[k8s_coreos] enable CoreDNS addon
Enable option to specify a custom cluster domain name. Enable Kubelet integration with DNS. Change-Id: I76f837c950ab9111d5a43fa522829d5034cd5ee8
This commit is contained in:
parent
c14f7d7c56
commit
1260590b4e
|
@ -0,0 +1,162 @@
|
||||||
|
#cloud-config
|
||||||
|
write_files:
|
||||||
|
- path: /etc/systemd/system/enable-coredns.service
|
||||||
|
owner: "root:root"
|
||||||
|
permissions: "0644"
|
||||||
|
content: |
|
||||||
|
[Unit]
|
||||||
|
Description=Configure Kubernetes CoreDNS Addon
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
EnvironmentFile=/etc/sysconfig/heat-params
|
||||||
|
ExecStart=/etc/sysconfig/enable-coredns.sh
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
- path: /etc/sysconfig/enable-coredns.sh
|
||||||
|
owner: "root:root"
|
||||||
|
permissions: "0755"
|
||||||
|
content: |
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
TEMPLATE=/etc/kubernetes/addons/coredns-sa.yaml
|
||||||
|
mkdir -p $(dirname ${TEMPLATE})
|
||||||
|
cat > $TEMPLATE <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
addonmanager.kubernetes.io/mode: Reconcile
|
||||||
|
EOF
|
||||||
|
|
||||||
|
TEMPLATE=/etc/kubernetes/addons/coredns-cm.yaml
|
||||||
|
mkdir -p $(dirname ${TEMPLATE})
|
||||||
|
cat > $TEMPLATE <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
addonmanager.kubernetes.io/mode: EnsureExists
|
||||||
|
data:
|
||||||
|
Corefile: |
|
||||||
|
.:53 {
|
||||||
|
errors
|
||||||
|
log stdout
|
||||||
|
health
|
||||||
|
kubernetes ${DNS_CLUSTER_DOMAIN} {
|
||||||
|
cidrs ${PORTAL_NETWORK_CIDR}
|
||||||
|
}
|
||||||
|
proxy . /etc/resolv.conf
|
||||||
|
cache 30
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
TEMPLATE=/etc/kubernetes/addons/coredns-svc.yaml
|
||||||
|
mkdir -p $(dirname ${TEMPLATE})
|
||||||
|
cat > $TEMPLATE <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: kube-dns
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
k8s-app: coredns
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
addonmanager.kubernetes.io/mode: Reconcile
|
||||||
|
kubernetes.io/name: "CoreDNS"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
k8s-app: coredns
|
||||||
|
clusterIP: ${DNS_SERVICE_IP}
|
||||||
|
ports:
|
||||||
|
- name: dns
|
||||||
|
port: 53
|
||||||
|
protocol: UDP
|
||||||
|
- name: dns-tcp
|
||||||
|
port: 53
|
||||||
|
protocol: TCP
|
||||||
|
- name: metrics
|
||||||
|
port: 9153
|
||||||
|
protocol: TCP
|
||||||
|
EOF
|
||||||
|
|
||||||
|
TEMPLATE=/etc/kubernetes/addons/coredns-de.yaml
|
||||||
|
mkdir -p $(dirname ${TEMPLATE})
|
||||||
|
cat > $TEMPLATE <<EOF
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
k8s-app: coredns
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
kubernetes.io/name: "CoreDNS"
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: coredns
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: coredns
|
||||||
|
annotations:
|
||||||
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
|
||||||
|
spec:
|
||||||
|
serviceAccountName: coredns
|
||||||
|
containers:
|
||||||
|
- name: coredns
|
||||||
|
image: coredns/coredns:007
|
||||||
|
imagePullPolicy: Always
|
||||||
|
args: [ "-conf", "/etc/coredns/Corefile" ]
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /etc/coredns
|
||||||
|
ports:
|
||||||
|
- containerPort: 53
|
||||||
|
name: dns
|
||||||
|
protocol: UDP
|
||||||
|
- containerPort: 53
|
||||||
|
name: dns-tcp
|
||||||
|
protocol: TCP
|
||||||
|
- containerPort: 9153
|
||||||
|
name: metrics
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /health
|
||||||
|
port: 8080
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 5
|
||||||
|
dnsPolicy: Default
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
configMap:
|
||||||
|
name: coredns
|
||||||
|
items:
|
||||||
|
- key: Corefile
|
||||||
|
path: Corefile
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Waiting for Kubernetes API..."
|
||||||
|
until curl --silent "http://127.0.0.1:8080/version"
|
||||||
|
do
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
|
||||||
|
curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-sa.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/serviceaccounts" > /dev/null
|
||||||
|
curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-cm.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/configmaps" > /dev/null
|
||||||
|
curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-de.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments" > /dev/null
|
||||||
|
curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /etc/kubernetes/addons/coredns-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" > /dev/null
|
|
@ -61,9 +61,10 @@ write_files:
|
||||||
--register-schedulable=false \
|
--register-schedulable=false \
|
||||||
--allow-privileged=true \
|
--allow-privileged=true \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--pod-manifest-path=/etc/kubernetes/manifests \
|
||||||
--hostname-override=${KUBE_NODE_IP} \
|
|
||||||
--logtostderr=true \
|
--logtostderr=true \
|
||||||
--v=0 \
|
--v=0 \
|
||||||
|
--cluster_dns=${DNS_SERVICE_IP} \
|
||||||
|
--cluster_domain=${DNS_CLUSTER_DOMAIN} \
|
||||||
${INSECURE_REGISTRY_ARGS}
|
${INSECURE_REGISTRY_ARGS}
|
||||||
ExecStop=-/usr/bin/rkt stop --uuid-file=${uuid_file}
|
ExecStop=-/usr/bin/rkt stop --uuid-file=${uuid_file}
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
|
@ -72,13 +72,14 @@ write_files:
|
||||||
--register-node=true \
|
--register-node=true \
|
||||||
--allow-privileged=true \
|
--allow-privileged=true \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--pod-manifest-path=/etc/kubernetes/manifests \
|
||||||
--hostname-override=${KUBE_NODE_IP} \
|
|
||||||
--logtostderr=true \
|
--logtostderr=true \
|
||||||
--v=0 \
|
--v=0 \
|
||||||
--cadvisor-port=4194 \
|
--cadvisor-port=4194 \
|
||||||
--kubeconfig=${KUBE_CONFIG} \
|
--kubeconfig=${KUBE_CONFIG} \
|
||||||
--tls-cert-file=${TLS_CERT_FILE} \
|
--tls-cert-file=${TLS_CERT_FILE} \
|
||||||
--tls-private-key-file=${TLS_PRIVATE_KEY_FILE} \
|
--tls-private-key-file=${TLS_PRIVATE_KEY_FILE} \
|
||||||
|
--cluster_dns=${DNS_SERVICE_IP} \
|
||||||
|
--cluster_domain=${DNS_CLUSTER_DOMAIN} \
|
||||||
${INSECURE_REGISTRY_ARGS}
|
${INSECURE_REGISTRY_ARGS}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=10
|
RestartSec=10
|
||||||
|
|
|
@ -46,3 +46,5 @@ write_files:
|
||||||
ETCD_LB_VIP="$ETCD_LB_VIP"
|
ETCD_LB_VIP="$ETCD_LB_VIP"
|
||||||
KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
|
KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
|
||||||
KUBE_DASHBOARD_VERSION="$KUBE_DASHBOARD_VERSION"
|
KUBE_DASHBOARD_VERSION="$KUBE_DASHBOARD_VERSION"
|
||||||
|
DNS_SERVICE_IP="$DNS_SERVICE_IP"
|
||||||
|
DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
|
||||||
|
|
|
@ -44,3 +44,5 @@ write_files:
|
||||||
HOST_CERTS_PATH="$HOST_CERTS_PATH"
|
HOST_CERTS_PATH="$HOST_CERTS_PATH"
|
||||||
HYPERKUBE_IMAGE_REPO="$HYPERKUBE_IMAGE_REPO"
|
HYPERKUBE_IMAGE_REPO="$HYPERKUBE_IMAGE_REPO"
|
||||||
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
|
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
|
||||||
|
DNS_SERVICE_IP="$DNS_SERVICE_IP"
|
||||||
|
DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
|
||||||
|
|
|
@ -273,6 +273,18 @@ parameters:
|
||||||
constraints:
|
constraints:
|
||||||
- allowed_values: ["docker"]
|
- allowed_values: ["docker"]
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
default: 10.254.0.10
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
default: "cluster.local"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -436,6 +448,8 @@ resources:
|
||||||
prometheus_monitoring: {get_param: prometheus_monitoring}
|
prometheus_monitoring: {get_param: prometheus_monitoring}
|
||||||
grafana_admin_passwd: {get_param: grafana_admin_passwd}
|
grafana_admin_passwd: {get_param: grafana_admin_passwd}
|
||||||
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
dns_service_ip: {get_param: dns_service_ip}
|
||||||
|
dns_cluster_domain: {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
@ -483,6 +497,8 @@ resources:
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
container_runtime: {get_param: container_runtime}
|
container_runtime: {get_param: container_runtime}
|
||||||
prometheus_monitoring: {get_param: prometheus_monitoring}
|
prometheus_monitoring: {get_param: prometheus_monitoring}
|
||||||
|
dns_service_ip: {get_param: dns_service_ip}
|
||||||
|
dns_cluster_domain: {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
|
|
||||||
|
|
|
@ -208,6 +208,16 @@ parameters:
|
||||||
etcd lb vip private used to generate certs on master.
|
etcd lb vip private used to generate certs on master.
|
||||||
default: ""
|
default: ""
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
master_wait_handle:
|
master_wait_handle:
|
||||||
|
@ -289,6 +299,8 @@ resources:
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
||||||
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
"$DNS_SERVICE_IP": {get_param: dns_service_ip}
|
||||||
|
"$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
configure_etcd:
|
configure_etcd:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
@ -374,6 +386,12 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: fragments/configure-docker.yaml}
|
config: {get_file: fragments/configure-docker.yaml}
|
||||||
|
|
||||||
|
enable_coredns:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config: {get_file: fragments/enable-coredns.yaml}
|
||||||
|
|
||||||
kube_master_init:
|
kube_master_init:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
properties:
|
properties:
|
||||||
|
@ -395,6 +413,7 @@ resources:
|
||||||
$enable_kube_controller_manager
|
$enable_kube_controller_manager
|
||||||
$enable_kube_scheduler
|
$enable_kube_scheduler
|
||||||
$enable_kube_dashboard
|
$enable_kube_dashboard
|
||||||
|
$enable_coredns
|
||||||
$wc_notify
|
$wc_notify
|
||||||
coreos:
|
coreos:
|
||||||
units:
|
units:
|
||||||
|
@ -424,6 +443,8 @@ resources:
|
||||||
command: "start"
|
command: "start"
|
||||||
- name: "enable-kube-dashboard.service"
|
- name: "enable-kube-dashboard.service"
|
||||||
command: "start"
|
command: "start"
|
||||||
|
- name: "enable-coredns.service"
|
||||||
|
command: "start"
|
||||||
- name: "wc-notify.service"
|
- name: "wc-notify.service"
|
||||||
command: "start"
|
command: "start"
|
||||||
params:
|
params:
|
||||||
|
@ -441,6 +462,7 @@ resources:
|
||||||
"$enable_kube_controller_manager": {get_attr: [enable_kube_controller_manager, config]}
|
"$enable_kube_controller_manager": {get_attr: [enable_kube_controller_manager, config]}
|
||||||
"$enable_kube_scheduler": {get_attr: [enable_kube_scheduler, config]}
|
"$enable_kube_scheduler": {get_attr: [enable_kube_scheduler, config]}
|
||||||
"$enable_kube_dashboard": {get_attr: [enable_kube_dashboard, config]}
|
"$enable_kube_dashboard": {get_attr: [enable_kube_dashboard, config]}
|
||||||
|
"$enable_coredns": {get_attr: [enable_coredns, config]}
|
||||||
"$wc_notify": {get_attr: [wc_notify, config]}
|
"$wc_notify": {get_attr: [wc_notify, config]}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
|
@ -138,6 +138,16 @@ parameters:
|
||||||
description: >
|
description: >
|
||||||
whether or not to have the node-exporter running on the node
|
whether or not to have the node-exporter running on the node
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
minion_wait_handle:
|
minion_wait_handle:
|
||||||
|
@ -193,6 +203,8 @@ resources:
|
||||||
hyperkube_image: { get_param: hyperkube_image }
|
hyperkube_image: { get_param: hyperkube_image }
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
||||||
|
"$DNS_SERVICE_IP": {get_param: dns_service_ip}
|
||||||
|
"$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
write_kubeconfig:
|
write_kubeconfig:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
|
Loading…
Reference in New Issue