diff --git a/doc/source/user/index.rst b/doc/source/user/index.rst index 99cd9a9528..33fb905252 100644 --- a/doc/source/user/index.rst +++ b/doc/source/user/index.rst @@ -326,6 +326,8 @@ the table are linked to more details elsewhere in the user guide. +---------------------------------------+--------------------+---------------+ | `etcd_tag`_ | see below | see below | +---------------------------------------+--------------------+---------------+ +| `coredns_tag`_ | see below | see below | ++---------------------------------------+--------------------+---------------+ | `flannel_tag`_ | see below | see below | +---------------------------------------+--------------------+---------------+ | `flannel_cni_tag`_ | see below | see below | @@ -1119,7 +1121,7 @@ _`container_infra_prefix` Images that must be mirrored: - * docker.io/coredns/coredns:1.3.0 + * docker.io/coredns/coredns:1.3.1 * docker.io/openstackmagnum/etcd * docker.io/openstackmagnum/flannel * docker.io/openstackmagnum/kubernetes-apiserver @@ -1172,6 +1174,13 @@ _`etcd_tag` If unset, the current Magnum version's a default etcd version. For queens, v3.2.7 +_`coredns_tag` + This label allows users to select `a specific coredns version, + based on its container tag + `_. + If unset, the current Magnum version's a default etcd version. + For stein, 1.3.1 + _`flannel_tag` This label allows users to select `a specific flannel version, based on its container tag: diff --git a/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh index 029ad0fa26..0f12d77f57 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh @@ -19,7 +19,7 @@ metadata: name: coredns namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -36,8 +36,14 @@ rules: verbs: - list - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: @@ -66,45 +72,65 @@ data: log stdout health kubernetes ${DNS_CLUSTER_DOMAIN} ${PORTAL_NETWORK_CIDR} ${PODS_NETWORK_CIDR} { - pods verified + pods verified + upstream + fallthrough in-addr.arpa ip6.arpa } prometheus :9153 - proxy . /etc/resolv.conf + forward . /etc/resolv.conf cache 30 + loop + reload + loadbalance } + --- -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: coredns namespace: kube-system labels: - k8s-app: coredns + k8s-app: kube-dns kubernetes.io/name: "CoreDNS" spec: - replicas: 1 + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 selector: matchLabels: - k8s-app: coredns + k8s-app: kube-dns template: metadata: labels: - k8s-app: coredns + k8s-app: kube-dns spec: + priorityClassName: system-cluster-critical serviceAccountName: coredns tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" + nodeSelector: + beta.kubernetes.io/os: linux containers: - name: coredns - image: ${_dns_prefix}coredns:1.3.0 + image: ${_dns_prefix}coredns:${COREDNS_TAG} imagePullPolicy: IfNotPresent + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns + readOnly: true + - name: tmp + mountPath: /tmp ports: - containerPort: 53 name: dns @@ -115,6 +141,14 @@ spec: - containerPort: 9153 name: metrics protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + readOnlyRootFilesystem: true livenessProbe: httpGet: path: /health @@ -124,8 +158,15 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 + readinessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP dnsPolicy: Default volumes: + - name: tmp + emptyDir: {} - name: config-volume configMap: name: coredns @@ -138,13 +179,16 @@ kind: Service metadata: name: kube-dns namespace: kube-system + annotations: + prometheus.io/port: "9153" + prometheus.io/scrape: "true" labels: - k8s-app: coredns + k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" spec: selector: - k8s-app: coredns + k8s-app: kube-dns clusterIP: ${DNS_SERVICE_IP} ports: - name: dns diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml index a17ebb4270..23a4a076c5 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml +++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml @@ -47,6 +47,7 @@ write_files: CLOUD_PROVIDER_TAG="$CLOUD_PROVIDER_TAG" CLOUD_PROVIDER_ENABLED="$CLOUD_PROVIDER_ENABLED" ETCD_TAG="$ETCD_TAG" + COREDNS_TAG="$COREDNS_TAG" FLANNEL_TAG="$FLANNEL_TAG" FLANNEL_CNI_TAG="$FLANNEL_CNI_TAG" KUBE_VERSION="$KUBE_VERSION" diff --git a/magnum/drivers/heat/k8s_coreos_template_def.py b/magnum/drivers/heat/k8s_coreos_template_def.py index 7aa3ebd42e..c965b76205 100644 --- a/magnum/drivers/heat/k8s_coreos_template_def.py +++ b/magnum/drivers/heat/k8s_coreos_template_def.py @@ -126,7 +126,8 @@ class CoreOSK8sTemplateDefinition(k8s_template_def.K8sTemplateDefinition): extra_params["pods_network_cidr"] = \ cluster.labels.get('calico_ipv4pool', '192.168.0.0/16') - label_list = ['kube_tag', 'container_infra_prefix', + label_list = ['coredns_tag', + 'kube_tag', 'container_infra_prefix', 'availability_zone', 'calico_tag', 'calico_cni_tag', 'calico_kube_controllers_tag', 'calico_ipv4pool', diff --git a/magnum/drivers/heat/k8s_fedora_template_def.py b/magnum/drivers/heat/k8s_fedora_template_def.py index 94c7a99aa2..477892aea3 100644 --- a/magnum/drivers/heat/k8s_fedora_template_def.py +++ b/magnum/drivers/heat/k8s_fedora_template_def.py @@ -115,8 +115,10 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition): '"cinder" volume driver needs "cloud_provider_enabled" label ' 'to be true or unset.')) - label_list = ['kube_tag', 'container_infra_prefix', - 'availability_zone', 'cgroup_driver', + label_list = ['coredns_tag', + 'kube_tag', 'container_infra_prefix', + 'availability_zone', + 'cgroup_driver', 'calico_tag', 'calico_cni_tag', 'calico_kube_controllers_tag', 'calico_ipv4pool', 'etcd_tag', 'flannel_tag', 'flannel_cni_tag', diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml index 3015344371..bf1f69cacf 100644 --- a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml @@ -330,6 +330,11 @@ parameters: description: tag of the etcd system container default: v3.2.7 + coredns_tag: + type: string + description: tag for coredns + default: 1.3.1 + flannel_tag: type: string description: tag of the flannel system containers @@ -681,6 +686,7 @@ resources: kube_tag: {get_param: kube_tag} kube_version: {get_param: kube_version} etcd_tag: {get_param: etcd_tag} + coredns_tag: {get_param: coredns_tag} kube_dashboard_version: {get_param: kube_dashboard_version} trustee_user_id: {get_param: trustee_user_id} trustee_password: {get_param: trustee_password} diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml index cc7dba024e..f601298153 100644 --- a/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml @@ -219,6 +219,10 @@ parameters: type: string description: tag of the etcd system container + coredns_tag: + type: string + description: tag for coredns + kube_version: type: string description: version of kubernetes used for kubernetes cluster diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index 14a75db826..f65d1c19cc 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -351,6 +351,11 @@ parameters: description: tag of the etcd system container default: v3.2.7 + coredns_tag: + type: string + description: tag for coredns + default: 1.3.1 + flannel_tag: type: string description: tag of the flannel container @@ -850,6 +855,7 @@ resources: cloud_provider_enabled: {get_param: cloud_provider_enabled} kube_version: {get_param: kube_version} etcd_tag: {get_param: etcd_tag} + coredns_tag: {get_param: coredns_tag} flannel_tag: {get_param: flannel_tag} flannel_cni_tag: {get_param: flannel_cni_tag} kube_dashboard_version: {get_param: kube_dashboard_version} diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml index a420f3e00a..e1d61dccbf 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml @@ -239,6 +239,10 @@ parameters: type: string description: tag of the etcd system container + coredns_tag: + type: string + description: tag of the coredns container + flannel_tag: type: string description: tag of the flannel system containers @@ -551,6 +555,7 @@ resources: "$CLOUD_PROVIDER_TAG": {get_param: cloud_provider_tag} "$CLOUD_PROVIDER_ENABLED": {get_param: cloud_provider_enabled} "$ETCD_TAG": {get_param: etcd_tag} + "$COREDNS_TAG": {get_param: coredns_tag} "$FLANNEL_TAG": {get_param: flannel_tag} "$FLANNEL_CNI_TAG": {get_param: flannel_cni_tag} "$KUBE_VERSION": {get_param: kube_version} diff --git a/magnum/tests/unit/drivers/test_template_definition.py b/magnum/tests/unit/drivers/test_template_definition.py index d1731f4860..9a53d80d52 100644 --- a/magnum/tests/unit/drivers/test_template_definition.py +++ b/magnum/tests/unit/drivers/test_template_definition.py @@ -452,6 +452,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'etcd_volume_size') kube_tag = mock_cluster.labels.get('kube_tag') etcd_tag = mock_cluster.labels.get('etcd_tag') + coredns_tag = mock_cluster.labels.get('coredns_tag') flannel_tag = mock_cluster.labels.get('flannel_tag') flannel_cni_tag = mock_cluster.labels.get('flannel_cni_tag') container_infra_prefix = mock_cluster.labels.get( @@ -559,6 +560,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'region_name': mock_osc.cinder_region_name.return_value, 'kube_tag': kube_tag, 'etcd_tag': etcd_tag, + 'coredns_tag': coredns_tag, 'flannel_tag': flannel_tag, 'flannel_cni_tag': flannel_cni_tag, 'container_infra_prefix': container_infra_prefix, @@ -845,6 +847,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'etcd_volume_size') kube_tag = mock_cluster.labels.get('kube_tag') etcd_tag = mock_cluster.labels.get('etcd_tag') + coredns_tag = mock_cluster.labels.get('coredns_tag') flannel_tag = mock_cluster.labels.get('flannel_tag') flannel_cni_tag = mock_cluster.labels.get('flannel_cni_tag') container_infra_prefix = mock_cluster.labels.get( @@ -954,6 +957,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'kubernetes_port': 8080, 'kube_tag': kube_tag, 'etcd_tag': etcd_tag, + 'coredns_tag': coredns_tag, 'flannel_tag': flannel_tag, 'flannel_cni_tag': flannel_cni_tag, 'container_infra_prefix': container_infra_prefix, diff --git a/releasenotes/notes/coredns-update-9b03da4b89be18ad.yaml b/releasenotes/notes/coredns-update-9b03da4b89be18ad.yaml new file mode 100644 index 0000000000..0f41a6f40a --- /dev/null +++ b/releasenotes/notes/coredns-update-9b03da4b89be18ad.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add coredns_tag label to control the tag of the coredns container in + k8s_fedora_atomic. Taken from https://hub.docker.com/r/coredns/coredns/tags/ + Since stein default to 1.3.1