[CHAOSPLT-1359] Add DNS resolver control

[aymericDD]

What does this PR do?

• Adds new functionality
• Alters existing functionality
• Fixes a bug
• Improves documentation or testing

Please briefly describe your changes as well as the motivation behind them:

Changes:

• Adds per-host DNS resolution strategy control through a new dnsResolver field on network disruption hosts
• Implements four DNS resolver strategies: pod, node, pod-fallback-node (default), and node-fallback-pod
• Refactors DNS client to support strategy-based resolution with ResolveWithStrategy method
• Adds getResolversAndNames helper method for cleaner DNS configuration logic

Motivation:

• Addresses issues with service mesh proxies (like Istio DNS proxy) that intercept DNS queries and return VIP addresses (240.x.x.x) that don't work with tc traffic control rules
• Provides flexibility for users to choose between pod and node nameservers based on their cluster configuration
• Maintains backward compatibility with default pod-fallback-node strategy

Resolves: #882

Code Quality Checklist

• The documentation is up to date.
• My code is sufficiently commented and passes continuous integration checks.
• I have signed my commit (see Contributing Docs).

Testing

• I leveraged continuous integration testing
  • by depending on existing unit tests or end-to-end tests.
  • by adding new unit tests or end-to-end tests.
• I manually tested the following steps:
  • Test default behavior without specifying dnsResolver field (uses pod-fallback-node)
  • Test dnsResolver: pod strategy to verify pod-only DNS resolution
  • Test dnsResolver: node strategy to verify node-only DNS resolution
  • Test dnsResolver: pod-fallback-node with pod DNS failure to verify fallback
  • Test dnsResolver: node-fallback-pod with node DNS failure to verify fallback
  • Test with Istio-enabled namespace using dnsResolver: node to bypass DNS proxy
  • locally.
  • as a canary deployment to a cluster.

[aymericDD]

• [CHAOSPLT-1364] Fix cloud disruption hosts only injected in first chaos pod #1012
• [CHAOSPLT-259] Add percentage-based IP selection for network disruptions  #1011
• [CHAOSPLT-1360] Add DNS resolv.conf path customization for network disruptions #1010
• [CHAOSPLT-1359] Add DNS resolver control #1009 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[datadog-datadog-prod-us1]

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 7b43367 | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

[clairecng]

why not just having host.DNSResolver set to "" even if it's empty? Seems like we also add empty "" if nothing is defined in other fields. I don't think we need any ifs?

[clairecng]

Another way we could have is to have the default be set before? That way it's never empty? (although I can't remember if it's something we do in the chaos-controller or not, so ignore it if we do not do this usually)

[clairecng]

could we have those examples be defined in the examples/ dir and link them instead?

[aymericDD]

I don't really see the added value because the examples are more here to test the disruption effect. Here the resolution of the host will be the same if it's resolved by the node or the pod resolver.

[clairecng]

as you want, but we still need to update the complete example to add your new field

[diyarab]

To make it a little more clear?

Suggested change

When specifying hostnames in the `hosts` or `allowedHosts` fields, you can control which DNS resolver is used to resolve the hostname to an IP address. This is particularly useful in environments with service mesh proxies (like Istio) that intercept DNS queries and return virtual IPs (VIPs) that may not work for traffic disruption.

When specifying hostnames in the `hosts` or `allowedHosts` fields, you can control which DNS resolver is used to resolve the hostname to an IP address. This is particularly useful in environments with service mesh proxies (like Istio) that intercept DNS queries and return virtual IPs (VIPs) that may not work for traffic disruption. In these cases, you should rely on the node-level resolver to ensure the hostnames resolve to the actual destination IPs rather than the service mesh VIP.