Add support for running a nodelocal dns cache (#3861)

* Add support for running a nodelocal dns cache After encountering dns issues in a cluster I was recently working on I noticed Kubernetes 1.13 introduced support for running a nodelocal dns cache. I believe this can usefull for more people. 73b548db06 https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/0030-nodelocal-dns-cache.md * Add requested changes * Add additional requested changes + documentation * Add requested changes after review * Replace incorrect variable
2026-03-09 19:58:07 +03:00 · 2018-12-11 02:28:03 +01:00
parent 7b674e0607
commit 3e3ee0aeb1
12 changed files with 223 additions and 0 deletions
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nodelocaldns
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: EnsureExists
+
+data:
+  Corefile: |
+    {{ dns_domain }}:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind {{ nodelocaldns_ip }}
+{% if secondaryclusterIP is defined and dns_mode == 'coredns_dual' %}
+        forward . {{ clusterIP }} {{ secondaryclusterIP }} {
+{% else %}
+        forward . {{ clusterIP }} {
+{% endif %}
+                force_tcp
+        }
+        prometheus :9253
+        health {{ nodelocaldns_ip }}:8080
+        }
+    in-addr.arpa:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind {{ nodelocaldns_ip }}
+{% if secondaryclusterIP is defined %}
+        forward . {{ clusterIP }} {{ secondaryclusterIP }} {
+{% else %}
+        forward . {{ clusterIP }} {
+{% endif %}
+                force_tcp
+        }
+        prometheus :9253
+        }
+    ip6.arpa:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind {{ nodelocaldns_ip }}
+{% if secondaryclusterIP is defined %}
+        forward . {{ clusterIP }} {{ secondaryclusterIP }} {
+{% else %}
+        forward . {{ clusterIP }} {
+{% endif %}
+             force_tcp
+        }
+        prometheus :9253
+        }
+    .:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind {{ nodelocaldns_ip }}
+{% if resolvconf_mode == 'host_resolvconf' and upstream_dns_servers is defined and upstream_dns_servers|length > 0 %}
+        forward . {{ upstream_dns_servers|join(' ') }} {
+{% else %}
+        forward . /etc/resolv.conf {
+{% endif %}
+                force_tcp
+        }
+        prometheus :9253
+        }
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nodelocaldns
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  selector:
+    matchLabels:
+      k8s-app: nodelocaldns
+  template:
+    metadata:
+       labels:
+          k8s-app: nodelocaldns
+    spec:
+{% if kube_version is version('v1.11.1', '>=') %}
+      priorityClassName: system-cluster-critical
+{% endif %}
+      serviceAccountName: nodelocaldns
+      hostNetwork: true
+      dnsPolicy: Default  # Don't use cluster DNS.
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      containers:
+      - name: node-cache
+        image: "{{ nodelocaldns_image_repo }}:{{ nodelocaldns_image_tag }}"
+        resources:
+          limits:
+            memory: {{ nodelocaldns_memory_limit }}
+          requests:
+            cpu: {{ nodelocaldns_cpu_requests }}
+            memory: {{ nodelocaldnsdns_memory_requests }}
+        args: [ "-localip", "{{ nodelocaldns_ip }}", "-conf", "/etc/coredns/Corefile" ]
+        securityContext:
+          privileged: true
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        - containerPort: 9253
+          name: metrics
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            host: {{ nodelocaldns_ip }}
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/coredns
+      volumes:
+        - name: config-volume
+          configMap:
+            name: nodelocaldns
+            items:
+            - key: Corefile
+              path: Corefile
+      terminationGracePeriodSeconds: 30
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-sa.yml.j2
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nodelocaldns
+  namespace: kube-system
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile