From aaffb4320a7f9ca6991c56a4b3a363ef9e1d289a Mon Sep 17 00:00:00 2001 From: Maysa Macedo Date: Mon, 29 Jun 2020 14:34:45 +0000 Subject: [PATCH] Run coredns service on pod Network This commits adds support to run coredns service privately on the gates, by running the deployment on pod networking. Also, it forwards any unknow records to google server, to avoid the issue of sometimes the openinfra clouds DNS servers using IPv6 and pods on pod network not providing dual stack. Change-Id: Id672225a93ced79521ddf4f0897df8855fe0ad4e --- devstack/lib/kuryr_kubernetes | 2 +- devstack/plugin.sh | 21 ++++++++++----------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/devstack/lib/kuryr_kubernetes b/devstack/lib/kuryr_kubernetes index 600e8a0bb..731017d1d 100644 --- a/devstack/lib/kuryr_kubernetes +++ b/devstack/lib/kuryr_kubernetes @@ -278,7 +278,7 @@ function create_k8s_subnet { local allocation_start local allocation_end local allocation_subnet - router_ip=$(_cidr_range "$subnet_cidr" | cut -f2) + router_ip=$(_cidr_range "$subnet_cidr" | cut -f3) if [[ "$split_allocation" == "True" ]]; then allocation_subnet=$(split_subnet "$subnet_cidr" | cut -f2) allocation_start=$(_allocation_range "$allocation_subnet" end | cut -f1) diff --git a/devstack/plugin.sh b/devstack/plugin.sh index c8f9e1bd6..1fd4c4263 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -203,7 +203,7 @@ function _cidr_range { import sys from netaddr import IPAddress, IPNetwork n = IPNetwork(sys.argv[1]) -print("%s\\t%s" % (IPAddress(n.first + 1), IPAddress(n.last - 1))) +print("%s\\t%s\\t%s" % (IPAddress(n.first + 1), IPAddress(n.first + 2), IPAddress(n.last - 1))) EOF } @@ -795,8 +795,12 @@ function run_k8s_kubelet { fi if is_service_enabled coredns; then - local k8s_resolv_conf - command+=" --cluster-dns=${HOST_IP} --cluster-domain=cluster.local" + service_cidr=$(openstack --os-cloud devstack-admin \ + --os-region "$REGION_NAME" \ + subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \ + -c cidr -f value) + export KURYR_COREDNS_CLUSTER_IP=$(_cidr_range "$service_cidr" | cut -f2) + command+=" --cluster-dns=${KURYR_COREDNS_CLUSTER_IP} --cluster-domain=cluster.local" fi wait_for "Kubernetes API Server" "$KURYR_K8S_API_URL" @@ -816,14 +820,13 @@ metadata: data: Corefile: | .:53 { - bind ${HOST_IP} errors kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } - proxy . /etc/resolv.conf + forward . 8.8.8.8:53 cache 30 loop reload @@ -860,10 +863,9 @@ spec: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: - hostNetwork: true containers: - name: coredns - image: coredns/coredns:1.4.0 + image: coredns/coredns:1.5.0 imagePullPolicy: Always args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: @@ -880,6 +882,7 @@ spec: EOF /usr/local/bin/kubectl apply -f ${output_dir}/coredns.yml + /usr/local/bin/kubectl expose deploy/coredns --port=53 --target-port=53 --protocol=UDP -n kube-system --cluster-ip=${KURYR_COREDNS_CLUSTER_IP} } @@ -1137,12 +1140,8 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then fi if is_service_enabled coredns; then - #Open port 53 so pods can reach the DNS server - sudo iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT - run_coredns "${DATA_DIR}/kuryr-kubernetes" fi - # Needs kuryr to be running if is_service_enabled openshift-dns; then configure_and_run_registry