epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-07 18:47:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update CoreDNS, KubeDNS and Autoscaler to newest templates (#3711)

Browse Source 
* Update DNS Autoscaler to latest

* Update CoreDNS to latest

* Update KubeDNS to latest

* Add KubeDNS config map

* Fix filename

* Add missing selector to DNS Autoscaler

* Add missing tolerations
This commit is contained in:
Andreas Krüger
2018-11-15 18:52:12 +01:00
committed by k8s-ci-robot
parent 29ee581067
commit 6f6274d0d9
16 changed files with 63 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/download/defaults/main.yml
View File

@@ -181,7 +181,7 @@ dnsmasq_sidecar_image_tag: "{{ kubedns_version }}"
dnsmasqautoscaler_version: 1.1.2 dnsmasqautoscaler_version: 1.1.2
dnsmasqautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-{{ image_arch }}" dnsmasqautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-{{ image_arch }}"
dnsmasqautoscaler_image_tag: "{{ dnsmasqautoscaler_version }}" dnsmasqautoscaler_image_tag: "{{ dnsmasqautoscaler_version }}"
dnsautoscaler_version: 1.2.0 dnsautoscaler_version: 1.3.0
dnsautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-{{ image_arch }}" dnsautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-{{ image_arch }}"
dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}" dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
test_image_repo: busybox test_image_repo: busybox

2
roles/kubernetes-apps/ansible/defaults/main.yml
View File

@@ -9,6 +9,8 @@ dns_cpu_requests: 100m
dns_memory_requests: 70Mi dns_memory_requests: 70Mi
dns_min_replicas: 2 dns_min_replicas: 2
dns_nodes_per_replica: 10 dns_nodes_per_replica: 10
dns_cores_per_replica: 20
dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas > '1' else 'false' }}"
# Images # Images
image_arch: "{{host_architecture}}" image_arch: "{{host_architecture}}"

1
roles/kubernetes-apps/ansible/tasks/kubedns.yml
View File

@@ -6,6 +6,7 @@
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items: with_items:
- { name: kube-dns, file: kubedns-sa.yml, type: sa } - { name: kube-dns, file: kubedns-sa.yml, type: sa }
- { name: kube-dns, file: kubedns-config.yml, type: configmap }
- { name: kube-dns, file: kubedns-deploy.yml, type: deployment } - { name: kube-dns, file: kubedns-deploy.yml, type: deployment }
- { name: kube-dns, file: kubedns-svc.yml, type: svc } - { name: kube-dns, file: kubedns-svc.yml, type: svc }
- { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa } - { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa }

9
roles/kubernetes-apps/ansible/templates/coredns-clusterrole.yml.j2
View File

@@ -1,9 +1,10 @@
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
labels: labels:
kubernetes.io/bootstrapping: rbac-defaults kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns name: system:coredns
rules: rules:
- apiGroups: - apiGroups:
@@ -16,3 +17,9 @@ rules:
verbs: verbs:
- list - list
- watch - watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get

3
roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
View File

@@ -1,11 +1,12 @@
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
annotations: annotations:
rbac.authorization.kubernetes.io/autoupdate: "true" rbac.authorization.kubernetes.io/autoupdate: "true"
labels: labels:
kubernetes.io/bootstrapping: rbac-defaults kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns name: system:coredns
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io

2
roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
View File

@@ -4,6 +4,8 @@ kind: ConfigMap
metadata: metadata:
name: coredns name: coredns
namespace: kube-system namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data: data:
Corefile: | Corefile: |
.:53 { .:53 {

8
roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
View File

@@ -2,10 +2,12 @@
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: coredns{{ coredns_ordinal_suffix | default('') }} name: "coredns{{ coredns_ordinal_suffix | default('') }}"
namespace: kube-system namespace: kube-system
labels: labels:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} k8s-app: "coredns{{ coredns_ordinal_suffix | default('') }}"
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}" kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}"
spec: spec:
strategy: strategy:
@@ -21,7 +23,7 @@ spec:
labels: labels:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
{% if kube_version is version('v1.11.1', '>=') %} {% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

3
roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
View File

@@ -4,3 +4,6 @@ kind: ServiceAccount
metadata: metadata:
name: coredns name: coredns
namespace: kube-system namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile

1
roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
View File

@@ -8,6 +8,7 @@ metadata:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}" kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}"
addonmanager.kubernetes.io/mode: Reconcile
annotations: annotations:
prometheus.io/path: /metrics prometheus.io/path: /metrics
prometheus.io/port: "9153" prometheus.io/port: "9153"

7
roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrole.yml.j2
View File

@@ -14,10 +14,11 @@
# limitations under the License. # limitations under the License.
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: cluster-proportional-autoscaler name: system:dns-autoscaler
namespace: kube-system labels:
addonmanager.kubernetes.io/mode: Reconcile
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["nodes"] resources: ["nodes"]

11
roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrolebinding.yml.j2
View File

@@ -14,15 +14,16 @@
# limitations under the License. # limitations under the License.
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: cluster-proportional-autoscaler name: system:dns-autoscaler
namespace: kube-system labels:
addonmanager.kubernetes.io/mode: Reconcile
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: cluster-proportional-autoscaler name: dns-autoscaler
namespace: kube-system namespace: kube-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: cluster-proportional-autoscaler name: system:dns-autoscaler
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io

4
roles/kubernetes-apps/ansible/templates/dns-autoscaler-sa.yml.j2
View File

@@ -16,5 +16,7 @@
kind: ServiceAccount kind: ServiceAccount
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: cluster-proportional-autoscaler name: dns-autoscaler
namespace: kube-system namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile

15
roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
View File

@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
apiVersion: extensions/v1beta1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: dns-autoscaler name: dns-autoscaler
@@ -23,10 +23,16 @@ metadata:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile addonmanager.kubernetes.io/mode: Reconcile
spec: spec:
selector:
matchLabels:
k8s-app: dns-autoscaler
template: template:
metadata: metadata:
labels: labels:
k8s-app: dns-autoscaler k8s-app: dns-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
{% if kube_version is version('v1.11.1', '>=') %} {% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
@@ -63,7 +69,7 @@ spec:
command: command:
- /cluster-proportional-autoscaler - /cluster-proportional-autoscaler
- --namespace=kube-system - --namespace=kube-system
- --default-params={"linear":{"nodesPerReplica":{{ dns_nodes_per_replica }},"min":{{ dns_min_replicas }}}} - --default-params={"linear":{"preventSinglePointFailure":{{ dns_prevent_single_point_failure }},"coresPerReplica":{{ dns_cores_per_replica }},"nodesPerReplica":{{ dns_nodes_per_replica }},"min":{{ dns_min_replicas }}}}
- --logtostderr=true - --logtostderr=true
- --v=2 - --v=2
- --configmap=dns-autoscaler - --configmap=dns-autoscaler
@@ -73,4 +79,7 @@ spec:
{% if dns_mode in ['kubedns', 'dnsmasq_kubedns'] %} {% if dns_mode in ['kubedns', 'dnsmasq_kubedns'] %}
- --target=Deployment/kube-dns - --target=Deployment/kube-dns
{% endif %} {% endif %}
serviceAccountName: cluster-proportional-autoscaler tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
serviceAccountName: dns-autoscaler

8
roles/kubernetes-apps/ansible/templates/kubedns-config.yml.j2 Normal file
View File

@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-dns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists

6
roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
View File

@@ -26,6 +26,7 @@ spec:
k8s-app: kube-dns k8s-app: kube-dns
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
{% if kube_version is version('v1.11.1', '>=') %} {% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
@@ -135,6 +136,7 @@ spec:
- -- - --
- -k - -k
- --cache-size=1000 - --cache-size=1000
- --no-negcache
- --dns-loop-detect - --dns-loop-detect
- --log-facility=- - --log-facility=-
- --server=/{{ dns_domain }}/127.0.0.1#10053 - --server=/{{ dns_domain }}/127.0.0.1#10053
@@ -169,8 +171,8 @@ spec:
args: args:
- --v={{ kube_log_level }} - --v={{ kube_log_level }}
- --logtostderr - --logtostderr
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ dns_domain }},5,A - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ dns_domain }},5,SRV
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ dns_domain }},5,A - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ dns_domain }},5,SRV
ports: ports:
- containerPort: 10054 - containerPort: 10054
name: metrics name: metrics

1
roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
View File

@@ -6,3 +6,4 @@ metadata:
namespace: kube-system namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile