Last active
October 3, 2023 02:33
-
-
Save arthurwolf/deae5f95fa677c4e683c968c51c56ab2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gathering the coredns configmap on a fresh/unmodified setup: | |
| demo@Ubuntu-2204-jammy-amd64-base:~/wire-server-deploy$ d kubectl get configmap coredns -n kube-system --output yaml | |
| apiVersion: v1 | |
| data: | |
| Corefile: | | |
| .:53 { | |
| errors | |
| health { | |
| lameduck 5s | |
| } | |
| ready | |
| kubernetes cluster.local in-addr.arpa ip6.arpa { | |
| pods insecure | |
| fallthrough in-addr.arpa ip6.arpa | |
| } | |
| prometheus :9153 | |
| forward . /etc/resolv.conf { | |
| prefer_udp | |
| max_concurrent 1000 | |
| } | |
| cache 30 | |
| loop | |
| reload | |
| loadbalance | |
| } | |
| kind: ConfigMap | |
| metadata: | |
| annotations: | |
| kubectl.kubernetes.io/last-applied-configuration: | | |
| {"apiVersion":"v1","data":{"Corefile":".:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n max_concurrent 1000\n }\n cache 30\n\n loop\n reload\n loadbalance\n}\n"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"EnsureExists"},"name":"coredns","namespace":"kube-system"}} | |
| creationTimestamp: "2023-10-02T23:51:43Z" | |
| labels: | |
| addonmanager.kubernetes.io/mode: EnsureExists | |
| name: coredns | |
| namespace: kube-system | |
| resourceVersion: "994" | |
| uid: e9bfcb9b-2493-4614-8fc0-c861c4bac997 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gathering the nodelocaldns configmap on a fresh/unmodified setup: | |
| demo@Ubuntu-2204-jammy-amd64-base:~/wire-server-deploy$ d kubectl get configmap nodelocaldns -n kube-system -o=jsonpath='{.data.Corefile}' | |
| cluster.local:53 { | |
| errors | |
| cache { | |
| success 9984 30 | |
| denial 9984 5 | |
| } | |
| reload | |
| loop | |
| bind 10.233.0.10 | |
| forward . 10.233.0.3 { | |
| force_tcp | |
| } | |
| prometheus :9253 | |
| health 10.233.0.10:9254 | |
| } | |
| in-addr.arpa:53 { | |
| errors | |
| cache 30 | |
| reload | |
| loop | |
| bind 10.233.0.10 | |
| forward . 10.233.0.3 { | |
| force_tcp | |
| } | |
| prometheus :9253 | |
| } | |
| ip6.arpa:53 { | |
| errors | |
| cache 30 | |
| reload | |
| loop | |
| bind 10.233.0.10 | |
| forward . 10.233.0.3 { | |
| force_tcp | |
| } | |
| prometheus :9253 | |
| } | |
| .:53 { | |
| errors | |
| cache 30 | |
| reload | |
| loop | |
| bind 10.233.0.10 | |
| forward . /etc/resolv.conf | |
| prometheus :9253 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Editing coredns config. | |
| 1. Get config into a file. | |
| d kubectl get configmap coredns -n kube-system --output yaml > coredns_config.yaml | |
| 2. Modify the file. | |
| Replacing: | |
| forward . 127.0.0.53:9999 { | |
| max_fails 0 | |
| } | |
| With: | |
| forward . /etc/resolv.conf { | |
| prefer_udp | |
| max_concurrent 1000 | |
| } | |
| 3. Apply the file. | |
| d kubectl apply -f coredns_config.yaml | |
| ## Editing nodelocaldns config. | |
| 1. Get config into a file. | |
| d kubectl get configmap nodelocaldns -n kube-system --output yaml > nodelocaldns_config.yaml | |
| 2. Modify the file: | |
| Add `forward . /etc/resolv.conf` where it is missing between `bind 10.233.0.10` and `prometheus :9253`, around line 45. | |
| So that: | |
| bind 10.233.0.10 | |
| prometheus :9253 | |
| Becomes: | |
| bind 10.233.0.10 | |
| forward . /etc/resolv.conf | |
| prometheus :9253 | |
| 3. Apply the file. | |
| d kubectl apply -f nodelocaldns_config.yaml | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Analysis of the script: | |
| The nodelocaldns part of the script: | |
| 1. Obtains the content of the configMap for nodelocaldns | |
| 2. Deletes the `forward . /etc/resolv.conf` line (line 45) from that configMap | |
| 3. Replaces the configmap with the configmap that is missing that line. | |
| The modifier line is: | |
| MODIFIED_TEXT=$(echo "$CURRENT_COREFILE" | sed '/forward \. \/etc\/resolv\.conf/d') | |
| The coredns part of the script: | |
| 1. Obtains the content of the configMap for nodelocaldns | |
| 2. Finds any line that starts with "forward", and deletes it as well as the next 3 lines: | |
| forward . /etc/resolv.conf { | |
| prefer_udp | |
| max_concurrent 1000 | |
| } | |
| 3. Finds any line that starts with "cache", and replaces it with: | |
| forward . 127.0.0.53:9999 { | |
| max_fails 0 | |
| } | |
| cache | |
| 4. Replaces the configmap with the configmap that is thus modified. | |
| This line is essentially equivalent with replacing: | |
| forward . /etc/resolv.conf { | |
| prefer_udp | |
| max_concurrent 1000 | |
| } | |
| with: | |
| forward . 127.0.0.53:9999 { | |
| max_fails 0 | |
| } | |
| The modifier line is: | |
| sed -i coredns_config.yaml -e '/^[ ]*forward.*/{N;N;N;d;}' -e "s/^\([ ]*\)cache/\1forward . 127.0.0.53:9999 {\n\1 max_fails 0\n\1}\n\1cache/" | |
| ## Instructions to reverse the script. | |
| 0. Presuming the script was run, and we want to revert its effects. | |
| 1. Gather the nodelocaldns configmap with: `kubectl get configmap nodelocaldns -n kube-system -o=jsonpath='{.data.Corefile}'` | |
| 2. Save the returned data to a `nodelocaldns_config.yaml` file and edit it by adding `forward . /etc/resolv.conf` where it is missing between `bind 10.233.0.10` and `prometheus :9253`, around line 45. | |
| 4. Apply this change using the command `kubectl apply -f nodelocaldns_config.yaml` | |
| 5. Gather the coredns configmap with: `kubectl get configmap coredns -n kube-system --output yaml` | |
| 6. Save the data to a `coredns_config.yaml` file and modify the returned data, replacing: | |
| forward . 127.0.0.53:9999 { | |
| max_fails 0 | |
| } | |
| with: | |
| forward . /etc/resolv.conf { | |
| prefer_udp | |
| max_concurrent 1000 | |
| } | |
| 7. Commit the modified data using the command `kubectl apply -f coredns_config.yaml` | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script to edit coredns and nodelocaldns configs in a Kubernetes cluster | |
| # Load the environment. | |
| d='sudo docker run -it --network=host -v nonexistent:/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent -v /home/demo/.ssh:/root/.ssh -v /home/demo/wire-server-deploy:/wire-server-deploy quay.io/wire/wire-server-deploy:i045hf4fc3ffszb5s7kir3dg0jk2lrcb' | |
| #!/bin/bash | |
| # Make sure the script fails on any error | |
| set -e | |
| # Editing coredns config | |
| echo "Editing coredns config..." | |
| # Get the coredns config into a file | |
| $d kubectl get configmap coredns -n kube-system --output yaml > coredns_config.yaml | |
| # Function to replace text in a file | |
| replace_text() { | |
| local search_for="$1" | |
| local replace_with="$2" | |
| local file="$3" | |
| # Use sed to replace text | |
| sed -i "s/${search_for}/${replace_with}/g" "$file" | |
| } | |
| # File to be edited | |
| file_to_edit="coredns_config.yaml" | |
| # Text to be replaced and its replacement | |
| # We use [[:space:]] to match any number of white-space characters | |
| # Escape special characters in the search text | |
| search1="forward . 127.0.0.53:9999" | |
| replace1="forward . \/etc\/resolv.conf" | |
| search2="max_fails 0" | |
| replace2="prefer_udp\n max_concurrent 1000" | |
| # Perform the replacements | |
| replace_text "$search1" "$replace1" "$file_to_edit" | |
| replace_text "$search2" "$replace2" "$file_to_edit" | |
| # Confirmation message | |
| echo "Text successfully replaced in $file_to_edit." | |
| # Apply the changes | |
| $d kubectl apply -f coredns_config.yaml | |
| echo "Finished editing coredns config." | |
| # Editing nodelocaldns config | |
| echo "Editing nodelocaldns config..." | |
| # Function to replace text in a file | |
| replace_text_in_file() { | |
| # Parameters: Old text, New text, File name | |
| awk -v old="$1" -v new="$2" ' | |
| { | |
| gsub(old, new) | |
| } | |
| { | |
| } | |
| ' $3 > tmpfile && mv tmpfile $3 | |
| } | |
| # Make sure the script fails on any error | |
| set -e | |
| # Text to be replaced | |
| old_text=" bind 10.233.0.10\n prometheus :9253" | |
| # Text to replace with | |
| new_text=" bind 10.233.0.10\n forward . /etc/resolv.conf\n prometheus :9253" | |
| # Get the nodelocaldns config into a file | |
| $d kubectl get configmap nodelocaldns -n kube-system --output yaml > nodelocaldns_config.yaml | |
| # Use replace_text_in_file function to replace the text | |
| replace_text_in_file "$old_text" "$new_text" "nodelocaldns_config.yaml" | |
| # Apply the changes | |
| $d kubectl apply -f nodelocaldns_config.yaml | |
| echo "Finished editing nodelocaldns config." | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment