Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406)

Both kubedns and dnsmasq modes are long not maintained. We should run dns_late steps at the end because sshd makes DNS lookups during Ansible run and has 2s timeouts for each failed lookup trying to connect to coredns before it is ready.
2026-02-28 09:39:12 +03:00 · 2019-04-01 22:32:34 +03:00
parent d71590bbd0
commit 5f12b7aedf
33 changed files with 37 additions and 837 deletions
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-# Limits for dnsmasq/kubedns apps
+# Limits for coredns
 dns_memory_limit: 170Mi
 dns_cpu_requests: 100m
 dns_memory_requests: 70Mi
--- a/roles/kubernetes-apps/ansible/tasks/kubedns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/kubedns.yml
@@ -1,44 +0,0 @@
---
-
- name: Kubernetes Apps | Lay Down KubeDNS Template
-  action: "{{ item.module }}"
-  args:
-    src: "{{ item.file }}{% if item.module == 'template' %}.j2{% endif %}"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-  with_items:
-    - { name: kube-dns, module: template, file: kubedns-sa.yml, type: sa }
-    - { name: kube-dns, module: template, file: kubedns-config.yml, type: configmap }
-    - { name: kube-dns, module: template, file: kubedns-deploy.yml, type: deployment }
-    - { name: kube-dns, module: template, file: kubedns-svc.yml, type: svc }
-    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-sa.yml, type: sa }
-    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
-    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
-    - { name: dns-autoscaler, module: template, file: dns-autoscaler.yml, type: deployment }
-  register: kubedns_manifests
-  when:
-    - dns_mode in ['kubedns','dnsmasq_kubedns']
-    - inventory_hostname == groups['kube-master'][0]
-  tags:
-    - dnsmasq
-    - kubedns
-
-# see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
-  command: >
-    {{ bin_dir }}/kubectl patch clusterrole system:kube-dns
-    --patch='{
-               "rules": [
-                 {
-                   "apiGroups" : [""],
-                   "resources" : ["endpoints", "services"],
-                   "verbs": ["list", "watch", "get"]
-                 }
-               ]
-             }'
-  when:
-    - dns_mode in ['kubedns', 'dnsmasq_kubedns']
-    - inventory_hostname == groups['kube-master'][0]
-    - rbac_enabled and kubedns_version is version("1.11.0", "<", strict=True)
-  tags:
-    - dnsmasq
-    - kubedns
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -17,9 +17,7 @@
    - inventory_hostname == groups['kube-master'][0]
  tags:
    - upgrade
-    - dnsmasq
    - coredns
-    - kubedns
    - nodelocaldns

 - name: Kubernetes Apps | CoreDNS
@@ -38,14 +36,6 @@
  tags:
    - nodelocaldns

- name: Kubernetes Apps | KubeDNS
-  import_tasks: "tasks/kubedns.yml"
-  when:
-    - dns_mode in ['kubedns', 'dnsmasq_kubedns']
-    - inventory_hostname == groups['kube-master'][0]
-  tags:
-    - dnsmasq
-
 - name: Kubernetes Apps | Start Resources
  kube:
    name: "{{ item.item.name }}"
@@ -55,7 +45,6 @@
    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
    state: "latest"
  with_items:
-    - "{{ kubedns_manifests.results | default({}) }}"
    - "{{ coredns_manifests.results | default({}) }}"
    - "{{ coredns_secondary_manifests.results | default({}) }}"
    - "{{ nodelocaldns_manifests.results | default({}) }}"
@@ -68,9 +57,7 @@
  retries: 4
  delay: 5
  tags:
-    - dnsmasq
    - coredns
-    - kubedns
    - nodelocaldns
  loop_control:
    label: "{{ item.item.file }}"
--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -2,10 +2,8 @@
 - name: Kubernetes Apps | set up necessary nodelocaldns parameters
  set_fact:
    clusterIP: >-
-      {%- if dns_mode in ['kubedns', 'coredns', 'coredns_dual'] -%}
+      {%- if dns_mode in ['coredns', 'coredns_dual'] -%}
      {{ skydns_server }}
-      {%- elif dns_mode == 'dnsmasq_kubedns' -%}
-      {{ dnsmasq_dns_server }}
      {%- elif dns_mode == 'manual' -%}
      {{ manual_dns_server }}
      {%- endif -%}
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
@@ -72,12 +72,7 @@ spec:
        - --logtostderr=true
        - --v=2
        - --configmap=dns-autoscaler{{ coredns_ordinal_suffix }}
-{% if dns_mode in ['coredns', 'coredns_dual'] %}
        - --target=Deployment/coredns{{ coredns_ordinal_suffix }}
-{% endif %}
-{% if dns_mode in ['kubedns', 'dnsmasq_kubedns'] %}
-        - --target=Deployment/kube-dns
-{% endif %}
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
--- a/roles/kubernetes-apps/ansible/templates/kubedns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-config.yml.j2
@@ -1,8 +0,0 @@
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: kube-dns
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: EnsureExists
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -1,184 +0,0 @@
---
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: kube-dns
-  namespace: kube-system
-  labels:
-    k8s-app: kube-dns
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
-spec:
-  # replicas: not specified here:
-  # 1. In order to make Addon Manager do not reconcile this replicas parameter.
-  # 2. Default is 1.
-  # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
-  strategy:
-    rollingUpdate:
-      maxSurge: 10%
-      maxUnavailable: 0
-  selector:
-    matchLabels:
-      k8s-app: kube-dns
-  template:
-    metadata:
-      labels:
-        k8s-app: kube-dns
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
-    spec:
-{% if kube_version is version('v1.11.1', '>=') %}
-      priorityClassName: system-cluster-critical
-{% endif %}
-      nodeSelector:
-        beta.kubernetes.io/os: linux
-      tolerations:
-      - key: "CriticalAddonsOnly"
-        operator: "Exists"
-      - effect: "NoSchedule"
-        operator: "Equal"
-        key: "node-role.kubernetes.io/master"
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: "kubernetes.io/hostname"
-            labelSelector:
-              matchLabels:
-                k8s-app: kube-dns
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            preference:
-              matchExpressions:
-              - key: node-role.kubernetes.io/master
-                operator: In
-                values:
-                - ""
-      volumes:
-      - name: kube-dns-config
-        configMap:
-          name: kube-dns
-          optional: true
-      containers:
-      - name: kubedns
-        image: "{{ kubedns_image_repo }}:{{ kubedns_image_tag }}"
-        imagePullPolicy: {{ k8s_image_pull_policy }}
-        resources:
-          # TODO: Set memory limits when we've profiled the container for large
-          # clusters, then set request = limit to keep this container in
-          # guaranteed class. Currently, this container falls into the
-          # "burstable" category so the kubelet doesn't backoff from restarting it.
-          limits:
-            memory: {{ dns_memory_limit }}
-          requests:
-            cpu: {{ dns_cpu_requests }}
-            memory: {{ dns_memory_requests }}
-        livenessProbe:
-          httpGet:
-            path: /healthcheck/kubedns
-            port: 10054
-            scheme: HTTP
-          initialDelaySeconds: 60
-          timeoutSeconds: 5
-          successThreshold: 1
-          failureThreshold: 5
-        readinessProbe:
-          httpGet:
-            path: /readiness
-            port: 8081
-            scheme: HTTP
-          # we poll on pod startup for the Kubernetes master service and
-          # only setup the /readiness HTTP server once that's available.
-          initialDelaySeconds: 3
-          timeoutSeconds: 5
-        args:
-        - --domain={{ dns_domain }}.
-        - --dns-port=10053
-        - --config-dir=/kube-dns-config
-        - --v={{ kube_log_level }}
-{% if resolvconf_mode == 'host_resolvconf' and upstream_dns_servers is defined and upstream_dns_servers|length > 0 %}
-        - --nameservers={{ upstream_dns_servers|join(',') }}
-{% endif %}
-        env:
-        - name: PROMETHEUS_PORT
-          value: "10055"
-        ports:
-        - containerPort: 10053
-          name: dns-local
-          protocol: UDP
-        - containerPort: 10053
-          name: dns-tcp-local
-          protocol: TCP
-        - containerPort: 10055
-          name: metrics
-          protocol: TCP
-        volumeMounts:
-        - name: kube-dns-config
-          mountPath: /kube-dns-config
-      - name: dnsmasq
-        image: "{{ dnsmasq_nanny_image_repo }}:{{ dnsmasq_nanny_image_tag }}"
-        imagePullPolicy: {{ k8s_image_pull_policy }}
-        livenessProbe:
-          httpGet:
-            path: /healthcheck/dnsmasq
-            port: 10054
-            scheme: HTTP
-          initialDelaySeconds: 60
-          timeoutSeconds: 5
-          successThreshold: 1
-          failureThreshold: 5
-        args:
-        - -v={{ kube_log_level }}
-        - -logtostderr
-        - -configDir=/etc/k8s/dns/dnsmasq-nanny
-        - -restartDnsmasq=true
-        - --
-        - -k
-        - --cache-size=1000
-        - --no-negcache
-        - --dns-loop-detect
-        - --log-facility=-
-        - --server=/{{ dns_domain }}/127.0.0.1#10053
-        - --server=/in-addr.arpa/127.0.0.1#10053
-        - --server=/ip6.arpa/127.0.0.1#10053
-        ports:
-        - containerPort: 53
-          name: dns
-          protocol: UDP
-        - containerPort: 53
-          name: dns-tcp
-          protocol: TCP
-        # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
-        resources:
-          requests:
-            cpu: 150m
-            memory: 20Mi
-        volumeMounts:
-        - name: kube-dns-config
-          mountPath: /etc/k8s/dns/dnsmasq-nanny
-      - name: sidecar
-        image: "{{ dnsmasq_sidecar_image_repo }}:{{ dnsmasq_sidecar_image_tag }}"
-        livenessProbe:
-          httpGet:
-            path: /metrics
-            port: 10054
-            scheme: HTTP
-          initialDelaySeconds: 60
-          timeoutSeconds: 5
-          successThreshold: 1
-          failureThreshold: 5
-        args:
-        - --v={{ kube_log_level }}
-        - --logtostderr
-        - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ dns_domain }},5,SRV
-        - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ dns_domain }},5,SRV
-        ports:
-        - containerPort: 10054
-          name: metrics
-          protocol: TCP
-        resources:
-          requests:
-            memory: 20Mi
-            cpu: 10m
-      dnsPolicy: Default  # Don't use cluster DNS.
-      serviceAccountName: kube-dns
--- a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
@@ -1,9 +0,0 @@
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kube-dns
-  namespace: kube-system
-  labels:
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
--- a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
@@ -1,25 +0,0 @@
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: kube-dns
-  namespace: kube-system
-  labels:
-    k8s-app: kube-dns
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/name: "KubeDNS"
-spec:
-  selector:
-    k8s-app: kube-dns
-  clusterIP: {{ skydns_server }}
-  ports:
-  - name: dns
-    port: 53
-    protocol: UDP
-  - name: dns-tcp
-    port: 53
-    protocol: TCP
-  - name: metrics
-    port: 10055
-    protocol: TCP