Change CoreDNS from Deployment to DaemonSet

CoreDNS is critical to cluster operations, and is also a very lightweight
service.  This change makes the CoreDNS service deployable as a Deployment
(current behavior), a DaemonSet, or both simultaneously.  This allows
DNS to be easily configured to run on all nodes (or all control
plane nodes if desired) for high availability of the service and
resiliency of the cluster.

The "deplyoment and daemonset" behavior can be used to provide an
uninterrupted migration path from a Deployment-based environment
to a DaemonSet-based one.

Change-Id: I58c3e62ac4892a4d9374d99eefe8055865cebf1e

charts/coredns/templates/deployment.yaml

@@ -16,35 +16,46 @@ limitations under the License.
 
 {{- $envAll := . }}
 {{- $labels := tuple $envAll "kubernetes" "coredns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
+{{- $kinds := list -}}
+{{- if .Values.manifests.deployment -}}{{ $kinds = append $kinds "Deployment" -}}{{- end -}}
+{{- if .Values.manifests.daemonset -}}{{ $kinds = append $kinds "DaemonSet" -}}{{- end -}}
+
+{{- range $kinds -}}
+{{- $kind := . -}}
 ---
 apiVersion: apps/v1
-kind: Deployment
+kind: {{ $kind }}
 metadata:
   name: coredns
   labels:
 {{ $labels | indent 4 }}
-    {{ .Values.service.name }}: enabled
+    {{ $envAll.Values.service.name }}: enabled
     kubernetes.io/name: "CoreDNS"
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
-  replicas: {{ .Values.pod.replicas.coredns }}
+{{- if eq $kind "Deployment" }}
+  replicas: {{ $envAll.Values.pod.replicas.coredns }}
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxUnavailable: 1
+{{- end }}
   selector:
     matchLabels:
 {{ $labels | indent 6 }}
-      {{ .Values.service.name }}: enabled
+      {{ $envAll.Values.service.name }}: enabled
+{{- if eq $kind "DaemonSet" }}
+{{ tuple $envAll "coredns" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
+{{- end }}
   template:
     metadata:
       labels:
 {{ $labels | indent 8 }}
-        {{ .Values.service.name }}: enabled
+        {{ $envAll.Values.service.name }}: enabled
       annotations:
-        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
-        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" $envAll | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" $envAll | include "helm-toolkit.utils.hash" }}
     spec:
       serviceAccountName: coredns
       shareProcessNamespace: true
@@ -52,7 +63,9 @@ spec:
         - key: "CriticalAddonsOnly"
           operator: "Exists"
       nodeSelector:
-        {{ .Values.labels.coredns.node_selector_key }}: {{ .Values.labels.coredns.node_selector_value }}
+        {{ $envAll.Values.labels.coredns.node_selector_key }}: {{ $envAll.Values.labels.coredns.node_selector_value }}
+      terminationGracePeriodSeconds: {{ $envAll.Values.pod.lifecycle.termination_grace_period.coredns.timeout | default "30" }}
+{{- if eq $kind "Deployment" }}
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -60,15 +73,16 @@ spec:
             podAffinityTerm:
               labelSelector:
                 matchExpressions:
-                - key: {{ .Values.service.name }}
+                - key: {{ $envAll.Values.service.name }}
                   operator: In
                   values:
                   - enabled
               topologyKey: kubernetes.io/hostname
+{{- end }}
       containers:
       - name: coredns
-        image: {{ .Values.images.tags.coredns | quote }}
-        imagePullPolicy: {{ .Values.images.pull_policy | quote }}
+        image: {{ $envAll.Values.images.tags.coredns | quote }}
+        imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }}
 {{ tuple $envAll $envAll.Values.pod.resources.coredns | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
         args: [ "-conf", "/etc/coredns/Corefile" ]
         volumeMounts:
@@ -102,11 +116,12 @@ spec:
       volumes:
         - name: config-volume
           configMap:
-            name: {{ .Values.service.name }}-etc
+            name: {{ $envAll.Values.service.name }}-etc
             items:
             - key: Corefile
               path: Corefile
         - name: scripts
           configMap:
-            name: {{ .Values.service.name }}-bin
+            name: {{ $envAll.Values.service.name }}-bin
             defaultMode: 0555
+{{ end }}

charts/coredns/values.yaml

@@ -36,6 +36,18 @@ service:
   ip: 10.96.0.10
 
 pod:
+  lifecycle:
+    upgrades:
+      # This is only meaningful when deploying as a DaemonSet
+      daemonsets:
+        pod_replacement_strategy: RollingUpdate
+        coredns:
+          enabled: true
+          min_ready_seconds: 0
+          max_unavailable: 30%
+    termination_grace_period:
+      coredns:
+        timeout: 30
   resources:
     enabled: false
     coredns:
@@ -52,6 +64,7 @@ pod:
       limits:
         memory: "1024Mi"
         cpu: "2000m"
+  # This is only meaningful when deploying as a Deployment
   replicas:
     coredns: 3
 
@@ -63,4 +76,7 @@ monitoring:
       port: 9253
 
 manifests:
+  # This chart can deploy CoreDNS as a Deployment, as a DaemonSet, or both
+  daemonset: false
+  deployment: true
   pod_test: true

examples/basic/armada-resources.yaml

@@ -571,12 +571,9 @@ data:
     conf:
       test:
         names_to_resolve:
-          - att.com
           - calico-etcd.kube-system.svc.cluster.local
-          - google.com
           - kubernetes-etcd.kube-system.svc.cluster.local
           - kubernetes.default.svc.cluster.local
-
     images:
       tags:
         coredns: coredns/coredns:1.1.3

examples/complete/armada-resources.yaml

@@ -582,9 +582,7 @@ data:
     conf:
       test:
         names_to_resolve:
-          - att.com
           - calico-etcd.kube-system.svc.cluster.local
-          - google.com
           - kubernetes-etcd.kube-system.svc.cluster.local
           - kubernetes.default.svc.cluster.local