Run coredns service on pod Network
This commits adds support to run coredns service privately on the gates, by running the deployment on pod networking. Also, it forwards any unknow records to google server, to avoid the issue of sometimes the openinfra clouds DNS servers using IPv6 and pods on pod network not providing dual stack. Change-Id: Id672225a93ced79521ddf4f0897df8855fe0ad4e
This commit is contained in:
parent
b99f6a85f1
commit
aaffb4320a
|
@ -278,7 +278,7 @@ function create_k8s_subnet {
|
|||
local allocation_start
|
||||
local allocation_end
|
||||
local allocation_subnet
|
||||
router_ip=$(_cidr_range "$subnet_cidr" | cut -f2)
|
||||
router_ip=$(_cidr_range "$subnet_cidr" | cut -f3)
|
||||
if [[ "$split_allocation" == "True" ]]; then
|
||||
allocation_subnet=$(split_subnet "$subnet_cidr" | cut -f2)
|
||||
allocation_start=$(_allocation_range "$allocation_subnet" end | cut -f1)
|
||||
|
|
|
@ -203,7 +203,7 @@ function _cidr_range {
|
|||
import sys
|
||||
from netaddr import IPAddress, IPNetwork
|
||||
n = IPNetwork(sys.argv[1])
|
||||
print("%s\\t%s" % (IPAddress(n.first + 1), IPAddress(n.last - 1)))
|
||||
print("%s\\t%s\\t%s" % (IPAddress(n.first + 1), IPAddress(n.first + 2), IPAddress(n.last - 1)))
|
||||
EOF
|
||||
}
|
||||
|
||||
|
@ -795,8 +795,12 @@ function run_k8s_kubelet {
|
|||
fi
|
||||
|
||||
if is_service_enabled coredns; then
|
||||
local k8s_resolv_conf
|
||||
command+=" --cluster-dns=${HOST_IP} --cluster-domain=cluster.local"
|
||||
service_cidr=$(openstack --os-cloud devstack-admin \
|
||||
--os-region "$REGION_NAME" \
|
||||
subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
|
||||
-c cidr -f value)
|
||||
export KURYR_COREDNS_CLUSTER_IP=$(_cidr_range "$service_cidr" | cut -f2)
|
||||
command+=" --cluster-dns=${KURYR_COREDNS_CLUSTER_IP} --cluster-domain=cluster.local"
|
||||
fi
|
||||
|
||||
wait_for "Kubernetes API Server" "$KURYR_K8S_API_URL"
|
||||
|
@ -816,14 +820,13 @@ metadata:
|
|||
data:
|
||||
Corefile: |
|
||||
.:53 {
|
||||
bind ${HOST_IP}
|
||||
errors
|
||||
kubernetes cluster.local in-addr.arpa ip6.arpa {
|
||||
pods insecure
|
||||
upstream
|
||||
fallthrough in-addr.arpa ip6.arpa
|
||||
}
|
||||
proxy . /etc/resolv.conf
|
||||
forward . 8.8.8.8:53
|
||||
cache 30
|
||||
loop
|
||||
reload
|
||||
|
@ -860,10 +863,9 @@ spec:
|
|||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: coredns
|
||||
image: coredns/coredns:1.4.0
|
||||
image: coredns/coredns:1.5.0
|
||||
imagePullPolicy: Always
|
||||
args: [ "-conf", "/etc/coredns/Corefile" ]
|
||||
volumeMounts:
|
||||
|
@ -880,6 +882,7 @@ spec:
|
|||
EOF
|
||||
|
||||
/usr/local/bin/kubectl apply -f ${output_dir}/coredns.yml
|
||||
/usr/local/bin/kubectl expose deploy/coredns --port=53 --target-port=53 --protocol=UDP -n kube-system --cluster-ip=${KURYR_COREDNS_CLUSTER_IP}
|
||||
}
|
||||
|
||||
|
||||
|
@ -1137,12 +1140,8 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
|
|||
fi
|
||||
|
||||
if is_service_enabled coredns; then
|
||||
#Open port 53 so pods can reach the DNS server
|
||||
sudo iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT
|
||||
|
||||
run_coredns "${DATA_DIR}/kuryr-kubernetes"
|
||||
fi
|
||||
|
||||
# Needs kuryr to be running
|
||||
if is_service_enabled openshift-dns; then
|
||||
configure_and_run_registry
|
||||
|
|
Loading…
Reference in New Issue