Add arg min-port=1024 to dnsmasq container in kube-dns #7020
Conversation
|
Hi @nr17. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/assign @andrewsykim |
|
Unknown CLA label state. Rechecking for CLA labels. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
cncf-cla: yes
|
@andrewsykim Any feedback for me? |
|
@justinsb @mikesplain can you please provide some comments on this pr. |
|
/ok-to-test If later versions of dnsmasq started to default --min-port=1024 then lgtm. @nr17 do you know which version of dnsmaq added this default? |
k8s-ci-robot
added
ok-to-test
They fixed it in version 2.79 with this change:
|
Their changelog doesn’t mention it explictly. I had to do a git log to find it. git clone git://thekelleys.org.uk/dnsmasq.git
You can verify the version in which it was fixed by examining the git log using : git log --graph --pretty=format:"%C(green)%h%Creset%C(red)%d%Creset %s %C(bold blue)<%an>%Creset %C(green)(%cr)" --abbrev-commit |
k8s-ci-robot
added
the
lgtm
|
Thanks @nr17 and sorry for the delay... it's a tricky one to figure out, but worst case this matches the default that will be set when we (eventually) update dnsmasq! I'm not entirely sure how you found it :-) /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb, nr17 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/test pull-kops-bazel-test |
|
@nr17 can you update these manifest hashes with their new values according to the failed |
nr17
force-pushed
the
add-arg-min-port-to-dnsmasq
branch
from
d109186 to
b97b9e4
Compare
k8s-ci-robot
removed
the
lgtm
nr17
force-pushed
the
add-arg-min-port-to-dnsmasq
branch
from
b97b9e4 to
241f9dd
Compare
|
/test pull-kops-bazel-test |
|
@rifelpet I changed the manifest hashes in upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml but the tests still fail. |
|
@nr17 ah yes you'll probably need to update them all. I believe the |
Do not use ports less than that given as source for outbound DNS queries. Dnsmasq picks random ports as source for outbound queries: when this option is given, the ports used will always to larger than that specified. Useful for systems behind firewalls.
nr17
force-pushed
the
add-arg-min-port-to-dnsmasq
branch
from
241f9dd to
0310c2e
Compare
k8s-ci-robot
added
size/S
|
@justinsb can I get the final approval for this. I corrected the manifest hashes for the updated yamls. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
…-origin-release-1.15 Automated cherry pick of #7020: Add arg min-port=1024 to dnsmasq container in kube-dns
Do not use ports less than that given as source for outbound DNS queries. Dnsmasq picks random ports as source for outbound queries: when this option is given, the ports used will always to larger than that specified. Useful for systems behind firewalls.
More information: Kubernetes kube-dns uses dnsmasq version 2.78 (http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.xz), which doesn't set the default min_port to 1024 (probably a bug). Later versions of dnsmasq have fixed this issue and don't need explicit min-port command-line argument.