From 3036fe1a9551473fff988a1aa7998bc637134e0a Mon Sep 17 00:00:00 2001 From: Paulo Pires Date: Sat, 16 Dec 2017 16:06:43 +0000 Subject: [PATCH] Make CoreDNS the default DNS provider and upgrade it Signed-off-by: Paulo Pires --- README.md | 6 +- Vagrantfile | 10 ++-- plugins/dns/coredns/coredns.yaml.sed | 84 ++++++++++++++++++++++++---- 3 files changed, 82 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index a276446..99ae572 100644 --- a/README.md +++ b/README.md @@ -134,12 +134,12 @@ Most aspects of your cluster setup can be customized with environment variables. Defaults to `false`. - - **DNS_PROVIDER** defines which dns provider to use. Options are: `kube-dns` and `coredns`. + - **DNS_PROVIDER** defines which DNS provider to use. Options are: `kube-dns` and `coredns`. - Defaults to `kube-dns`. + Defaults to `coredns`. - **AUTHORIZATION_MODE** setting this to `RBAC` enables RBAC for the kubernetes cluster. - + Defaults to `AlwaysAllow`. So, in order to start, say, a Kubernetes cluster with 3 worker nodes, 4GB of RAM and 4 vCPUs per node one just would run: diff --git a/Vagrantfile b/Vagrantfile index d3dc167..9edd787 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -117,7 +117,7 @@ NODE_CPUS = ENV['NODE_CPUS'] || 2 BASE_IP_ADDR = ENV['BASE_IP_ADDR'] || "172.17.8" -DNS_PROVIDER = ENV['DNS_PROVIDER'] || "kube-dns" +DNS_PROVIDER = ENV['DNS_PROVIDER'] || "coredns" DNS_DOMAIN = ENV['DNS_DOMAIN'] || "cluster.local" SERIAL_LOGGING = (ENV['SERIAL_LOGGING'].to_s.downcase == 'true') @@ -255,7 +255,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # give setup file executable permissions system "chmod +x temp/setup" - + if DNS_PROVIDER == "kube-dns" # create dns-deployment.yaml file dnsFile = "#{__dir__}/temp/dns-deployment.yaml" @@ -271,7 +271,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end else if DNS_PROVIDER == "coredns" system "#{__dir__}/plugins/dns/coredns/deploy.sh 10.100.0.10/24 #{DNS_DOMAIN} #{__dir__}/plugins/dns/coredns/coredns.yaml.sed > #{__dir__}/temp/coredns-deployment.yaml" - end + end end end @@ -322,7 +322,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end info "Configuring Kubernetes DNS..." - + if DNS_PROVIDER == "kube-dns" res, uri.path = nil, '/api/v1/namespaces/kube-system/replicationcontrollers/kube-dns' begin @@ -409,7 +409,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # copy setup files to master vm if host is windows if OS.windows? kHost.vm.provision :file, :source => File.join(File.dirname(__FILE__), "temp/setup"), :destination => "/home/core/kubectlsetup" - + if DNS_PROVIDER == "kube-dns" kHost.vm.provision :file, :source => File.join(File.dirname(__FILE__), "plugins/dns/kube-dns/dns-configmap.yaml"), :destination => "/home/core/dns-configmap.yaml" kHost.vm.provision :file, :source => File.join(File.dirname(__FILE__), "temp/dns-deployment.yaml"), :destination => "/home/core/dns-deployment.yaml" diff --git a/plugins/dns/coredns/coredns.yaml.sed b/plugins/dns/coredns/coredns.yaml.sed index 6eea118..c1412cc 100644 --- a/plugins/dns/coredns/coredns.yaml.sed +++ b/plugins/dns/coredns/coredns.yaml.sed @@ -1,22 +1,69 @@ apiVersion: v1 +kind: ServiceAccount +metadata: + name: coredns + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubernetes.io/bootstrapping: rbac-defaults + addonmanager.kubernetes.io/mode: Reconcile + name: system:coredns +rules: +- apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + addonmanager.kubernetes.io/mode: EnsureExists + name: system:coredns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:coredns +subjects: +- kind: ServiceAccount + name: coredns + namespace: kube-system +--- +apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system + labels: + addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | .:53 { errors log stdout health - kubernetes CLUSTER_DOMAIN { - cidrs SERVICE_CIDR - } + kubernetes CLUSTER_DOMAIN SERVICE_CIDR + prometheus proxy . /etc/resolv.conf cache 30 } --- -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: coredns @@ -24,6 +71,7 @@ metadata: labels: k8s-app: coredns kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: replicas: 1 @@ -34,14 +82,23 @@ spec: metadata: labels: k8s-app: coredns - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: + serviceAccountName: coredns + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + - key: "CriticalAddonsOnly" + operator: "Exists" containers: - name: coredns - image: coredns/coredns:010 - imagePullPolicy: Always + image: coredns/coredns:0.9.10 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume @@ -53,6 +110,9 @@ spec: - containerPort: 53 name: dns-tcp protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP livenessProbe: httpGet: path: /health @@ -74,11 +134,12 @@ spec: apiVersion: v1 kind: Service metadata: - name: kube-dns + name: coredns namespace: kube-system labels: k8s-app: coredns kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: selector: @@ -90,4 +151,7 @@ spec: protocol: UDP - name: dns-tcp port: 53 + protocol: TCP + - name: metrics + port: 9153 protocol: TCP \ No newline at end of file