Browse Source

Add CoreDNS deployment in kubernetes atomic

Enable internal cluster DNS by deploying CoreDNS in the kube-system
namespace. It covers dns queries for both the cluster and external,
acting as a proxy with a cache layer in front.

Version of CoreDNS hard-coded to 007, image taken from dockerhub.

Related-Bug: #1692449

Change-Id: I0a9703b531fe872416dcd79fa7d4d27c1ea61586
(cherry picked from commit 7c35c8fe40)
tags/4.1.4
Ricardo Rocha 2 years ago
parent
commit
a3b424ffdd

+ 1
- 0
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh View File

@@ -58,6 +58,7 @@ sed -i '
58 58
 
59 59
 HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
60 60
 KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}"
61
+KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
61 62
 
62 63
 if [ -n "${INSECURE_REGISTRY_URL}" ]; then
63 64
     KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:0.8.0"

+ 1
- 0
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh View File

@@ -49,6 +49,7 @@ sed -i '
49 49
 # Using any other name will break the load balancer and cinder volume features.
50 50
 HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
51 51
 KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
52
+KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
52 53
 
53 54
 if [ -n "$TRUST_ID" ]; then
54 55
     KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"

+ 112
- 0
magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh View File

@@ -0,0 +1,112 @@
1
+#!/bin/sh
2
+
3
+. /etc/sysconfig/heat-params
4
+
5
+CORE_DNS=/etc/kubernetes/manifests/kube-coredns.yaml
6
+[ -f ${CORE_DNS} ] || {
7
+    echo "Writing File: $CORE_DNS"
8
+    mkdir -p $(dirname ${CORE_DNS})
9
+    cat << EOF > ${CORE_DNS}
10
+apiVersion: v1
11
+kind: ConfigMap
12
+metadata:
13
+  name: coredns
14
+  namespace: kube-system
15
+data:
16
+  Corefile: |
17
+    .:53 {
18
+        errors
19
+        log stdout
20
+        health
21
+        kubernetes ${DNS_CLUSTER_DOMAIN} {
22
+          cidrs ${PORTAL_NETWORK_CIDR}
23
+        }
24
+        proxy . /etc/resolv.conf
25
+        cache 30
26
+    }
27
+---
28
+apiVersion: extensions/v1beta1
29
+kind: Deployment
30
+metadata:
31
+  name: coredns
32
+  namespace: kube-system
33
+  labels:
34
+    k8s-app: coredns
35
+    kubernetes.io/cluster-service: "true"
36
+    kubernetes.io/name: "CoreDNS"
37
+spec:
38
+  replicas: 1
39
+  selector:
40
+    matchLabels:
41
+      k8s-app: coredns
42
+  template:
43
+    metadata:
44
+      labels:
45
+        k8s-app: coredns
46
+      annotations:
47
+        scheduler.alpha.kubernetes.io/critical-pod: ''
48
+        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
49
+    spec:
50
+      containers:
51
+      - name: coredns
52
+        image: coredns/coredns:007
53
+        imagePullPolicy: Always
54
+        args: [ "-conf", "/etc/coredns/Corefile" ]
55
+        volumeMounts:
56
+        - name: config-volume
57
+          mountPath: /etc/coredns
58
+        ports:
59
+        - containerPort: 53
60
+          name: dns
61
+          protocol: UDP
62
+        - containerPort: 53
63
+          name: dns-tcp
64
+          protocol: TCP
65
+        livenessProbe:
66
+          httpGet:
67
+            path: /health
68
+            port: 8080
69
+            scheme: HTTP
70
+          initialDelaySeconds: 60
71
+          timeoutSeconds: 5
72
+          successThreshold: 1
73
+          failureThreshold: 5
74
+      dnsPolicy: Default
75
+      volumes:
76
+        - name: config-volume
77
+          configMap:
78
+            name: coredns
79
+            items:
80
+            - key: Corefile
81
+              path: Corefile
82
+---
83
+apiVersion: v1
84
+kind: Service
85
+metadata:
86
+  name: kube-dns
87
+  namespace: kube-system
88
+  labels:
89
+    k8s-app: coredns
90
+    kubernetes.io/cluster-service: "true"
91
+    kubernetes.io/name: "CoreDNS"
92
+spec:
93
+  selector:
94
+    k8s-app: coredns
95
+  clusterIP: ${DNS_SERVICE_IP}
96
+  ports:
97
+  - name: dns
98
+    port: 53
99
+    protocol: UDP
100
+  - name: dns-tcp
101
+    port: 53
102
+    protocol: TCP
103
+EOF
104
+}
105
+
106
+echo "Waiting for Kubernetes API..."
107
+until curl --silent "http://127.0.0.1:8080/version"
108
+do
109
+    sleep 5
110
+done
111
+
112
+kubectl create --validate=false -f $CORE_DNS

+ 2
- 0
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml View File

@@ -43,3 +43,5 @@ write_files:
43 43
       SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
44 44
       SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
45 45
       ETCD_LB_VIP="$ETCD_LB_VIP"
46
+      DNS_SERVICE_IP="$DNS_SERVICE_IP"
47
+      DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"

+ 2
- 0
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml View File

@@ -40,3 +40,5 @@ write_files:
40 40
       TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
41 41
       TRUST_ID="$TRUST_ID"
42 42
       INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
43
+      DNS_SERVICE_IP="$DNS_SERVICE_IP"
44
+      DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"

+ 16
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml View File

@@ -293,6 +293,18 @@ parameters:
293 293
     description: insecure registry url
294 294
     default: ""
295 295
 
296
+  dns_service_ip:
297
+    type: string
298
+    description: >
299
+      address used by Kubernetes DNS service
300
+    default: 10.254.0.10
301
+
302
+  dns_cluster_domain:
303
+    type: string
304
+    description: >
305
+      domain name for cluster DNS
306
+    default: "cluster.local"
307
+
296 308
 resources:
297 309
 
298 310
   ######################################################################
@@ -459,6 +471,8 @@ resources:
459 471
           auth_url: {get_param: auth_url}
460 472
           insecure_registry_url: {get_param: insecure_registry_url}
461 473
           etcd_lb_vip: {get_attr: [etcd_lb, address]}
474
+          dns_service_ip: {get_param: dns_service_ip}
475
+          dns_cluster_domain: {get_param: dns_cluster_domain}
462 476
 
463 477
   ######################################################################
464 478
   #
@@ -518,6 +532,8 @@ resources:
518 532
           trust_id: {get_param: trust_id}
519 533
           auth_url: {get_param: auth_url}
520 534
           insecure_registry_url: {get_param: insecure_registry_url}
535
+          dns_service_ip: {get_param: dns_service_ip}
536
+          dns_cluster_domain: {get_param: dns_cluster_domain}
521 537
 
522 538
 outputs:
523 539
 

+ 19
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml View File

@@ -208,6 +208,16 @@ parameters:
208 208
       etcd lb vip private used to generate certs on master.
209 209
     default: ""
210 210
 
211
+  dns_service_ip:
212
+    type: string
213
+    description: >
214
+      address used by Kubernetes DNS service
215
+
216
+  dns_cluster_domain:
217
+    type: string
218
+    description: >
219
+      domain name for cluster DNS
220
+
211 221
 resources:
212 222
 
213 223
   master_wait_handle:
@@ -285,6 +295,8 @@ resources:
285 295
             "$TRUST_ID": {get_param: trust_id}
286 296
             "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
287 297
             "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
298
+            "$DNS_SERVICE_IP": {get_param: dns_service_ip}
299
+            "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
288 300
 
289 301
   make_cert:
290 302
     type: OS::Heat::SoftwareConfig
@@ -374,6 +386,12 @@ resources:
374 386
       group: ungrouped
375 387
       config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
376 388
 
389
+  core_dns_service:
390
+    type: OS::Heat::SoftwareConfig
391
+    properties:
392
+      group: ungrouped
393
+      config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
394
+
377 395
   master_wc_notify:
378 396
     type: OS::Heat::SoftwareConfig
379 397
     properties:
@@ -409,6 +427,7 @@ resources:
409 427
         - config: {get_resource: network_config_service}
410 428
         - config: {get_resource: network_service}
411 429
         - config: {get_resource: kube_system_namespace_service}
430
+        - config: {get_resource: core_dns_service}
412 431
         - config: {get_resource: enable_kube_controller_manager_scheduler}
413 432
         - config: {get_resource: enable_kube_proxy}
414 433
         - config: {get_resource: kube_ui_service}

+ 12
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml View File

@@ -194,6 +194,16 @@ parameters:
194 194
     type: string
195 195
     description: insecure registry url
196 196
 
197
+  dns_service_ip:
198
+    type: string
199
+    description: >
200
+      address used by Kubernetes DNS service
201
+
202
+  dns_cluster_domain:
203
+    type: string
204
+    description: >
205
+      domain name for cluster DNS
206
+
197 207
 resources:
198 208
 
199 209
   minion_wait_handle:
@@ -254,6 +264,8 @@ resources:
254 264
             $TRUST_ID: {get_param: trust_id}
255 265
             $AUTH_URL: {get_param: auth_url}
256 266
             $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
267
+            $DNS_SERVICE_IP: {get_param: dns_service_ip}
268
+            $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
257 269
 
258 270
   write_kubeconfig:
259 271
     type: OS::Heat::SoftwareConfig

Loading…
Cancel
Save