summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRicardo Rocha <rocha.porto@gmail.com>2017-05-03 16:46:06 +0200
committerMohammed Naser <mnaser@vexxhost.com>2017-07-28 19:18:06 +0000
commita3b424ffdd9b38f6c808614d3eab1e95075896cd (patch)
tree1f8d63400b3ae334e0deefa4e5b9ac45f152bf7b
parent0d980622b02c2280a6caffa64e21387e98c11872 (diff)
Add CoreDNS deployment in kubernetes atomic
Enable internal cluster DNS by deploying CoreDNS in the kube-system namespace. It covers dns queries for both the cluster and external, acting as a proxy with a cache layer in front. Version of CoreDNS hard-coded to 007, image taken from dockerhub. Related-Bug: #1692449 Change-Id: I0a9703b531fe872416dcd79fa7d4d27c1ea61586 (cherry picked from commit 7c35c8fe40ec2b012696965e225d2b2d6ea0f6b1)
Notes
Notes (review): Code-Review+2: Spyros Trigazis (strigazi) <strigazi@gmail.com> Code-Review+2: Madhuri Kumari <madhuri.kumari@intel.com> Workflow+1: Madhuri Kumari <madhuri.kumari@intel.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 28 Aug 2017 09:49:49 +0000 Reviewed-on: https://review.openstack.org/488577 Project: openstack/magnum Branch: refs/heads/stable/ocata
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh1
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh1
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh112
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml2
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml2
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml16
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml19
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml12
8 files changed, 165 insertions, 0 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index c6de5b2..7d17958 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -58,6 +58,7 @@ sed -i '
58 58
59HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') 59HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
60KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}" 60KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}"
61KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
61 62
62if [ -n "${INSECURE_REGISTRY_URL}" ]; then 63if [ -n "${INSECURE_REGISTRY_URL}" ]; then
63 KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:0.8.0" 64 KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:0.8.0"
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index 3e50cba..50abb79 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -49,6 +49,7 @@ sed -i '
49# Using any other name will break the load balancer and cinder volume features. 49# Using any other name will break the load balancer and cinder volume features.
50HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') 50HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
51KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}" 51KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
52KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
52 53
53if [ -n "$TRUST_ID" ]; then 54if [ -n "$TRUST_ID" ]; then
54 KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config" 55 KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh
new file mode 100644
index 0000000..7f293f6
--- /dev/null
+++ b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh
@@ -0,0 +1,112 @@
1#!/bin/sh
2
3. /etc/sysconfig/heat-params
4
5CORE_DNS=/etc/kubernetes/manifests/kube-coredns.yaml
6[ -f ${CORE_DNS} ] || {
7 echo "Writing File: $CORE_DNS"
8 mkdir -p $(dirname ${CORE_DNS})
9 cat << EOF > ${CORE_DNS}
10apiVersion: v1
11kind: ConfigMap
12metadata:
13 name: coredns
14 namespace: kube-system
15data:
16 Corefile: |
17 .:53 {
18 errors
19 log stdout
20 health
21 kubernetes ${DNS_CLUSTER_DOMAIN} {
22 cidrs ${PORTAL_NETWORK_CIDR}
23 }
24 proxy . /etc/resolv.conf
25 cache 30
26 }
27---
28apiVersion: extensions/v1beta1
29kind: Deployment
30metadata:
31 name: coredns
32 namespace: kube-system
33 labels:
34 k8s-app: coredns
35 kubernetes.io/cluster-service: "true"
36 kubernetes.io/name: "CoreDNS"
37spec:
38 replicas: 1
39 selector:
40 matchLabels:
41 k8s-app: coredns
42 template:
43 metadata:
44 labels:
45 k8s-app: coredns
46 annotations:
47 scheduler.alpha.kubernetes.io/critical-pod: ''
48 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
49 spec:
50 containers:
51 - name: coredns
52 image: coredns/coredns:007
53 imagePullPolicy: Always
54 args: [ "-conf", "/etc/coredns/Corefile" ]
55 volumeMounts:
56 - name: config-volume
57 mountPath: /etc/coredns
58 ports:
59 - containerPort: 53
60 name: dns
61 protocol: UDP
62 - containerPort: 53
63 name: dns-tcp
64 protocol: TCP
65 livenessProbe:
66 httpGet:
67 path: /health
68 port: 8080
69 scheme: HTTP
70 initialDelaySeconds: 60
71 timeoutSeconds: 5
72 successThreshold: 1
73 failureThreshold: 5
74 dnsPolicy: Default
75 volumes:
76 - name: config-volume
77 configMap:
78 name: coredns
79 items:
80 - key: Corefile
81 path: Corefile
82---
83apiVersion: v1
84kind: Service
85metadata:
86 name: kube-dns
87 namespace: kube-system
88 labels:
89 k8s-app: coredns
90 kubernetes.io/cluster-service: "true"
91 kubernetes.io/name: "CoreDNS"
92spec:
93 selector:
94 k8s-app: coredns
95 clusterIP: ${DNS_SERVICE_IP}
96 ports:
97 - name: dns
98 port: 53
99 protocol: UDP
100 - name: dns-tcp
101 port: 53
102 protocol: TCP
103EOF
104}
105
106echo "Waiting for Kubernetes API..."
107until curl --silent "http://127.0.0.1:8080/version"
108do
109 sleep 5
110done
111
112kubectl create --validate=false -f $CORE_DNS
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
index 5f0bb5c..21adadb 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
@@ -43,3 +43,5 @@ write_files:
43 SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY" 43 SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
44 SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT" 44 SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
45 ETCD_LB_VIP="$ETCD_LB_VIP" 45 ETCD_LB_VIP="$ETCD_LB_VIP"
46 DNS_SERVICE_IP="$DNS_SERVICE_IP"
47 DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
index d6b575f..a7d979c 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
@@ -40,3 +40,5 @@ write_files:
40 TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD" 40 TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
41 TRUST_ID="$TRUST_ID" 41 TRUST_ID="$TRUST_ID"
42 INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL" 42 INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
43 DNS_SERVICE_IP="$DNS_SERVICE_IP"
44 DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
index 2836490..3171731 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -293,6 +293,18 @@ parameters:
293 description: insecure registry url 293 description: insecure registry url
294 default: "" 294 default: ""
295 295
296 dns_service_ip:
297 type: string
298 description: >
299 address used by Kubernetes DNS service
300 default: 10.254.0.10
301
302 dns_cluster_domain:
303 type: string
304 description: >
305 domain name for cluster DNS
306 default: "cluster.local"
307
296resources: 308resources:
297 309
298 ###################################################################### 310 ######################################################################
@@ -459,6 +471,8 @@ resources:
459 auth_url: {get_param: auth_url} 471 auth_url: {get_param: auth_url}
460 insecure_registry_url: {get_param: insecure_registry_url} 472 insecure_registry_url: {get_param: insecure_registry_url}
461 etcd_lb_vip: {get_attr: [etcd_lb, address]} 473 etcd_lb_vip: {get_attr: [etcd_lb, address]}
474 dns_service_ip: {get_param: dns_service_ip}
475 dns_cluster_domain: {get_param: dns_cluster_domain}
462 476
463 ###################################################################### 477 ######################################################################
464 # 478 #
@@ -518,6 +532,8 @@ resources:
518 trust_id: {get_param: trust_id} 532 trust_id: {get_param: trust_id}
519 auth_url: {get_param: auth_url} 533 auth_url: {get_param: auth_url}
520 insecure_registry_url: {get_param: insecure_registry_url} 534 insecure_registry_url: {get_param: insecure_registry_url}
535 dns_service_ip: {get_param: dns_service_ip}
536 dns_cluster_domain: {get_param: dns_cluster_domain}
521 537
522outputs: 538outputs:
523 539
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index d587d01..feefbbc 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -208,6 +208,16 @@ parameters:
208 etcd lb vip private used to generate certs on master. 208 etcd lb vip private used to generate certs on master.
209 default: "" 209 default: ""
210 210
211 dns_service_ip:
212 type: string
213 description: >
214 address used by Kubernetes DNS service
215
216 dns_cluster_domain:
217 type: string
218 description: >
219 domain name for cluster DNS
220
211resources: 221resources:
212 222
213 master_wait_handle: 223 master_wait_handle:
@@ -285,6 +295,8 @@ resources:
285 "$TRUST_ID": {get_param: trust_id} 295 "$TRUST_ID": {get_param: trust_id}
286 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} 296 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
287 "$ETCD_LB_VIP": {get_param: etcd_lb_vip} 297 "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
298 "$DNS_SERVICE_IP": {get_param: dns_service_ip}
299 "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
288 300
289 make_cert: 301 make_cert:
290 type: OS::Heat::SoftwareConfig 302 type: OS::Heat::SoftwareConfig
@@ -374,6 +386,12 @@ resources:
374 group: ungrouped 386 group: ungrouped
375 config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh} 387 config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
376 388
389 core_dns_service:
390 type: OS::Heat::SoftwareConfig
391 properties:
392 group: ungrouped
393 config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
394
377 master_wc_notify: 395 master_wc_notify:
378 type: OS::Heat::SoftwareConfig 396 type: OS::Heat::SoftwareConfig
379 properties: 397 properties:
@@ -409,6 +427,7 @@ resources:
409 - config: {get_resource: network_config_service} 427 - config: {get_resource: network_config_service}
410 - config: {get_resource: network_service} 428 - config: {get_resource: network_service}
411 - config: {get_resource: kube_system_namespace_service} 429 - config: {get_resource: kube_system_namespace_service}
430 - config: {get_resource: core_dns_service}
412 - config: {get_resource: enable_kube_controller_manager_scheduler} 431 - config: {get_resource: enable_kube_controller_manager_scheduler}
413 - config: {get_resource: enable_kube_proxy} 432 - config: {get_resource: enable_kube_proxy}
414 - config: {get_resource: kube_ui_service} 433 - config: {get_resource: kube_ui_service}
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
index 5298a9a..f0290dc 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@@ -194,6 +194,16 @@ parameters:
194 type: string 194 type: string
195 description: insecure registry url 195 description: insecure registry url
196 196
197 dns_service_ip:
198 type: string
199 description: >
200 address used by Kubernetes DNS service
201
202 dns_cluster_domain:
203 type: string
204 description: >
205 domain name for cluster DNS
206
197resources: 207resources:
198 208
199 minion_wait_handle: 209 minion_wait_handle:
@@ -254,6 +264,8 @@ resources:
254 $TRUST_ID: {get_param: trust_id} 264 $TRUST_ID: {get_param: trust_id}
255 $AUTH_URL: {get_param: auth_url} 265 $AUTH_URL: {get_param: auth_url}
256 $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url} 266 $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
267 $DNS_SERVICE_IP: {get_param: dns_service_ip}
268 $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
257 269
258 write_kubeconfig: 270 write_kubeconfig:
259 type: OS::Heat::SoftwareConfig 271 type: OS::Heat::SoftwareConfig