Skip to content

Support Pod DNS policy for Kubernetes executor

Pedro Pombeiro requested to merge 6562-support-k8s-dns-policy into master

What does this MR do?

This MR finishes a community contribution from !618 (closed)

Why was this MR needed?

When running an Alpine-based image (ie., docker:dind), ClusterFirst DNS breaks presumably because of ndots in the /etc/resolv.conf, which can be fixed by setting dnsPolicy: Default in the PodSpec.

Previously encountered error sample:

Running with gitlab-ci-multi-runner 9.2.1 (f018144)
  on k8s-orch-priv (0dcbec7a)
Using Kubernetes namespace: gitlab
Using Kubernetes executor with image docker:git ...
Waiting for pod gitlab/runner-0dcbec7a-project-24-concurrent-0f61bt to be running, status is Pending
Waiting for pod gitlab/runner-0dcbec7a-project-24-concurrent-0f61bt to be running, status is Pending
Waiting for pod gitlab/runner-0dcbec7a-project-24-concurrent-0f61bt to be running, status is Pending
Waiting for pod gitlab/runner-0dcbec7a-project-24-concurrent-0f61bt to be running, status is Pending
Running on runner-0dcbec7a-project-24-concurrent-0f61bt via gitlab-runner-1789393614-909hc...
Cloning repository...
Cloning into '/persist/build/sjohnson/epitropos'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@glow.dev.maio.me/sjohnson/epitropos.git/': Couldn't resolve host 'glow.dev.maio.me'
ERROR: Job failed: error executing remote command: command terminated with non-zero exit code: Error executing in Docker Container: 1

What's the best way to test this MR?

go test -count=1 -timeout=45s -v -run TestSetupBuildPod ./executors/kubernetes

Manual test

  1. Register a kubernetes runner and then merge the following with the executor configuration (note that we disable the default DNS policy so that we can add our own config):

    [[runners]]
  name = "kubernetes-runner"
  url = "https://gitlab.com/"
  executor = "kubernetes"
  [runners.kubernetes]
    dns_policy = "default"

  2. Start the runner with the -v flag. You can see that the flag was read in the configuration:

    image

  3. Create a .gitlab-ci.yml file containing the following:

    start_evaluation:
  script:
    - cat /etc/resolv.conf
  tags: [kubernetes]

  4. The build will show the VM nameserver:

    image

  5. If passed an unknown policy name (uppercase None):

    image

  6. If passed the none policy name:

    image

    This error is expected until we merge !2473 (merged)

What are the relevant issue numbers?

Part of #6562 (closed)

Edited by Pedro Pombeiro

Merge request reports