diff --git a/cluster/addons/dns/coredns.yaml.base b/cluster/addons/dns/coredns.yaml.base index 533a4f02af1..c671d963007 100644 --- a/cluster/addons/dns/coredns.yaml.base +++ b/cluster/addons/dns/coredns.yaml.base @@ -57,12 +57,13 @@ data: Corefile: | .:53 { errors - log health kubernetes __PILLAR__DNS__DOMAIN__ __PILLAR__CLUSTER_CIDR__ { pods insecure + upstream /etc/resolv.conf + fallthrough in-addr.arpa ip6.arpa } - prometheus + prometheus :9153 proxy . /etc/resolv.conf cache 30 } @@ -78,7 +79,11 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: - replicas: 1 + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 selector: matchLabels: k8s-app: coredns @@ -93,9 +98,21 @@ spec: effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - coredns + topologyKey: kubernetes.io/hostname containers: - name: coredns - image: coredns/coredns:1.0.1 + image: coredns/coredns:1.0.4 imagePullPolicy: IfNotPresent resources: limits: @@ -114,9 +131,6 @@ spec: - containerPort: 53 name: dns-tcp protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP livenessProbe: httpGet: path: /health @@ -156,6 +170,3 @@ spec: - name: dns-tcp port: 53 protocol: TCP - - name: metrics - port: 9153 - protocol: TCP diff --git a/cluster/addons/dns/coredns.yaml.in b/cluster/addons/dns/coredns.yaml.in index e56084a3cc9..a83247456c9 100644 --- a/cluster/addons/dns/coredns.yaml.in +++ b/cluster/addons/dns/coredns.yaml.in @@ -57,12 +57,13 @@ data: Corefile: | .:53 { errors - log health kubernetes {{ pillar['dns_domain'] }} {{ pillar['service_cluster_ip_range'] }} { pods insecure + upstream /etc/resolv.conf + fallthrough in-addr.arpa ip6.arpa } - prometheus + prometheus :9153 proxy . /etc/resolv.conf cache 30 } @@ -78,7 +79,11 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: - replicas: 1 + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 selector: matchLabels: k8s-app: coredns @@ -93,9 +98,21 @@ spec: effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - coredns + topologyKey: kubernetes.io/hostname containers: - name: coredns - image: coredns/coredns:1.0.1 + image: coredns/coredns:1.0.4 imagePullPolicy: IfNotPresent resources: limits: @@ -114,9 +131,6 @@ spec: - containerPort: 53 name: dns-tcp protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP livenessProbe: httpGet: path: /health @@ -156,6 +170,3 @@ spec: - name: dns-tcp port: 53 protocol: TCP - - name: metrics - port: 9153 - protocol: TCP diff --git a/cluster/addons/dns/coredns.yaml.sed b/cluster/addons/dns/coredns.yaml.sed index 4ec582f2edd..11f1dd62405 100644 --- a/cluster/addons/dns/coredns.yaml.sed +++ b/cluster/addons/dns/coredns.yaml.sed @@ -57,12 +57,13 @@ data: Corefile: | .:53 { errors - log health kubernetes $DNS_DOMAIN $SERVICE_CLUSTER_IP_RANGE { pods insecure + upstream /etc/resolv.conf + fallthrough in-addr.arpa ip6.arpa } - prometheus + prometheus :9153 proxy . /etc/resolv.conf cache 30 } @@ -78,7 +79,11 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: - replicas: 1 + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 selector: matchLabels: k8s-app: coredns @@ -93,9 +98,21 @@ spec: effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - coredns + topologyKey: kubernetes.io/hostname containers: - name: coredns - image: coredns/coredns:1.0.1 + image: coredns/coredns:1.0.4 imagePullPolicy: IfNotPresent resources: limits: @@ -114,9 +131,6 @@ spec: - containerPort: 53 name: dns-tcp protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP livenessProbe: httpGet: path: /health @@ -156,6 +170,3 @@ spec: - name: dns-tcp port: 53 protocol: TCP - - name: metrics - port: 9153 - protocol: TCP diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go index e2d0f60a3d1..b3d1ee8f07d 100644 --- a/cmd/kubeadm/app/phases/addons/dns/manifests.go +++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go @@ -224,7 +224,11 @@ metadata: labels: k8s-app: kube-dns spec: - replicas: 1 + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns @@ -239,6 +243,18 @@ spec: operator: Exists - key: {{ .MasterTaintKey }} effect: NoSchedule + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - coredns + topologyKey: kubernetes.io/hostname containers: - name: coredns image: coredns/coredns:{{ .Version }} @@ -260,9 +276,6 @@ spec: - containerPort: 53 name: dns-tcp protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP livenessProbe: httpGet: path: /health @@ -293,12 +306,13 @@ data: Corefile: | .:53 { errors - log health kubernetes {{ .DNSDomain }} {{ .ServiceCIDR }} { pods insecure + upstream /etc/resolv.conf + fallthrough in-addr.arpa ip6.arpa } - prometheus + prometheus :9153 proxy . /etc/resolv.conf cache 30 } diff --git a/cmd/kubeadm/app/phases/addons/dns/versions.go b/cmd/kubeadm/app/phases/addons/dns/versions.go index 7afca5ce718..4ab029cd4f5 100644 --- a/cmd/kubeadm/app/phases/addons/dns/versions.go +++ b/cmd/kubeadm/app/phases/addons/dns/versions.go @@ -23,13 +23,13 @@ import ( const ( kubeDNSv190AndAboveVersion = "1.14.8" - coreDNSVersion = "1.0.1" + coreDNSVersion = "1.0.4" ) // GetDNSVersion returns the right kube-dns version for a specific k8s version func GetDNSVersion(kubeVersion *version.Version, dns string) string { // v1.9.0+ uses kube-dns 1.14.8 - // v1.9.0+ uses CoreDNS 1.0.1 if feature gate "CoreDNS" is enabled. + // v1.9.0+ uses CoreDNS 1.0.4 if feature gate "CoreDNS" is enabled. // In the future when the version is bumped at HEAD; add conditional logic to return the right versions // Also, the version might be bumped for different k8s releases on the same branch