From 3b5a1c7909cb4c088773bb4ec6d2b140c09cd51a Mon Sep 17 00:00:00 2001 From: Alexander Noskov Date: Wed, 10 Jul 2019 14:13:53 -0500 Subject: [PATCH] Take dnsPolicy from .Values.pod.dns_policy variable Change-Id: Iae7caa5bdefe7749231c031c6003591a6251fa97 --- elastic-metricbeat/templates/daemonset-node-metrics.yaml | 2 +- elastic-metricbeat/values.yaml | 1 + elastic-packetbeat/templates/daemonset.yaml | 2 +- elastic-packetbeat/values.yaml | 1 + fluentbit/templates/daemonset-fluent-bit.yaml | 2 +- fluentbit/values.yaml | 1 + gnocchi/requirements.yaml | 2 +- ingress/templates/deployment-ingress.yaml | 2 +- ingress/templates/service-ingress-metrics-exporter.yaml | 2 +- ingress/values.yaml | 1 + kube-dns/templates/deployment-kube-dns.yaml | 2 +- kube-dns/values.yaml | 1 + libvirt/templates/daemonset-libvirt.yaml | 2 +- libvirt/values.yaml | 1 + openvswitch/templates/daemonset-ovs-db.yaml | 2 +- openvswitch/templates/daemonset-ovs-vswitchd.yaml | 2 +- openvswitch/values.yaml | 1 + registry/templates/daemonset-registry-proxy.yaml | 2 +- registry/values.yaml | 1 + tiller/templates/deployment-tiller.yaml | 2 +- tiller/values.yaml | 1 + tools/deployment/apparmor/050-libvirt.sh | 2 +- tools/deployment/network-policy/050-prometheus.sh | 2 +- 23 files changed, 23 insertions(+), 14 deletions(-) diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml index 481369e91..36c0519f2 100644 --- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml +++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml @@ -91,7 +91,7 @@ spec: configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} spec: hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: {{ .Values.pod.dns_policy }} serviceAccountName: {{ $serviceAccountName }} {{ if $envAll.Values.pod.tolerations.metricbeat.enabled }} {{ tuple $envAll "metricbeat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} diff --git a/elastic-metricbeat/values.yaml b/elastic-metricbeat/values.yaml index 4c8093c64..c391358b1 100644 --- a/elastic-metricbeat/values.yaml +++ b/elastic-metricbeat/values.yaml @@ -221,6 +221,7 @@ pod: enabled: true min_ready_seconds: 0 max_unavailable: 1 + dns_policy: "ClusterFirstWithHostNet" replicas: metricbeat: 1 resources: diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml index 7e09dc2e4..51e8bfc44 100644 --- a/elastic-packetbeat/templates/daemonset.yaml +++ b/elastic-packetbeat/templates/daemonset.yaml @@ -92,7 +92,7 @@ spec: securityContext: runAsUser: 0 hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: {{ .Values.pod.dns_policy }} serviceAccountName: {{ $serviceAccountName }} initContainers: {{ tuple $envAll "packetbeat" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} diff --git a/elastic-packetbeat/values.yaml b/elastic-packetbeat/values.yaml index 3f4b3b6f4..d759c054a 100644 --- a/elastic-packetbeat/values.yaml +++ b/elastic-packetbeat/values.yaml @@ -159,6 +159,7 @@ pod: enabled: true min_ready_seconds: 0 max_unavailable: 1 + dns_policy: "ClusterFirstWithHostNet" replicas: packetbeat: 1 resources: diff --git a/fluentbit/templates/daemonset-fluent-bit.yaml b/fluentbit/templates/daemonset-fluent-bit.yaml index f9c59e371..6259625a0 100644 --- a/fluentbit/templates/daemonset-fluent-bit.yaml +++ b/fluentbit/templates/daemonset-fluent-bit.yaml @@ -105,7 +105,7 @@ spec: {{ end }} hostNetwork: true hostPID: true - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: {{ .Values.pod.dns_policy }} initContainers: {{ tuple $envAll "fluentbit" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: diff --git a/fluentbit/values.yaml b/fluentbit/values.yaml index ac30a603b..5ee671eb8 100644 --- a/fluentbit/values.yaml +++ b/fluentbit/values.yaml @@ -220,6 +220,7 @@ pod: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname + dns_policy: "ClusterFirstWithHostNet" lifecycle: upgrades: daemonsets: diff --git a/gnocchi/requirements.yaml b/gnocchi/requirements.yaml index 4a8b1c610..53782e69b 100644 --- a/gnocchi/requirements.yaml +++ b/gnocchi/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: helm-toolkit repository: http://localhost:8879/charts - version: 0.1.0 \ No newline at end of file + version: 0.1.0 diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index 087a3d421..b1abb55c1 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -191,7 +191,7 @@ spec: {{- if .Values.network.host_namespace }} hostNetwork: true {{- end }} - dnsPolicy: "ClusterFirstWithHostNet" + dnsPolicy: {{ .Values.pod.dns_policy }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "60" }} initContainers: {{ tuple $envAll "ingress" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} diff --git a/ingress/templates/service-ingress-metrics-exporter.yaml b/ingress/templates/service-ingress-metrics-exporter.yaml index 3637e13b9..266bd33f1 100644 --- a/ingress/templates/service-ingress-metrics-exporter.yaml +++ b/ingress/templates/service-ingress-metrics-exporter.yaml @@ -35,4 +35,4 @@ spec: port: {{ .Values.endpoints.ingress_exporter.port.metrics.default }} selector: {{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}{{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index edb76e28f..e5ed84894 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -82,6 +82,7 @@ pod: default: kubernetes.io/hostname weight: default: 10 + dns_policy: "ClusterFirstWithHostNet" replicas: ingress: 1 error_page: 1 diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml index d68cac3bc..21bd632c1 100644 --- a/kube-dns/templates/deployment-kube-dns.yaml +++ b/kube-dns/templates/deployment-kube-dns.yaml @@ -178,7 +178,7 @@ spec: memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File - dnsPolicy: Default + dnsPolicy: {{ .Values.pod.dns_policy }} restartPolicy: Always schedulerName: default-scheduler securityContext: {} diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index 1d35994ff..6ae0f22fe 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -34,6 +34,7 @@ images: - image_repo_sync pod: + dns_policy: "Default" resources: enabled: false jobs: diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index 70c174fc4..4bd82e15b 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -55,7 +55,7 @@ spec: hostNetwork: true hostPID: true hostIPC: true - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: {{ .Values.pod.dns_policy }} initContainers: {{ tuple $envAll "pod_dependency" $mounts_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ dict "envAll" $envAll | include "helm-toolkit.snippets.kubernetes_apparmor_loader_init_container" | indent 8 }} diff --git a/libvirt/values.yaml b/libvirt/values.yaml index 6d2d2a4ac..d7d34da3f 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -111,6 +111,7 @@ pod: default: kubernetes.io/hostname weight: default: 10 + dns_policy: "ClusterFirstWithHostNet" mounts: libvirt: init_container: null diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index 92f9b03cb..527d5b130 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -47,7 +47,7 @@ spec: {{ dict "envAll" $envAll "application" "openvswitch_db_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: {{ .Values.pod.dns_policy }} hostNetwork: true initContainers: {{ tuple $envAll "db" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index a609030a6..b855316b1 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -47,7 +47,7 @@ spec: {{ dict "envAll" $envAll "application" "openvswitch_vswitchd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: {{ .Values.pod.dns_policy }} hostNetwork: true initContainers: {{ tuple $envAll "vswitchd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml index 52ef70bdf..ee0a35eef 100644 --- a/openvswitch/values.yaml +++ b/openvswitch/values.yaml @@ -67,6 +67,7 @@ pod: add: - NET_ADMIN readOnlyRootFilesystem: true + dns_policy: "ClusterFirstWithHostNet" lifecycle: upgrades: daemonsets: diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index 5de02ae1c..6e6417e88 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -45,7 +45,7 @@ spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: {{ .Values.labels.registry.node_selector_key }}: {{ .Values.labels.registry.node_selector_value | quote }} - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: {{ .Values.pod.dns_policy }} hostNetwork: true initContainers: {{ tuple $envAll "registry_proxy" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} diff --git a/registry/values.yaml b/registry/values.yaml index 3f04af0d7..bb5b384b1 100644 --- a/registry/values.yaml +++ b/registry/values.yaml @@ -98,6 +98,7 @@ pod: default: kubernetes.io/hostname weight: default: 10 + dns_policy: "ClusterFirstWithHostNet" replicas: registry: 1 lifecycle: diff --git a/tiller/templates/deployment-tiller.yaml b/tiller/templates/deployment-tiller.yaml index fedf65115..435e9cec2 100644 --- a/tiller/templates/deployment-tiller.yaml +++ b/tiller/templates/deployment-tiller.yaml @@ -104,7 +104,7 @@ spec: resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File - dnsPolicy: ClusterFirst + dnsPolicy: {{ .Values.pod.dns_policy }} restartPolicy: Always schedulerName: default-scheduler securityContext: {} diff --git a/tiller/values.yaml b/tiller/values.yaml index 53498069e..d524cc1a2 100644 --- a/tiller/values.yaml +++ b/tiller/values.yaml @@ -37,6 +37,7 @@ images: - image_repo_sync pod: + dns_policy: "ClusterFirst" security_context: tiller: pod: diff --git a/tools/deployment/apparmor/050-libvirt.sh b/tools/deployment/apparmor/050-libvirt.sh index e05936f3f..a4e51acb9 100755 --- a/tools/deployment/apparmor/050-libvirt.sh +++ b/tools/deployment/apparmor/050-libvirt.sh @@ -173,4 +173,4 @@ helm upgrade --install libvirt ./libvirt \ #NOTE: Validate Deployment info ./tools/deployment/common/wait-for-pods.sh openstack -helm status libvirt \ No newline at end of file +helm status libvirt diff --git a/tools/deployment/network-policy/050-prometheus.sh b/tools/deployment/network-policy/050-prometheus.sh index 3de12c70b..162762e23 100755 --- a/tools/deployment/network-policy/050-prometheus.sh +++ b/tools/deployment/network-policy/050-prometheus.sh @@ -68,4 +68,4 @@ helm upgrade --install prometheus ./prometheus \ ./tools/deployment/common/wait-for-pods.sh osh-infra #NOTE: Validate Deployment info -helm status prometheus \ No newline at end of file +helm status prometheus