Use sequential forward policy in coredns

If possible, dns should be resolved through dnsmasq, in order to allow
proper resolution of platform (e.g. controller) hostnames, which would
fail to resolve from external nameservers.

Partial-Bug: 1821026
Change-Id: I4f5cdb7ac79dfe19626623adb5622645cf8569ab
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
This commit is contained in:
Joseph Richard 2020-05-19 15:30:45 -04:00
parent 003ddff574
commit 7ecbdadbfb
2 changed files with 42 additions and 0 deletions

View File

@ -17,6 +17,7 @@
# - Prepare SRIOV config and activate SRIOV networking
# - Prepare SRIOV device plugin config and activate SRIOV device plugin
# - Restore Helm charts if the host is bootstrapped in restore mode
# - Prepare and apply coredns config
# - Restrict coredns to master node and set anti-affnity (duplex system)
# - Restrict coredns to 1 pod (simplex system)
# - Remove taint from master node
@ -217,6 +218,11 @@
src: "k8s-{{ kubernetes_version }}/sriov-plugin.yaml.j2"
dest: /etc/kubernetes/sriovdp-daemonset.yaml
- name: Create coredns config file
template:
src: "coredns.yaml.j2"
dest: /etc/kubernetes/coredns.yaml
- block:
- name: Restore kubernetes certificates
shell: tar -C / --overwrite -xpf {{ target_backup_dir }}/{{ backup_filename }} {{ item }}
@ -286,6 +292,9 @@
- name: Activate SRIOV device plugin
command: "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/sriovdp-daemonset.yaml"
- name: Apply coredns config
command: "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/coredns.yaml"
# Restrict coredns to master node and use anti-affinity for core dns for duplex systems
- block:
- name: Restrict coredns to master node

View File

@ -0,0 +1,33 @@
# Based on https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/coredns/coredns.yaml.sed#L54-L82
# Hardcode dns_domain to cluster.local.
# Change policy from default of random to sequential, in order to attempt to
# resolve domain names with dnsmasq first.
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf {
policy sequential
}
cache 30
loop
reload
loadbalance
}