Add CoreDNS deployment in kubernetes atomic
Enable internal cluster DNS by deploying CoreDNS in the kube-system namespace. It covers dns queries for both the cluster and external, acting as a proxy with a cache layer in front. Version of CoreDNS hard-coded to 007, image taken from dockerhub. Related-Bug: #1692449 Change-Id: I0a9703b531fe872416dcd79fa7d4d27c1ea61586
This commit is contained in:
parent
4759a570bd
commit
7c35c8fe40
|
@ -58,6 +58,7 @@ sed -i '
|
||||||
|
|
||||||
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
|
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
|
||||||
KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}"
|
KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}"
|
||||||
|
KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
# For using default log-driver, other options should be ignored
|
# For using default log-driver, other options should be ignored
|
||||||
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
|
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
|
||||||
|
|
|
@ -49,6 +49,7 @@ sed -i '
|
||||||
# Using any other name will break the load balancer and cinder volume features.
|
# Using any other name will break the load balancer and cinder volume features.
|
||||||
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
|
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
|
||||||
KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
|
KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
|
||||||
|
KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
if [ -n "$TRUST_ID" ]; then
|
if [ -n "$TRUST_ID" ]; then
|
||||||
KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"
|
KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"
|
||||||
|
|
|
@ -0,0 +1,112 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
. /etc/sysconfig/heat-params
|
||||||
|
|
||||||
|
CORE_DNS=/etc/kubernetes/manifests/kube-coredns.yaml
|
||||||
|
[ -f ${CORE_DNS} ] || {
|
||||||
|
echo "Writing File: $CORE_DNS"
|
||||||
|
mkdir -p $(dirname ${CORE_DNS})
|
||||||
|
cat << EOF > ${CORE_DNS}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
namespace: kube-system
|
||||||
|
data:
|
||||||
|
Corefile: |
|
||||||
|
.:53 {
|
||||||
|
errors
|
||||||
|
log stdout
|
||||||
|
health
|
||||||
|
kubernetes ${DNS_CLUSTER_DOMAIN} {
|
||||||
|
cidrs ${PORTAL_NETWORK_CIDR}
|
||||||
|
}
|
||||||
|
proxy . /etc/resolv.conf
|
||||||
|
cache 30
|
||||||
|
}
|
||||||
|
---
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
k8s-app: coredns
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
kubernetes.io/name: "CoreDNS"
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: coredns
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: coredns
|
||||||
|
annotations:
|
||||||
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: coredns
|
||||||
|
image: coredns/coredns:007
|
||||||
|
imagePullPolicy: Always
|
||||||
|
args: [ "-conf", "/etc/coredns/Corefile" ]
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /etc/coredns
|
||||||
|
ports:
|
||||||
|
- containerPort: 53
|
||||||
|
name: dns
|
||||||
|
protocol: UDP
|
||||||
|
- containerPort: 53
|
||||||
|
name: dns-tcp
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /health
|
||||||
|
port: 8080
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 5
|
||||||
|
dnsPolicy: Default
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
configMap:
|
||||||
|
name: coredns
|
||||||
|
items:
|
||||||
|
- key: Corefile
|
||||||
|
path: Corefile
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: kube-dns
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
k8s-app: coredns
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
kubernetes.io/name: "CoreDNS"
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
k8s-app: coredns
|
||||||
|
clusterIP: ${DNS_SERVICE_IP}
|
||||||
|
ports:
|
||||||
|
- name: dns
|
||||||
|
port: 53
|
||||||
|
protocol: UDP
|
||||||
|
- name: dns-tcp
|
||||||
|
port: 53
|
||||||
|
protocol: TCP
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Waiting for Kubernetes API..."
|
||||||
|
until curl --silent "http://127.0.0.1:8080/version"
|
||||||
|
do
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
|
||||||
|
kubectl create --validate=false -f $CORE_DNS
|
|
@ -46,3 +46,5 @@ write_files:
|
||||||
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
||||||
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
||||||
ETCD_LB_VIP="$ETCD_LB_VIP"
|
ETCD_LB_VIP="$ETCD_LB_VIP"
|
||||||
|
DNS_SERVICE_IP="$DNS_SERVICE_IP"
|
||||||
|
DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
|
||||||
|
|
|
@ -41,3 +41,5 @@ write_files:
|
||||||
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
||||||
TRUST_ID="$TRUST_ID"
|
TRUST_ID="$TRUST_ID"
|
||||||
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
||||||
|
DNS_SERVICE_IP="$DNS_SERVICE_IP"
|
||||||
|
DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
|
||||||
|
|
|
@ -316,6 +316,18 @@ parameters:
|
||||||
description: insecure registry url
|
description: insecure registry url
|
||||||
default: ""
|
default: ""
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
default: 10.254.0.10
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
default: "cluster.local"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -486,6 +498,8 @@ resources:
|
||||||
auth_url: {get_param: auth_url}
|
auth_url: {get_param: auth_url}
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
dns_service_ip: {get_param: dns_service_ip}
|
||||||
|
dns_cluster_domain: {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
@ -546,6 +560,8 @@ resources:
|
||||||
trust_id: {get_param: trust_id}
|
trust_id: {get_param: trust_id}
|
||||||
auth_url: {get_param: auth_url}
|
auth_url: {get_param: auth_url}
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
|
dns_service_ip: {get_param: dns_service_ip}
|
||||||
|
dns_cluster_domain: {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
|
|
||||||
|
|
|
@ -227,6 +227,16 @@ parameters:
|
||||||
etcd lb vip private used to generate certs on master.
|
etcd lb vip private used to generate certs on master.
|
||||||
default: ""
|
default: ""
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
master_wait_handle:
|
master_wait_handle:
|
||||||
|
@ -307,6 +317,8 @@ resources:
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
"$DNS_SERVICE_IP": {get_param: dns_service_ip}
|
||||||
|
"$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
make_cert:
|
make_cert:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
@ -423,6 +435,12 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
|
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
|
||||||
|
|
||||||
|
core_dns_service:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
|
||||||
|
|
||||||
master_wc_notify:
|
master_wc_notify:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
properties:
|
properties:
|
||||||
|
@ -461,6 +479,7 @@ resources:
|
||||||
- config: {get_resource: network_config_service}
|
- config: {get_resource: network_config_service}
|
||||||
- config: {get_resource: network_service}
|
- config: {get_resource: network_service}
|
||||||
- config: {get_resource: kube_system_namespace_service}
|
- config: {get_resource: kube_system_namespace_service}
|
||||||
|
- config: {get_resource: core_dns_service}
|
||||||
- config: {get_resource: enable_kube_controller_manager_scheduler}
|
- config: {get_resource: enable_kube_controller_manager_scheduler}
|
||||||
- config: {get_resource: enable_kube_proxy}
|
- config: {get_resource: enable_kube_proxy}
|
||||||
- config: {get_resource: kube_ui_service}
|
- config: {get_resource: kube_ui_service}
|
||||||
|
|
|
@ -199,6 +199,16 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: insecure registry url
|
description: insecure registry url
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
minion_wait_handle:
|
minion_wait_handle:
|
||||||
|
@ -260,6 +270,8 @@ resources:
|
||||||
$TRUST_ID: {get_param: trust_id}
|
$TRUST_ID: {get_param: trust_id}
|
||||||
$AUTH_URL: {get_param: auth_url}
|
$AUTH_URL: {get_param: auth_url}
|
||||||
$INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
|
$INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
|
||||||
|
$DNS_SERVICE_IP: {get_param: dns_service_ip}
|
||||||
|
$DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
|
||||||
|
|
||||||
write_kubeconfig:
|
write_kubeconfig:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
|
Loading…
Reference in New Issue