From 1260590b4e5f3f6095ed0dc61288798872973405 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <kevin.lefevre@osones.io>
Date: Fri, 14 Apr 2017 11:57:53 +0200
Subject: [PATCH] [k8s_coreos] enable CoreDNS addon

Enable option to specify a custom cluster domain name.
Enable Kubelet integration with DNS.

Change-Id: I76f837c950ab9111d5a43fa522829d5034cd5ee8
---
 .../templates/fragments/enable-coredns.yaml   | 162 ++++++++++++++++++
 .../fragments/enable-kubelet-master.yaml      |   3 +-
 .../fragments/enable-kubelet-minion.yaml      |   3 +-
 .../fragments/write-heat-params-master.yaml   |   2 +
 .../fragments/write-heat-params.yaml          |   2 +
 .../k8s_coreos_v1/templates/kubecluster.yaml  |  16 ++
 .../k8s_coreos_v1/templates/kubemaster.yaml   |  22 +++
 .../k8s_coreos_v1/templates/kubeminion.yaml   |  12 ++
 8 files changed, 220 insertions(+), 2 deletions(-)
 create mode 100644 magnum/drivers/k8s_coreos_v1/templates/fragments/enable-coredns.yaml

diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-coredns.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-coredns.yaml
new file mode 100644
index 0000000000..9480e9d8e9
--- /dev/null
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-coredns.yaml
@@ -0,0 +1,162 @@
+#cloud-config
+write_files:
+  - path: /etc/systemd/system/enable-coredns.service
+    owner: "root:root"
+    permissions: "0644"
+    content: |
+      [Unit]
+      Description=Configure Kubernetes CoreDNS Addon
+
+      [Service]
+      Type=oneshot
+      EnvironmentFile=/etc/sysconfig/heat-params
+      ExecStart=/etc/sysconfig/enable-coredns.sh
+
+      [Install]
+      WantedBy=multi-user.target
+
+  - path: /etc/sysconfig/enable-coredns.sh
+    owner: "root:root"
+    permissions: "0755"
+    content: |
+      #!/bin/sh
+
+      TEMPLATE=/etc/kubernetes/addons/coredns-sa.yaml
+      mkdir -p $(dirname ${TEMPLATE})
+      cat > $TEMPLATE <<EOF
+      apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: coredns
+        namespace: kube-system
+        labels:
+          kubernetes.io/cluster-service: "true"
+          addonmanager.kubernetes.io/mode: Reconcile
+      EOF
+
+      TEMPLATE=/etc/kubernetes/addons/coredns-cm.yaml
+      mkdir -p $(dirname ${TEMPLATE})
+      cat > $TEMPLATE <<EOF
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: coredns
+        namespace: kube-system
+        labels:
+          addonmanager.kubernetes.io/mode: EnsureExists
+      data:
+        Corefile: |
+          .:53 {
+              errors
+              log stdout
+              health
+              kubernetes ${DNS_CLUSTER_DOMAIN} {
+                cidrs ${PORTAL_NETWORK_CIDR}
+              }
+              proxy . /etc/resolv.conf
+              cache 30
+          }
+      EOF
+
+      TEMPLATE=/etc/kubernetes/addons/coredns-svc.yaml
+      mkdir -p $(dirname ${TEMPLATE})
+      cat > $TEMPLATE <<EOF
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: kube-dns
+        namespace: kube-system
+        labels:
+          k8s-app: coredns
+          kubernetes.io/cluster-service: "true"
+          addonmanager.kubernetes.io/mode: Reconcile
+          kubernetes.io/name: "CoreDNS"
+      spec:
+        selector:
+          k8s-app: coredns
+        clusterIP: ${DNS_SERVICE_IP}
+        ports:
+        - name: dns
+          port: 53
+          protocol: UDP
+        - name: dns-tcp
+          port: 53
+          protocol: TCP
+        - name: metrics
+          port: 9153
+          protocol: TCP
+      EOF
+
+      TEMPLATE=/etc/kubernetes/addons/coredns-de.yaml
+      mkdir -p $(dirname ${TEMPLATE})
+      cat > $TEMPLATE <<EOF
+      apiVersion: extensions/v1beta1
+      kind: Deployment
+      metadata:
+        name: coredns
+        namespace: kube-system
+        labels:
+          k8s-app: coredns
+          kubernetes.io/cluster-service: "true"
+          kubernetes.io/name: "CoreDNS"
+      spec:
+        replicas: 1
+        selector:
+          matchLabels:
+            k8s-app: coredns
+        template:
+          metadata:
+            labels:
+              k8s-app: coredns
+            annotations:
+              scheduler.alpha.kubernetes.io/critical-pod: ''
+              scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+          spec:
+            serviceAccountName: coredns
+            containers:
+            - name: coredns
+              image: coredns/coredns:007
+              imagePullPolicy: Always
+              args: [ "-conf", "/etc/coredns/Corefile" ]
+              volumeMounts:
+              - name: config-volume
+                mountPath: /etc/coredns
+              ports:
+              - containerPort: 53
+                name: dns
+                protocol: UDP
+              - containerPort: 53
+                name: dns-tcp
+                protocol: TCP
+              - containerPort: 9153
+                name: metrics
+                protocol: TCP
+              livenessProbe:
+                httpGet:
+                  path: /health
+                  port: 8080
+                  scheme: HTTP
+                initialDelaySeconds: 60
+                timeoutSeconds: 5
+                successThreshold: 1
+                failureThreshold: 5
+            dnsPolicy: Default
+            volumes:
+              - name: config-volume
+                configMap:
+                  name: coredns
+                  items:
+                  - key: Corefile
+                    path: Corefile
+      EOF
+
+      echo "Waiting for Kubernetes API..."
+      until curl --silent "http://127.0.0.1:8080/version"
+      do
+          sleep 5
+      done
+
+      curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-sa.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/serviceaccounts" > /dev/null
+      curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-cm.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/configmaps" > /dev/null
+      curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-de.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments" > /dev/null
+      curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" > /dev/null
diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-master.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-master.yaml
index 518fa410b7..b7e05a1f57 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-master.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-master.yaml
@@ -61,9 +61,10 @@ write_files:
         --register-schedulable=false \
         --allow-privileged=true \
         --pod-manifest-path=/etc/kubernetes/manifests \
-        --hostname-override=${KUBE_NODE_IP} \
         --logtostderr=true \
         --v=0 \
+        --cluster_dns=${DNS_SERVICE_IP} \
+        --cluster_domain=${DNS_CLUSTER_DOMAIN} \
         ${INSECURE_REGISTRY_ARGS}
       ExecStop=-/usr/bin/rkt stop --uuid-file=${uuid_file}
       Restart=always
diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-minion.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-minion.yaml
index b09dc9e2e7..4656308824 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-minion.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-minion.yaml
@@ -72,13 +72,14 @@ write_files:
         --register-node=true \
         --allow-privileged=true \
         --pod-manifest-path=/etc/kubernetes/manifests \
-        --hostname-override=${KUBE_NODE_IP} \
         --logtostderr=true \
         --v=0 \
         --cadvisor-port=4194 \
         --kubeconfig=${KUBE_CONFIG} \
         --tls-cert-file=${TLS_CERT_FILE} \
         --tls-private-key-file=${TLS_PRIVATE_KEY_FILE} \
+        --cluster_dns=${DNS_SERVICE_IP} \
+        --cluster_domain=${DNS_CLUSTER_DOMAIN} \
         ${INSECURE_REGISTRY_ARGS}
       Restart=always
       RestartSec=10
diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params-master.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params-master.yaml
index 0c1c109b8a..d738795c0f 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params-master.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params-master.yaml
@@ -46,3 +46,5 @@ write_files:
       ETCD_LB_VIP="$ETCD_LB_VIP"
       KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
       KUBE_DASHBOARD_VERSION="$KUBE_DASHBOARD_VERSION"
+      DNS_SERVICE_IP="$DNS_SERVICE_IP"
+      DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params.yaml
index 4c3f1a4e24..8eb8e02590 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/write-heat-params.yaml
@@ -44,3 +44,5 @@ write_files:
       HOST_CERTS_PATH="$HOST_CERTS_PATH"
       HYPERKUBE_IMAGE_REPO="$HYPERKUBE_IMAGE_REPO"
       CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
+      DNS_SERVICE_IP="$DNS_SERVICE_IP"
+      DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
index 9ba942bd2c..0051e1251b 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
@@ -273,6 +273,18 @@ parameters:
     constraints:
       - allowed_values: ["docker"]
 
+  dns_service_ip:
+    type: string
+    description: >
+      address used by Kubernetes DNS service
+    default: 10.254.0.10
+
+  dns_cluster_domain:
+    type: string
+    description: >
+      domain name for cluster DNS
+    default: "cluster.local"
+
 resources:
 
   ######################################################################
@@ -436,6 +448,8 @@ resources:
           prometheus_monitoring: {get_param: prometheus_monitoring}
           grafana_admin_passwd: {get_param: grafana_admin_passwd}
           etcd_lb_vip: {get_attr: [etcd_lb, address]}
+          dns_service_ip: {get_param: dns_service_ip}
+          dns_cluster_domain: {get_param: dns_cluster_domain}
 
   ######################################################################
   #
@@ -483,6 +497,8 @@ resources:
           insecure_registry_url: {get_param: insecure_registry_url}
           container_runtime: {get_param: container_runtime}
           prometheus_monitoring: {get_param: prometheus_monitoring}
+          dns_service_ip: {get_param: dns_service_ip}
+          dns_cluster_domain: {get_param: dns_cluster_domain}
 
 outputs:
 
diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml
index 98ca88680f..8a8ca6e0f5 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml
@@ -208,6 +208,16 @@ parameters:
       etcd lb vip private used to generate certs on master.
     default: ""
 
+  dns_service_ip:
+    type: string
+    description: >
+      address used by Kubernetes DNS service
+
+  dns_cluster_domain:
+    type: string
+    description: >
+      domain name for cluster DNS
+
 resources:
 
   master_wait_handle:
@@ -289,6 +299,8 @@ resources:
             "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
             "$CONTAINER_RUNTIME": {get_param: container_runtime}
             "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
+            "$DNS_SERVICE_IP": {get_param: dns_service_ip}
+            "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
 
   configure_etcd:
     type: OS::Heat::SoftwareConfig
@@ -374,6 +386,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/configure-docker.yaml}
 
+  enable_coredns:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/enable-coredns.yaml}
+
   kube_master_init:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -395,6 +413,7 @@ resources:
             $enable_kube_controller_manager
             $enable_kube_scheduler
             $enable_kube_dashboard
+            $enable_coredns
             $wc_notify
             coreos:
               units:
@@ -424,6 +443,8 @@ resources:
                   command: "start"
                 - name: "enable-kube-dashboard.service"
                   command: "start"
+                - name: "enable-coredns.service"
+                  command: "start"
                 - name: "wc-notify.service"
                   command: "start"
           params:
@@ -441,6 +462,7 @@ resources:
             "$enable_kube_controller_manager": {get_attr: [enable_kube_controller_manager, config]}
             "$enable_kube_scheduler": {get_attr: [enable_kube_scheduler, config]}
             "$enable_kube_dashboard": {get_attr: [enable_kube_dashboard, config]}
+            "$enable_coredns": {get_attr: [enable_coredns, config]}
             "$wc_notify": {get_attr: [wc_notify, config]}
 
   ######################################################################
diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubeminion.yaml
index 3c25a577f0..51296f15f2 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/kubeminion.yaml
@@ -138,6 +138,16 @@ parameters:
     description: >
       whether or not to have the node-exporter running on the node
 
+  dns_service_ip:
+    type: string
+    description: >
+      address used by Kubernetes DNS service
+
+  dns_cluster_domain:
+    type: string
+    description: >
+      domain name for cluster DNS
+
 resources:
 
   minion_wait_handle:
@@ -193,6 +203,8 @@ resources:
                   hyperkube_image: { get_param: hyperkube_image }
             "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
             "$CONTAINER_RUNTIME": {get_param: container_runtime}
+            "$DNS_SERVICE_IP": {get_param: dns_service_ip}
+            "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
 
   write_kubeconfig:
     type: OS::Heat::SoftwareConfig