openstack
/
magnum
Code Issues Proposed changes

Add CoreDNS deployment in kubernetes atomic

Browse Source 
Enable internal cluster DNS by deploying CoreDNS in the kube-system
namespace. It covers dns queries for both the cluster and external,
acting as a proxy with a cache layer in front.

Version of CoreDNS hard-coded to 007, image taken from dockerhub.

Related-Bug: #1692449

Change-Id: I0a9703b531fe872416dcd79fa7d4d27c1ea61586
changes/81/462181/11
Ricardo Rocha 6 years ago
parent 4759a570bd
commit 7c35c8fe40
8 changed files with 165 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
Unescape View File

@ -58,6 +58,7 @@ sed -i '
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}"
KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
# For using default log-driver, other options should be ignored
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker

1
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
Unescape View File

@ -49,6 +49,7 @@ sed -i '
# Using any other name will break the load balancer and cinder volume features.
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
if [ -n "$TRUST_ID" ]; then
KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"

112
magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh
Unescape View File

@ -0,0 +1,112 @@
#!/bin/sh
. /etc/sysconfig/heat-params
CORE_DNS=/etc/kubernetes/manifests/kube-coredns.yaml
[ -f ${CORE_DNS} ] || {
echo "Writing File: $CORE_DNS"
mkdir -p $(dirname ${CORE_DNS})
cat << EOF > ${CORE_DNS}
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
log stdout
health
kubernetes ${DNS_CLUSTER_DOMAIN} {
cidrs ${PORTAL_NETWORK_CIDR}
}
proxy . /etc/resolv.conf
cache 30
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
replicas: 1
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
containers:
- name: coredns
image: coredns/coredns:007
imagePullPolicy: Always
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: coredns
clusterIP: ${DNS_SERVICE_IP}
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
EOF
}
echo "Waiting for Kubernetes API..."
until curl --silent "http://127.0.0.1:8080/version"
do
sleep 5
done
kubectl create --validate=false -f $CORE_DNS

2
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
Unescape View File

@ -46,3 +46,5 @@ write_files:
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
ETCD_LB_VIP="$ETCD_LB_VIP"
DNS_SERVICE_IP="$DNS_SERVICE_IP"
DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"

2
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
Unescape View File

@ -41,3 +41,5 @@ write_files:
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
TRUST_ID="$TRUST_ID"
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
DNS_SERVICE_IP="$DNS_SERVICE_IP"
DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"

16
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
Unescape View File

@ -316,6 +316,18 @@ parameters:
description: insecure registry url
default: ""
dns_service_ip:
type: string
description: >
address used by Kubernetes DNS service
default: 10.254.0.10
dns_cluster_domain:
type: string
description: >
domain name for cluster DNS
default: "cluster.local"
resources:
######################################################################
@ -486,6 +498,8 @@ resources:
auth_url: {get_param: auth_url}
insecure_registry_url: {get_param: insecure_registry_url}
etcd_lb_vip: {get_attr: [etcd_lb, address]}
dns_service_ip: {get_param: dns_service_ip}
dns_cluster_domain: {get_param: dns_cluster_domain}
######################################################################
#
@ -546,6 +560,8 @@ resources:
trust_id: {get_param: trust_id}
auth_url: {get_param: auth_url}
insecure_registry_url: {get_param: insecure_registry_url}
dns_service_ip: {get_param: dns_service_ip}
dns_cluster_domain: {get_param: dns_cluster_domain}
outputs:

19
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
Unescape View File

@ -227,6 +227,16 @@ parameters:
etcd lb vip private used to generate certs on master.
default: ""
dns_service_ip:
type: string
description: >
address used by Kubernetes DNS service
dns_cluster_domain:
type: string
description: >
domain name for cluster DNS
resources:
master_wait_handle:
@ -307,6 +317,8 @@ resources:
"$TRUST_ID": {get_param: trust_id}
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
"$DNS_SERVICE_IP": {get_param: dns_service_ip}
"$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
make_cert:
type: OS::Heat::SoftwareConfig
@ -423,6 +435,12 @@ resources:
group: ungrouped
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
core_dns_service:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
master_wc_notify:
type: OS::Heat::SoftwareConfig
properties:
@ -461,6 +479,7 @@ resources:
- config: {get_resource: network_config_service}
- config: {get_resource: network_service}
- config: {get_resource: kube_system_namespace_service}
- config: {get_resource: core_dns_service}
- config: {get_resource: enable_kube_controller_manager_scheduler}
- config: {get_resource: enable_kube_proxy}
- config: {get_resource: kube_ui_service}

12
magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
Unescape View File

@ -199,6 +199,16 @@ parameters:
type: string
description: insecure registry url
dns_service_ip:
type: string
description: >
address used by Kubernetes DNS service
dns_cluster_domain:
type: string
description: >
domain name for cluster DNS
resources:
minion_wait_handle:
@ -260,6 +270,8 @@ resources:
$TRUST_ID: {get_param: trust_id}
$AUTH_URL: {get_param: auth_url}
$INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
$DNS_SERVICE_IP: {get_param: dns_service_ip}
$DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
write_kubeconfig:
type: OS::Heat::SoftwareConfig

Write Preview
Loading…
Cancel
Save