Browse Source

Merge "Add CoreDNS deployment in kubernetes atomic" into stable/ocata

Jenkins 1 year ago
parent
commit
a5aabcb6ab

+ 1
- 0
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh View File

@@ -58,6 +58,7 @@ sed -i '
58 58
 
59 59
 HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
60 60
 KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}"
61
+KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
61 62
 
62 63
 if [ -n "${INSECURE_REGISTRY_URL}" ]; then
63 64
     KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:0.8.0"

+ 1
- 0
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh View File

@@ -49,6 +49,7 @@ sed -i '
49 49
 # Using any other name will break the load balancer and cinder volume features.
50 50
 HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
51 51
 KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
52
+KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
52 53
 
53 54
 if [ -n "$TRUST_ID" ]; then
54 55
     KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"

+ 112
- 0
magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh View File

@@ -0,0 +1,112 @@
1
+#!/bin/sh
2
+
3
+. /etc/sysconfig/heat-params
4
+
5
+CORE_DNS=/etc/kubernetes/manifests/kube-coredns.yaml
6
+[ -f ${CORE_DNS} ] || {
7
+    echo "Writing File: $CORE_DNS"
8
+    mkdir -p $(dirname ${CORE_DNS})
9
+    cat << EOF > ${CORE_DNS}
10
+apiVersion: v1
11
+kind: ConfigMap
12
+metadata:
13
+  name: coredns
14
+  namespace: kube-system
15
+data:
16
+  Corefile: |
17
+    .:53 {
18
+        errors
19
+        log stdout
20
+        health
21
+        kubernetes ${DNS_CLUSTER_DOMAIN} {
22
+          cidrs ${PORTAL_NETWORK_CIDR}
23
+        }
24
+        proxy . /etc/resolv.conf
25
+        cache 30
26
+    }
27
+---
28
+apiVersion: extensions/v1beta1
29
+kind: Deployment
30
+metadata:
31
+  name: coredns
32
+  namespace: kube-system
33
+  labels:
34
+    k8s-app: coredns
35
+    kubernetes.io/cluster-service: "true"
36
+    kubernetes.io/name: "CoreDNS"
37
+spec:
38
+  replicas: 1
39
+  selector:
40
+    matchLabels:
41
+      k8s-app: coredns
42
+  template:
43
+    metadata:
44
+      labels:
45
+        k8s-app: coredns
46
+      annotations:
47
+        scheduler.alpha.kubernetes.io/critical-pod: ''
48
+        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
49
+    spec:
50
+      containers:
51
+      - name: coredns
52
+        image: coredns/coredns:007
53
+        imagePullPolicy: Always
54
+        args: [ "-conf", "/etc/coredns/Corefile" ]
55
+        volumeMounts:
56
+        - name: config-volume
57
+          mountPath: /etc/coredns
58
+        ports:
59
+        - containerPort: 53
60
+          name: dns
61
+          protocol: UDP
62
+        - containerPort: 53
63
+          name: dns-tcp
64
+          protocol: TCP
65
+        livenessProbe:
66
+          httpGet:
67
+            path: /health
68
+            port: 8080
69
+            scheme: HTTP
70
+          initialDelaySeconds: 60
71
+          timeoutSeconds: 5
72
+          successThreshold: 1
73
+          failureThreshold: 5
74
+      dnsPolicy: Default
75
+      volumes:
76
+        - name: config-volume
77
+          configMap:
78
+            name: coredns
79
+            items:
80
+            - key: Corefile
81
+              path: Corefile
82
+---
83
+apiVersion: v1
84
+kind: Service
85
+metadata:
86
+  name: kube-dns
87
+  namespace: kube-system
88
+  labels:
89
+    k8s-app: coredns
90
+    kubernetes.io/cluster-service: "true"
91
+    kubernetes.io/name: "CoreDNS"
92
+spec:
93
+  selector:
94
+    k8s-app: coredns
95
+  clusterIP: ${DNS_SERVICE_IP}
96
+  ports:
97
+  - name: dns
98
+    port: 53
99
+    protocol: UDP
100
+  - name: dns-tcp
101
+    port: 53
102
+    protocol: TCP
103
+EOF
104
+}
105
+
106
+echo "Waiting for Kubernetes API..."
107
+until curl --silent "http://127.0.0.1:8080/version"
108
+do
109
+    sleep 5
110
+done
111
+
112
+kubectl create --validate=false -f $CORE_DNS

+ 2
- 0
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml View File

@@ -45,3 +45,5 @@ write_files:
45 45
       SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
46 46
       SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
47 47
       ETCD_LB_VIP="$ETCD_LB_VIP"
48
+      DNS_SERVICE_IP="$DNS_SERVICE_IP"
49
+      DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"

+ 2
- 0
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml View File

@@ -40,3 +40,5 @@ write_files:
40 40
       TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
41 41
       TRUST_ID="$TRUST_ID"
42 42
       INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
43
+      DNS_SERVICE_IP="$DNS_SERVICE_IP"
44
+      DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"

+ 16
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml View File

@@ -303,6 +303,18 @@ parameters:
303 303
     description: insecure registry url
304 304
     default: ""
305 305
 
306
+  dns_service_ip:
307
+    type: string
308
+    description: >
309
+      address used by Kubernetes DNS service
310
+    default: 10.254.0.10
311
+
312
+  dns_cluster_domain:
313
+    type: string
314
+    description: >
315
+      domain name for cluster DNS
316
+    default: "cluster.local"
317
+
306 318
 resources:
307 319
 
308 320
   ######################################################################
@@ -471,6 +483,8 @@ resources:
471 483
           auth_url: {get_param: auth_url}
472 484
           insecure_registry_url: {get_param: insecure_registry_url}
473 485
           etcd_lb_vip: {get_attr: [etcd_lb, address]}
486
+          dns_service_ip: {get_param: dns_service_ip}
487
+          dns_cluster_domain: {get_param: dns_cluster_domain}
474 488
 
475 489
   ######################################################################
476 490
   #
@@ -530,6 +544,8 @@ resources:
530 544
           trust_id: {get_param: trust_id}
531 545
           auth_url: {get_param: auth_url}
532 546
           insecure_registry_url: {get_param: insecure_registry_url}
547
+          dns_service_ip: {get_param: dns_service_ip}
548
+          dns_cluster_domain: {get_param: dns_cluster_domain}
533 549
 
534 550
 outputs:
535 551
 

+ 19
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml View File

@@ -216,6 +216,16 @@ parameters:
216 216
       etcd lb vip private used to generate certs on master.
217 217
     default: ""
218 218
 
219
+  dns_service_ip:
220
+    type: string
221
+    description: >
222
+      address used by Kubernetes DNS service
223
+
224
+  dns_cluster_domain:
225
+    type: string
226
+    description: >
227
+      domain name for cluster DNS
228
+
219 229
 resources:
220 230
 
221 231
   master_wait_handle:
@@ -295,6 +305,8 @@ resources:
295 305
             "$TRUST_ID": {get_param: trust_id}
296 306
             "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
297 307
             "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
308
+            "$DNS_SERVICE_IP": {get_param: dns_service_ip}
309
+            "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
298 310
 
299 311
   make_cert:
300 312
     type: OS::Heat::SoftwareConfig
@@ -384,6 +396,12 @@ resources:
384 396
       group: ungrouped
385 397
       config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
386 398
 
399
+  core_dns_service:
400
+    type: OS::Heat::SoftwareConfig
401
+    properties:
402
+      group: ungrouped
403
+      config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
404
+
387 405
   master_wc_notify:
388 406
     type: OS::Heat::SoftwareConfig
389 407
     properties:
@@ -419,6 +437,7 @@ resources:
419 437
         - config: {get_resource: network_config_service}
420 438
         - config: {get_resource: network_service}
421 439
         - config: {get_resource: kube_system_namespace_service}
440
+        - config: {get_resource: core_dns_service}
422 441
         - config: {get_resource: enable_kube_controller_manager_scheduler}
423 442
         - config: {get_resource: enable_kube_proxy}
424 443
         - config: {get_resource: kube_ui_service}

+ 12
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml View File

@@ -194,6 +194,16 @@ parameters:
194 194
     type: string
195 195
     description: insecure registry url
196 196
 
197
+  dns_service_ip:
198
+    type: string
199
+    description: >
200
+      address used by Kubernetes DNS service
201
+
202
+  dns_cluster_domain:
203
+    type: string
204
+    description: >
205
+      domain name for cluster DNS
206
+
197 207
 resources:
198 208
 
199 209
   minion_wait_handle:
@@ -254,6 +264,8 @@ resources:
254 264
             $TRUST_ID: {get_param: trust_id}
255 265
             $AUTH_URL: {get_param: auth_url}
256 266
             $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
267
+            $DNS_SERVICE_IP: {get_param: dns_service_ip}
268
+            $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
257 269
 
258 270
   write_kubeconfig:
259 271
     type: OS::Heat::SoftwareConfig

Loading…
Cancel
Save