From 537715294f0f91fac9de3883fea7fa877ae994ed Mon Sep 17 00:00:00 2001
From: Shuicheng Lin <shuicheng.lin@intel.com>
Date: Mon, 15 Apr 2019 12:43:19 +0800
Subject: [PATCH] fix two coredns pod in simplex system

There are 2 coredns pod in default. For simplex system, use kubectl
scale cmd to set the replicas to be 1.

Test:
Pass simplex and duplex deploy test, and coredns pod is 1 for simplex
and 2 for duplex. affinity and nodeselector setting for duplex is kept.

Closes-Bug: 1822880

Change-Id: I18f6cb9039bf86ffcd94f36fa5348ff274cc482d
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
 .../modules/platform/manifests/kubernetes.pp  | 51 ++++++++++---------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
index 15e088908..b06cbb9dc 100644
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@@ -196,17 +196,6 @@ class platform::kubernetes::master::init
       logoutput => true,
     }
 
-    # Restrict the dns pod to master nodes
-    -> exec { 'restrict coredns to master nodes':
-      command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'', # lint:ignore:140chars
-      logoutput => true,
-    }
-
-    -> exec { 'Use anti-affinity for coredns pods':
-      command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"k8s-app","operator":"In","values":["kube-dns"]}]},"topologyKey":"kubernetes.io/hostname"}]}}}}}}\'', # lint:ignore:140chars
-      logoutput => true,
-    }
-
     # Remove the taint from the master node
     -> exec { 'remove taint from master node':
       command   => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master- || true", # lint:ignore:140chars
@@ -316,18 +305,6 @@ class platform::kubernetes::master::init
         source => "puppet:///modules/${module_name}/kubeconfig.sh"
       }
 
-      # Restrict the dns pod to master nodes. It seems that each time
-      # kubeadm init is run, it undoes any changes to the deployment.
-      -> exec { 'restrict coredns to master nodes':
-        command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'', # lint:ignore:140chars
-        logoutput => true,
-      }
-
-      -> exec { 'Use anti-affinity for coredns pods':
-        command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"k8s-app","operator":"In","values":["kube-dns"]}]},"topologyKey":"kubernetes.io/hostname"}]}}}}}}\'', # lint:ignore:140chars
-        logoutput => true,
-      }
-
       # Remove the taint from the master node
       -> exec { 'remove taint from master node':
         command   => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master- || true", # lint:ignore:140chars
@@ -372,6 +349,7 @@ class platform::kubernetes::master
   contain ::platform::kubernetes::kubeadm
   contain ::platform::kubernetes::cgroup
   contain ::platform::kubernetes::master::init
+  contain ::platform::kubernetes::coredns
   contain ::platform::kubernetes::firewall
 
   Class['::platform::etcd'] -> Class[$name]
@@ -382,6 +360,7 @@ class platform::kubernetes::master
   Class['::platform::kubernetes::kubeadm']
   -> Class['::platform::kubernetes::cgroup']
   -> Class['::platform::kubernetes::master::init']
+  -> Class['::platform::kubernetes::coredns']
   -> Class['::platform::kubernetes::firewall']
 }
 
@@ -460,6 +439,32 @@ class platform::kubernetes::worker
   }
 }
 
+class platform::kubernetes::coredns {
+
+  include ::platform::params
+
+  if $::platform::params::system_mode != 'simplex' {
+    # For duplex and multi-node system
+    # Restrict the dns pod to master nodes
+    exec { 'restrict coredns to master nodes':
+      command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'', # lint:ignore:140chars
+      logoutput => true,
+    }
+
+    -> exec { 'Use anti-affinity for coredns pods':
+      command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"k8s-app","operator":"In","values":["kube-dns"]}]},"topologyKey":"kubernetes.io/hostname"}]}}}}}}\'', # lint:ignore:140chars
+      logoutput => true,
+    }
+  } else {
+    # for simplex system, 1 coredns is enough
+    exec { '1 coredns for simplex mode':
+      command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system scale --replicas=1 deployment coredns', # lint:ignore:140chars
+      logoutput => true,
+    }
+  }
+}
+
+
 # TODO: remove port 9001 once we have a public docker image registry using standard ports.
 # add 5000 as the default port for private registry
 class platform::kubernetes::firewall::params (