summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-08-28 09:49:49 +0000
committerGerrit Code Review <review@openstack.org>2017-08-28 09:49:49 +0000
commita5aabcb6ab84c676971528dd44ec66f6d46a9e71 (patch)
tree1804ad96c890c16ed5572149353b3a57e4dd71e5
parenta422f534101ff9f733dd65d9c1a6e7f8a2003693 (diff)
parenta3b424ffdd9b38f6c808614d3eab1e95075896cd (diff)
Merge "Add CoreDNS deployment in kubernetes atomic" into stable/ocata
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh1
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh1
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh112
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml2
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml2
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml16
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml19
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml12
8 files changed, 165 insertions, 0 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index c6de5b2..7d17958 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -58,6 +58,7 @@ sed -i '
58 58
59HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') 59HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
60KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}" 60KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}"
61KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
61 62
62if [ -n "${INSECURE_REGISTRY_URL}" ]; then 63if [ -n "${INSECURE_REGISTRY_URL}" ]; then
63 KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:0.8.0" 64 KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:0.8.0"
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index 3e50cba..50abb79 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -49,6 +49,7 @@ sed -i '
49# Using any other name will break the load balancer and cinder volume features. 49# Using any other name will break the load balancer and cinder volume features.
50HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') 50HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
51KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}" 51KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
52KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
52 53
53if [ -n "$TRUST_ID" ]; then 54if [ -n "$TRUST_ID" ]; then
54 KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config" 55 KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh
new file mode 100644
index 0000000..7f293f6
--- /dev/null
+++ b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh
@@ -0,0 +1,112 @@
1#!/bin/sh
2
3. /etc/sysconfig/heat-params
4
5CORE_DNS=/etc/kubernetes/manifests/kube-coredns.yaml
6[ -f ${CORE_DNS} ] || {
7 echo "Writing File: $CORE_DNS"
8 mkdir -p $(dirname ${CORE_DNS})
9 cat << EOF > ${CORE_DNS}
10apiVersion: v1
11kind: ConfigMap
12metadata:
13 name: coredns
14 namespace: kube-system
15data:
16 Corefile: |
17 .:53 {
18 errors
19 log stdout
20 health
21 kubernetes ${DNS_CLUSTER_DOMAIN} {
22 cidrs ${PORTAL_NETWORK_CIDR}
23 }
24 proxy . /etc/resolv.conf
25 cache 30
26 }
27---
28apiVersion: extensions/v1beta1
29kind: Deployment
30metadata:
31 name: coredns
32 namespace: kube-system
33 labels:
34 k8s-app: coredns
35 kubernetes.io/cluster-service: "true"
36 kubernetes.io/name: "CoreDNS"
37spec:
38 replicas: 1
39 selector:
40 matchLabels:
41 k8s-app: coredns
42 template:
43 metadata:
44 labels:
45 k8s-app: coredns
46 annotations:
47 scheduler.alpha.kubernetes.io/critical-pod: ''
48 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
49 spec:
50 containers:
51 - name: coredns
52 image: coredns/coredns:007
53 imagePullPolicy: Always
54 args: [ "-conf", "/etc/coredns/Corefile" ]
55 volumeMounts:
56 - name: config-volume
57 mountPath: /etc/coredns
58 ports:
59 - containerPort: 53
60 name: dns
61 protocol: UDP
62 - containerPort: 53
63 name: dns-tcp
64 protocol: TCP
65 livenessProbe:
66 httpGet:
67 path: /health
68 port: 8080
69 scheme: HTTP
70 initialDelaySeconds: 60
71 timeoutSeconds: 5
72 successThreshold: 1
73 failureThreshold: 5
74 dnsPolicy: Default
75 volumes:
76 - name: config-volume
77 configMap:
78 name: coredns
79 items:
80 - key: Corefile
81 path: Corefile
82---
83apiVersion: v1
84kind: Service
85metadata:
86 name: kube-dns
87 namespace: kube-system
88 labels:
89 k8s-app: coredns
90 kubernetes.io/cluster-service: "true"
91 kubernetes.io/name: "CoreDNS"
92spec:
93 selector:
94 k8s-app: coredns
95 clusterIP: ${DNS_SERVICE_IP}
96 ports:
97 - name: dns
98 port: 53
99 protocol: UDP
100 - name: dns-tcp
101 port: 53
102 protocol: TCP
103EOF
104}
105
106echo "Waiting for Kubernetes API..."
107until curl --silent "http://127.0.0.1:8080/version"
108do
109 sleep 5
110done
111
112kubectl create --validate=false -f $CORE_DNS
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
index 4e50ca0..81cc853 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
@@ -45,3 +45,5 @@ write_files:
45 SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY" 45 SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
46 SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT" 46 SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
47 ETCD_LB_VIP="$ETCD_LB_VIP" 47 ETCD_LB_VIP="$ETCD_LB_VIP"
48 DNS_SERVICE_IP="$DNS_SERVICE_IP"
49 DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
index d6b575f..a7d979c 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
@@ -40,3 +40,5 @@ write_files:
40 TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD" 40 TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
41 TRUST_ID="$TRUST_ID" 41 TRUST_ID="$TRUST_ID"
42 INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL" 42 INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
43 DNS_SERVICE_IP="$DNS_SERVICE_IP"
44 DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
index 58514f1..e7229e7 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -303,6 +303,18 @@ parameters:
303 description: insecure registry url 303 description: insecure registry url
304 default: "" 304 default: ""
305 305
306 dns_service_ip:
307 type: string
308 description: >
309 address used by Kubernetes DNS service
310 default: 10.254.0.10
311
312 dns_cluster_domain:
313 type: string
314 description: >
315 domain name for cluster DNS
316 default: "cluster.local"
317
306resources: 318resources:
307 319
308 ###################################################################### 320 ######################################################################
@@ -471,6 +483,8 @@ resources:
471 auth_url: {get_param: auth_url} 483 auth_url: {get_param: auth_url}
472 insecure_registry_url: {get_param: insecure_registry_url} 484 insecure_registry_url: {get_param: insecure_registry_url}
473 etcd_lb_vip: {get_attr: [etcd_lb, address]} 485 etcd_lb_vip: {get_attr: [etcd_lb, address]}
486 dns_service_ip: {get_param: dns_service_ip}
487 dns_cluster_domain: {get_param: dns_cluster_domain}
474 488
475 ###################################################################### 489 ######################################################################
476 # 490 #
@@ -530,6 +544,8 @@ resources:
530 trust_id: {get_param: trust_id} 544 trust_id: {get_param: trust_id}
531 auth_url: {get_param: auth_url} 545 auth_url: {get_param: auth_url}
532 insecure_registry_url: {get_param: insecure_registry_url} 546 insecure_registry_url: {get_param: insecure_registry_url}
547 dns_service_ip: {get_param: dns_service_ip}
548 dns_cluster_domain: {get_param: dns_cluster_domain}
533 549
534outputs: 550outputs:
535 551
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index 419e02f..5675f80 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -216,6 +216,16 @@ parameters:
216 etcd lb vip private used to generate certs on master. 216 etcd lb vip private used to generate certs on master.
217 default: "" 217 default: ""
218 218
219 dns_service_ip:
220 type: string
221 description: >
222 address used by Kubernetes DNS service
223
224 dns_cluster_domain:
225 type: string
226 description: >
227 domain name for cluster DNS
228
219resources: 229resources:
220 230
221 master_wait_handle: 231 master_wait_handle:
@@ -295,6 +305,8 @@ resources:
295 "$TRUST_ID": {get_param: trust_id} 305 "$TRUST_ID": {get_param: trust_id}
296 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} 306 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
297 "$ETCD_LB_VIP": {get_param: etcd_lb_vip} 307 "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
308 "$DNS_SERVICE_IP": {get_param: dns_service_ip}
309 "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
298 310
299 make_cert: 311 make_cert:
300 type: OS::Heat::SoftwareConfig 312 type: OS::Heat::SoftwareConfig
@@ -384,6 +396,12 @@ resources:
384 group: ungrouped 396 group: ungrouped
385 config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh} 397 config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
386 398
399 core_dns_service:
400 type: OS::Heat::SoftwareConfig
401 properties:
402 group: ungrouped
403 config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh}
404
387 master_wc_notify: 405 master_wc_notify:
388 type: OS::Heat::SoftwareConfig 406 type: OS::Heat::SoftwareConfig
389 properties: 407 properties:
@@ -419,6 +437,7 @@ resources:
419 - config: {get_resource: network_config_service} 437 - config: {get_resource: network_config_service}
420 - config: {get_resource: network_service} 438 - config: {get_resource: network_service}
421 - config: {get_resource: kube_system_namespace_service} 439 - config: {get_resource: kube_system_namespace_service}
440 - config: {get_resource: core_dns_service}
422 - config: {get_resource: enable_kube_controller_manager_scheduler} 441 - config: {get_resource: enable_kube_controller_manager_scheduler}
423 - config: {get_resource: enable_kube_proxy} 442 - config: {get_resource: enable_kube_proxy}
424 - config: {get_resource: kube_ui_service} 443 - config: {get_resource: kube_ui_service}
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
index 5298a9a..f0290dc 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@@ -194,6 +194,16 @@ parameters:
194 type: string 194 type: string
195 description: insecure registry url 195 description: insecure registry url
196 196
197 dns_service_ip:
198 type: string
199 description: >
200 address used by Kubernetes DNS service
201
202 dns_cluster_domain:
203 type: string
204 description: >
205 domain name for cluster DNS
206
197resources: 207resources:
198 208
199 minion_wait_handle: 209 minion_wait_handle:
@@ -254,6 +264,8 @@ resources:
254 $TRUST_ID: {get_param: trust_id} 264 $TRUST_ID: {get_param: trust_id}
255 $AUTH_URL: {get_param: auth_url} 265 $AUTH_URL: {get_param: auth_url}
256 $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url} 266 $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
267 $DNS_SERVICE_IP: {get_param: dns_service_ip}
268 $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
257 269
258 write_kubeconfig: 270 write_kubeconfig:
259 type: OS::Heat::SoftwareConfig 271 type: OS::Heat::SoftwareConfig