add upstream

add pod affinity

cluster/addons/dns/coredns.yaml.base

@@ -57,12 +57,13 @@ data:
   Corefile: |
     .:53 {
         errors
-        log
         health
         kubernetes __PILLAR__DNS__DOMAIN__ __PILLAR__CLUSTER_CIDR__ {
             pods insecure
+            upstream /etc/resolv.conf
+            fallthrough in-addr.arpa ip6.arpa
         }
-        prometheus
+        prometheus :9153
         proxy . /etc/resolv.conf
         cache 30
     }
@@ -78,7 +79,11 @@ metadata:
     addonmanager.kubernetes.io/mode: Reconcile
     kubernetes.io/name: "CoreDNS"
 spec:
-  replicas: 1
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
   selector:
     matchLabels:
       k8s-app: coredns
@@ -93,9 +98,21 @@ spec:
           effect: NoSchedule
         - key: "CriticalAddonsOnly"
           operator: "Exists"
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: k8s-app
+                  operator: In
+                  values:
+                  - coredns
+                topologyKey: kubernetes.io/hostname
       containers:
       - name: coredns
-        image: coredns/coredns:1.0.1
+        image: coredns/coredns:1.0.4
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -114,9 +131,6 @@ spec:
         - containerPort: 53
           name: dns-tcp
           protocol: TCP
-        - containerPort: 9153
-          name: metrics
-          protocol: TCP
         livenessProbe:
           httpGet:
             path: /health
@@ -156,6 +170,3 @@ spec:
   - name: dns-tcp
     port: 53
     protocol: TCP
-  - name: metrics
-    port: 9153
-    protocol: TCP

cluster/addons/dns/coredns.yaml.in

@@ -57,12 +57,13 @@ data:
   Corefile: |
     .:53 {
         errors
-        log
         health
         kubernetes {{ pillar['dns_domain'] }} {{ pillar['service_cluster_ip_range'] }} {
             pods insecure
+            upstream /etc/resolv.conf
+            fallthrough in-addr.arpa ip6.arpa
         }
-        prometheus
+        prometheus :9153
         proxy . /etc/resolv.conf
         cache 30
     }
@@ -78,7 +79,11 @@ metadata:
     addonmanager.kubernetes.io/mode: Reconcile
     kubernetes.io/name: "CoreDNS"
 spec:
-  replicas: 1
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
   selector:
     matchLabels:
       k8s-app: coredns
@@ -93,9 +98,21 @@ spec:
           effect: NoSchedule
         - key: "CriticalAddonsOnly"
           operator: "Exists"
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: k8s-app
+                  operator: In
+                  values:
+                  - coredns
+                topologyKey: kubernetes.io/hostname
       containers:
       - name: coredns
-        image: coredns/coredns:1.0.1
+        image: coredns/coredns:1.0.4
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -114,9 +131,6 @@ spec:
         - containerPort: 53
           name: dns-tcp
           protocol: TCP
-        - containerPort: 9153
-          name: metrics
-          protocol: TCP
         livenessProbe:
           httpGet:
             path: /health
@@ -156,6 +170,3 @@ spec:
   - name: dns-tcp
     port: 53
     protocol: TCP
-  - name: metrics
-    port: 9153
-    protocol: TCP

cluster/addons/dns/coredns.yaml.sed

@@ -57,12 +57,13 @@ data:
   Corefile: |
     .:53 {
         errors
-        log
         health
         kubernetes $DNS_DOMAIN $SERVICE_CLUSTER_IP_RANGE {
             pods insecure
+            upstream /etc/resolv.conf
+            fallthrough in-addr.arpa ip6.arpa
         }
-        prometheus
+        prometheus :9153
         proxy . /etc/resolv.conf
         cache 30
     }
@@ -78,7 +79,11 @@ metadata:
     addonmanager.kubernetes.io/mode: Reconcile
     kubernetes.io/name: "CoreDNS"
 spec:
-  replicas: 1
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
   selector:
     matchLabels:
       k8s-app: coredns
@@ -93,9 +98,21 @@ spec:
           effect: NoSchedule
         - key: "CriticalAddonsOnly"
           operator: "Exists"
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: k8s-app
+                  operator: In
+                  values:
+                  - coredns
+                topologyKey: kubernetes.io/hostname
       containers:
       - name: coredns
-        image: coredns/coredns:1.0.1
+        image: coredns/coredns:1.0.4
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -114,9 +131,6 @@ spec:
         - containerPort: 53
           name: dns-tcp
           protocol: TCP
-        - containerPort: 9153
-          name: metrics
-          protocol: TCP
         livenessProbe:
           httpGet:
             path: /health
@@ -156,6 +170,3 @@ spec:
   - name: dns-tcp
     port: 53
     protocol: TCP
-  - name: metrics
-    port: 9153
-    protocol: TCP

cmd/kubeadm/app/phases/addons/dns/manifests.go

@@ -224,7 +224,11 @@ metadata:
   labels:
     k8s-app: kube-dns
 spec:
-  replicas: 1
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
   selector:
     matchLabels:
       k8s-app: kube-dns
@@ -239,6 +243,18 @@ spec:
         operator: Exists
       - key: {{ .MasterTaintKey }}
         effect: NoSchedule
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: k8s-app
+                  operator: In
+                  values:
+                  - coredns
+              topologyKey: kubernetes.io/hostname
       containers:
       - name: coredns
         image: coredns/coredns:{{ .Version }}
@@ -260,9 +276,6 @@ spec:
         - containerPort: 53
           name: dns-tcp
           protocol: TCP
-        - containerPort: 9153
-          name: metrics
-          protocol: TCP
         livenessProbe:
           httpGet:
             path: /health
@@ -293,12 +306,13 @@ data:
   Corefile: |
     .:53 {
         errors
-        log
         health
         kubernetes {{ .DNSDomain }} {{ .ServiceCIDR }} {
            pods insecure
+           upstream /etc/resolv.conf
+           fallthrough in-addr.arpa ip6.arpa
         }
-        prometheus
+        prometheus :9153
         proxy . /etc/resolv.conf
         cache 30
     }

cmd/kubeadm/app/phases/addons/dns/versions.go

@@ -23,13 +23,13 @@ import (
 
 const (
 	kubeDNSv190AndAboveVersion = "1.14.8"
-	coreDNSVersion             = "1.0.1"
+	coreDNSVersion             = "1.0.4"
 )
 
 // GetDNSVersion returns the right kube-dns version for a specific k8s version
 func GetDNSVersion(kubeVersion *version.Version, dns string) string {
 	// v1.9.0+ uses kube-dns 1.14.8
-	// v1.9.0+ uses CoreDNS  1.0.1 if feature gate "CoreDNS" is enabled.
+	// v1.9.0+ uses CoreDNS  1.0.4 if feature gate "CoreDNS" is enabled.
 
 	// In the future when the version is bumped at HEAD; add conditional logic to return the right versions
 	// Also, the version might be bumped for different k8s releases on the same branch