clientset/versioned"
 	machineClientset "github.com/flomesh-io/fsm/pkg/gen/client/machine/clientset/versioned"
 	policyAttachmentClientset "github.com/flomesh-io/fsm/pkg/gen/client/policyattachment/clientset/versioned"
@@ -371,6 +372,8 @@ func main() {
 		events.GenericEventRecorder().FatalEvent(err, events.InitializationError, "Error starting the validating webhook server")
 	}
 
+	dns.Init(cfg)
+
 	version.SetMetric()
 
 	// Initialize FSM's http service server
@@ -399,6 +402,7 @@ func main() {
 	debugConfig := debugger.NewDebugConfig(certManager, meshCatalog, kubeConfig, kubeClient, cfg, k8sClient, msgBroker)
 	go debugConfig.StartDebugServerConfigListener(background.DebugHandlers, stop)
 
+	go dns.WatchAndUpdateLocalDNSProxy(msgBroker, stop)
 	// Start the k8s pod watcher that updates corresponding k8s secrets
 	go k8s.WatchAndUpdateProxyBootstrapSecret(kubeClient, msgBroker, stop)
 	// Start the global log level watcher that updates the log level dynamically

go.mod

@@ -93,7 +93,9 @@ require (
 	github.com/hashicorp/consul/api v1.21.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/hudl/fargo v1.4.0
+	github.com/jonboulle/clockwork v0.2.2
 	github.com/kelseyhightower/envconfig v1.4.0
+	github.com/miekg/dns v1.1.58
 	github.com/nacos-group/nacos-sdk-go/v2 v2.2.5
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/pkg/errors v0.9.1
@@ -338,7 +340,6 @@ require (
 	github.com/mbilski/exhaustivestruct v1.1.0 // indirect
 	github.com/mdlayher/netlink v1.6.0 // indirect
 	github.com/mdlayher/socket v0.1.1 // indirect
-	github.com/miekg/dns v1.1.58 // indirect
 	github.com/mitchellh/cli v1.1.5 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect

go.sum

@@ -1750,6 +1750,8 @@ github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
+github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=

pkg/apis/config/v1alpha3/mesh_config.go

@@ -101,8 +101,11 @@ type WildcardDN struct {
 	// Enable defines a boolean indicating if wildcard are enabled for local DNS Proxy.
 	Enable bool `json:"enable"`
 
+	// LOs defines loopback addresses for resolve DN.
+	LOs []*ResolveAddr `json:"los"`
+
 	// IPs defines ip addresses for resolve DN.
-	IPs []ResolveAddr `json:"ips"`
+	IPs []*ResolveAddr `json:"ips"`
 }
 
 // ResolveDN is the type to represent FSM's Resolve DN configuration.
@@ -111,7 +114,7 @@ type ResolveDN struct {
 	DN string `json:"dn"`
 
 	// IPs defines ip addresses for resolve DN.
-	IPs []ResolveAddr `json:"ips"`
+	IPs []*ResolveAddr `json:"ips"`
 }
 
 // LocalDNSProxy is the type to represent FSM's local DNS proxy configuration.

pkg/apis/config/v1alpha3/zz_generated.deepcopy.go

@@ -71,7 +71,7 @@ func (mc *MeshCatalog) GetOutboundMeshTrafficPolicy(downstreamIdentity identity.
 			}
 		}
 
-		if mc.configurator.IsLocalDNSProxyEnabled() && !mc.configurator.IsWildcardDNSProxyEnabled() {
+		if mc.configurator.IsLocalDNSProxyEnabled() {
 			if !existIntraEndpoints {
 				resolvableIPSet := mapset.NewSet()
 				for _, endp := range endpoints {

pkg/catalog/outbound_traffic_policies.go

@@ -72,6 +72,9 @@ const (
 	// SidecarPrometheusInboundListenerPort is Sidecar's inbound listener port number for prometheus
 	SidecarPrometheusInboundListenerPort = 15010
 
+	// FSMDNSProxyPort is the dns proxy listener port.
+	FSMDNSProxyPort = uint32(15053)
+
 	// InjectorWebhookPort is the port on which the sidecar injection webhook listens
 	InjectorWebhookPort = 9090
 

pkg/constants/constants.go

@@ -0,0 +1,62 @@
+package dns
+
+import (
+	"fmt"
+
+	"github.com/jonboulle/clockwork"
+
+	configv1alpha3 "github.com/flomesh-io/fsm/pkg/apis/config/v1alpha3"
+	"github.com/flomesh-io/fsm/pkg/configurator"
+)
+
+// WallClock is the wall clock
+var WallClock = clockwork.NewRealClock()
+
+// Config holds the configuration parameters
+type Config struct {
+	cfg              configurator.Configurator
+	CustomDNSRecords []string // manual custom dns entries
+}
+
+// GetNameservers nameservers to forward queries to
+func (c *Config) GetNameservers() []string {
+	var nameservers []string
+	if upstream := c.cfg.GetLocalDNSProxyPrimaryUpstream(); len(upstream) > 0 {
+		nameservers = append(nameservers, fmt.Sprintf("%s:53", upstream))
+	}
+	if upstream := c.cfg.GetLocalDNSProxySecondaryUpstream(); len(upstream) > 0 {
+		nameservers = append(nameservers, fmt.Sprintf("%s:53", upstream))
+	}
+	return nameservers
+}
+
+func (c *Config) IsWildcard() bool {
+	return c.cfg.IsWildcardDNSProxyEnabled()
+}
+
+func (c *Config) GetWildcardResolveDB() []*configv1alpha3.ResolveAddr {
+	return c.cfg.GetMeshConfig().Spec.Sidecar.LocalDNSProxy.Wildcard.IPs
+}
+
+func (c *Config) GetLoopbackResolveDB() []*configv1alpha3.ResolveAddr {
+	return c.cfg.GetMeshConfig().Spec.Sidecar.LocalDNSProxy.Wildcard.LOs
+}
+
+func (c *Config) GenerateIPv6BasedOnIPv4() bool {
+	return c.cfg.GenerateIPv6BasedOnIPv4()
+}
+
+// GetNXDomain response to blocked queries with a NXDOMAIN
+func (c *Config) GetNXDomain() bool {
+	return false
+}
+
+// GetInterval concurrency interval for lookups in miliseconds
+func (c *Config) GetInterval() int {
+	return 200
+}
+
+// GetTimeout query timeout for dns lookups in seconds
+func (c *Config) GetTimeout() int {
+	return 5
+}