Use sequential forward policy in coredns
If possible, dns should be resolved through dnsmasq, in order to allow proper resolution of platform (e.g. controller) hostnames, which would fail to resolve from external nameservers. Partial-Bug: 1821026 Change-Id: I4f5cdb7ac79dfe19626623adb5622645cf8569ab Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
This commit is contained in:
parent
003ddff574
commit
7ecbdadbfb
|
@ -17,6 +17,7 @@
|
|||
# - Prepare SRIOV config and activate SRIOV networking
|
||||
# - Prepare SRIOV device plugin config and activate SRIOV device plugin
|
||||
# - Restore Helm charts if the host is bootstrapped in restore mode
|
||||
# - Prepare and apply coredns config
|
||||
# - Restrict coredns to master node and set anti-affnity (duplex system)
|
||||
# - Restrict coredns to 1 pod (simplex system)
|
||||
# - Remove taint from master node
|
||||
|
@ -217,6 +218,11 @@
|
|||
src: "k8s-{{ kubernetes_version }}/sriov-plugin.yaml.j2"
|
||||
dest: /etc/kubernetes/sriovdp-daemonset.yaml
|
||||
|
||||
- name: Create coredns config file
|
||||
template:
|
||||
src: "coredns.yaml.j2"
|
||||
dest: /etc/kubernetes/coredns.yaml
|
||||
|
||||
- block:
|
||||
- name: Restore kubernetes certificates
|
||||
shell: tar -C / --overwrite -xpf {{ target_backup_dir }}/{{ backup_filename }} {{ item }}
|
||||
|
@ -286,6 +292,9 @@
|
|||
- name: Activate SRIOV device plugin
|
||||
command: "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/sriovdp-daemonset.yaml"
|
||||
|
||||
- name: Apply coredns config
|
||||
command: "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/coredns.yaml"
|
||||
|
||||
# Restrict coredns to master node and use anti-affinity for core dns for duplex systems
|
||||
- block:
|
||||
- name: Restrict coredns to master node
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
# Based on https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/coredns/coredns.yaml.sed#L54-L82
|
||||
# Hardcode dns_domain to cluster.local.
|
||||
# Change policy from default of random to sequential, in order to attempt to
|
||||
# resolve domain names with dnsmasq first.
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: coredns
|
||||
namespace: kube-system
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: EnsureExists
|
||||
data:
|
||||
Corefile: |
|
||||
.:53 {
|
||||
errors
|
||||
health {
|
||||
lameduck 5s
|
||||
}
|
||||
ready
|
||||
kubernetes cluster.local in-addr.arpa ip6.arpa {
|
||||
pods insecure
|
||||
fallthrough in-addr.arpa ip6.arpa
|
||||
ttl 30
|
||||
}
|
||||
prometheus :9153
|
||||
forward . /etc/resolv.conf {
|
||||
policy sequential
|
||||
}
|
||||
cache 30
|
||||
loop
|
||||
reload
|
||||
loadbalance
|
||||
}
|
Loading…
Reference in New Issue