diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh index 413ba34226..128f42874b 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh @@ -58,6 +58,7 @@ sed -i ' HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=${HOSTNAME_OVERRIDE}" +KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}" # For using default log-driver, other options should be ignored sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh index 1e1be1f488..442f5aa218 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh @@ -49,6 +49,7 @@ sed -i ' # Using any other name will break the load balancer and cinder volume features. HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') KUBELET_ARGS="--config=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}" +KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}" if [ -n "$TRUST_ID" ]; then KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config" diff --git a/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh new file mode 100644 index 0000000000..7f293f61a7 --- /dev/null +++ b/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh @@ -0,0 +1,112 @@ +#!/bin/sh + +. /etc/sysconfig/heat-params + +CORE_DNS=/etc/kubernetes/manifests/kube-coredns.yaml +[ -f ${CORE_DNS} ] || { + echo "Writing File: $CORE_DNS" + mkdir -p $(dirname ${CORE_DNS}) + cat << EOF > ${CORE_DNS} +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + errors + log stdout + health + kubernetes ${DNS_CLUSTER_DOMAIN} { + cidrs ${PORTAL_NETWORK_CIDR} + } + proxy . /etc/resolv.conf + cache 30 + } +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: coredns + namespace: kube-system + labels: + k8s-app: coredns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: coredns + template: + metadata: + labels: + k8s-app: coredns + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' + spec: + containers: + - name: coredns + image: coredns/coredns:007 + imagePullPolicy: Always + args: [ "-conf", "/etc/coredns/Corefile" ] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + dnsPolicy: Default + volumes: + - name: config-volume + configMap: + name: coredns + items: + - key: Corefile + path: Corefile +--- +apiVersion: v1 +kind: Service +metadata: + name: kube-dns + namespace: kube-system + labels: + k8s-app: coredns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" +spec: + selector: + k8s-app: coredns + clusterIP: ${DNS_SERVICE_IP} + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP +EOF +} + +echo "Waiting for Kubernetes API..." +until curl --silent "http://127.0.0.1:8080/version" +do + sleep 5 +done + +kubectl create --validate=false -f $CORE_DNS diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml index 548a41f5ba..77b006ef4e 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml +++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml @@ -46,3 +46,5 @@ write_files: SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY" SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT" ETCD_LB_VIP="$ETCD_LB_VIP" + DNS_SERVICE_IP="$DNS_SERVICE_IP" + DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN" diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml index 401d9711bf..21f1b42645 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml +++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml @@ -41,3 +41,5 @@ write_files: TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD" TRUST_ID="$TRUST_ID" INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL" + DNS_SERVICE_IP="$DNS_SERVICE_IP" + DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN" diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index e74f16bd95..e212ee4722 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -316,6 +316,18 @@ parameters: description: insecure registry url default: "" + dns_service_ip: + type: string + description: > + address used by Kubernetes DNS service + default: 10.254.0.10 + + dns_cluster_domain: + type: string + description: > + domain name for cluster DNS + default: "cluster.local" + resources: ###################################################################### @@ -486,6 +498,8 @@ resources: auth_url: {get_param: auth_url} insecure_registry_url: {get_param: insecure_registry_url} etcd_lb_vip: {get_attr: [etcd_lb, address]} + dns_service_ip: {get_param: dns_service_ip} + dns_cluster_domain: {get_param: dns_cluster_domain} ###################################################################### # @@ -546,6 +560,8 @@ resources: trust_id: {get_param: trust_id} auth_url: {get_param: auth_url} insecure_registry_url: {get_param: insecure_registry_url} + dns_service_ip: {get_param: dns_service_ip} + dns_cluster_domain: {get_param: dns_cluster_domain} outputs: diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml index 5b49884361..0f2af88731 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml @@ -227,6 +227,16 @@ parameters: etcd lb vip private used to generate certs on master. default: "" + dns_service_ip: + type: string + description: > + address used by Kubernetes DNS service + + dns_cluster_domain: + type: string + description: > + domain name for cluster DNS + resources: master_wait_handle: @@ -307,6 +317,8 @@ resources: "$TRUST_ID": {get_param: trust_id} "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} "$ETCD_LB_VIP": {get_param: etcd_lb_vip} + "$DNS_SERVICE_IP": {get_param: dns_service_ip} + "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain} make_cert: type: OS::Heat::SoftwareConfig @@ -423,6 +435,12 @@ resources: group: ungrouped config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh} + core_dns_service: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: {get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh} + master_wc_notify: type: OS::Heat::SoftwareConfig properties: @@ -461,6 +479,7 @@ resources: - config: {get_resource: network_config_service} - config: {get_resource: network_service} - config: {get_resource: kube_system_namespace_service} + - config: {get_resource: core_dns_service} - config: {get_resource: enable_kube_controller_manager_scheduler} - config: {get_resource: enable_kube_proxy} - config: {get_resource: kube_ui_service} diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml index d190255c64..fbb543e32a 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml @@ -199,6 +199,16 @@ parameters: type: string description: insecure registry url + dns_service_ip: + type: string + description: > + address used by Kubernetes DNS service + + dns_cluster_domain: + type: string + description: > + domain name for cluster DNS + resources: minion_wait_handle: @@ -260,6 +270,8 @@ resources: $TRUST_ID: {get_param: trust_id} $AUTH_URL: {get_param: auth_url} $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url} + $DNS_SERVICE_IP: {get_param: dns_service_ip} + $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain} write_kubeconfig: type: OS::Heat::SoftwareConfig