Add CoreDNS as an optional addon in kube-up

2025-09-03 02:07:38 +00:00 · 2017-11-13 14:06:50 -05:00
parent 81fa823a6c
commit 5c7392368f
12 changed files with 512 additions and 27 deletions
--- a/cluster/addons/dns/Makefile
+++ b/cluster/addons/dns/Makefile
@@ -29,6 +29,6 @@ all: transform
 %.sed: %.base
 	sed -f transforms2sed.sed $<  | sed s/__SOURCE_FILENAME__/$</g > $@
-transform: kube-dns.yaml.in kube-dns.yaml.sed
+transform: kube-dns.yaml.in kube-dns.yaml.sed coredns.yaml.in coredns.yaml.sed
 .PHONY: transform
--- a/cluster/addons/dns/coredns.yaml.base
+++ b/cluster/addons/dns/coredns.yaml.base
@@ -0,0 +1,153 @@
 # __MACHINE_GENERATED_WARNING__
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
 rules:
 - apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
 subjects:
 - kind: ServiceAccount
  name: coredns
  namespace: kube-system
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: coredns
  namespace: kube-system
  labels:
      addonmanager.kubernetes.io/mode: EnsureExists
 data:
  Corefile: |
    .:53 {
        errors
        log stdout
        health
        kubernetes __PILLAR__DNS__DOMAIN__ __PILLAR__CLUSTER_CIDR__
        prometheus
        proxy . /etc/resolv.conf
        cache 30
    }
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
 spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
    spec:
      serviceAccountName: coredns
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
        - key: "CriticalAddonsOnly"
          operator: "Exists"
      containers:
      - name: coredns
        image: coredns/coredns:0.9.10
        imagePullPolicy: IfNotPresent
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
 spec:
  selector:
    k8s-app: coredns
  clusterIP: __PILLAR__DNS__SERVER__
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
  - name: metrics
    port: 9153
    protocol: TCP
--- a/cluster/addons/dns/coredns.yaml.in
+++ b/cluster/addons/dns/coredns.yaml.in
@@ -0,0 +1,153 @@
 # Warning: This is a file generated from the base underscore template file: coredns.yaml.base
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
 rules:
 - apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
 subjects:
 - kind: ServiceAccount
  name: coredns
  namespace: kube-system
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: coredns
  namespace: kube-system
  labels:
      addonmanager.kubernetes.io/mode: EnsureExists
 data:
  Corefile: |
    .:53 {
        errors
        log stdout
        health
        kubernetes {{ pillar['dns_domain'] }} {{ pillar['service_cluster_ip_range'] }}
        prometheus
        proxy . /etc/resolv.conf
        cache 30
    }
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
 spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
    spec:
      serviceAccountName: coredns
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
        - key: "CriticalAddonsOnly"
          operator: "Exists"
      containers:
      - name: coredns
        image: coredns/coredns:0.9.10
        imagePullPolicy: IfNotPresent
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
 spec:
  selector:
    k8s-app: coredns
  clusterIP: {{ pillar['dns_server'] }}
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
  - name: metrics
    port: 9153
    protocol: TCP
--- a/cluster/addons/dns/coredns.yaml.sed
+++ b/cluster/addons/dns/coredns.yaml.sed
@@ -0,0 +1,153 @@
 # Warning: This is a file generated from the base underscore template file: coredns.yaml.base
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
 rules:
 - apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
 subjects:
 - kind: ServiceAccount
  name: coredns
  namespace: kube-system
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: coredns
  namespace: kube-system
  labels:
      addonmanager.kubernetes.io/mode: EnsureExists
 data:
  Corefile: |
    .:53 {
        errors
        log stdout
        health
        kubernetes $DNS_DOMAIN $SERVICE_CLUSTER_IP_RANGE
        prometheus
        proxy . /etc/resolv.conf
        cache 30
    }
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
 spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
    spec:
      serviceAccountName: coredns
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
        - key: "CriticalAddonsOnly"
          operator: "Exists"
      containers:
      - name: coredns
        image: coredns/coredns:0.9.10
        imagePullPolicy: IfNotPresent
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
 spec:
  selector:
    k8s-app: coredns
  clusterIP: $DNS_SERVER_IP
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
  - name: metrics
    port: 9153
    protocol: TCP
--- a/cluster/addons/dns/transforms2salt.sed
+++ b/cluster/addons/dns/transforms2salt.sed
@@ -1,3 +1,4 @@
 s/__PILLAR__DNS__SERVER__/{{ pillar['dns_server'] }}/g
 s/__PILLAR__DNS__DOMAIN__/{{ pillar['dns_domain'] }}/g
 s/__PILLAR__CLUSTER_CIDR__/{{ pillar['service_cluster_ip_range'] }}/g
 s/__MACHINE_GENERATED_WARNING__/Warning: This is a file generated from the base underscore template file: __SOURCE_FILENAME__/g
--- a/cluster/addons/dns/transforms2sed.sed
+++ b/cluster/addons/dns/transforms2sed.sed
@@ -1,3 +1,4 @@
 s/__PILLAR__DNS__SERVER__/$DNS_SERVER_IP/g
 s/__PILLAR__DNS__DOMAIN__/$DNS_DOMAIN/g
 s/__PILLAR__CLUSTER_CIDR__/$SERVICE_CLUSTER_IP_RANGE/g
 s/__MACHINE_GENERATED_WARNING__/Warning: This is a file generated from the base underscore template file: __SOURCE_FILENAME__/g
--- a/cluster/common.sh
+++ b/cluster/common.sh
@@ -622,6 +622,7 @@ ENABLE_RESCHEDULER: $(yaml-quote ${ENABLE_RESCHEDULER:-false})
 LOGGING_DESTINATION: $(yaml-quote ${LOGGING_DESTINATION:-})
 ELASTICSEARCH_LOGGING_REPLICAS: $(yaml-quote ${ELASTICSEARCH_LOGGING_REPLICAS:-})
 ENABLE_CLUSTER_DNS: $(yaml-quote ${ENABLE_CLUSTER_DNS:-false})
 CLUSTER_DNS_CORE_DNS: $(yaml-quote ${CLUSTER_DNS_CORE_DNS:-false})
 ENABLE_CLUSTER_REGISTRY: $(yaml-quote ${ENABLE_CLUSTER_REGISTRY:-false})
 CLUSTER_REGISTRY_DISK: $(yaml-quote ${CLUSTER_REGISTRY_DISK:-})
 CLUSTER_REGISTRY_DISK_SIZE: $(yaml-quote ${CLUSTER_REGISTRY_DISK_SIZE:-})
--- a/cluster/gce/config-default.sh
+++ b/cluster/gce/config-default.sh
@@ -201,6 +201,7 @@ if [[ ! -z "${NODE_ACCELERATORS}" ]]; then
 fi
 # Optional: Install cluster DNS.
 CLUSTER_DNS_CORE_DNS="${CLUSTER_DNS_CORE_DNS:-false}"
 ENABLE_CLUSTER_DNS="${KUBE_ENABLE_CLUSTER_DNS:-true}"
 DNS_SERVER_IP="${KUBE_DNS_SERVER_IP:-10.0.0.10}"
 DNS_DOMAIN="${KUBE_DNS_DOMAIN:-cluster.local}"
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@@ -238,6 +238,7 @@ if [[ ${KUBE_ENABLE_INSECURE_REGISTRY:-false} == "true" ]]; then
 fi
 # Optional: Install cluster DNS.
 CLUSTER_DNS_CORE_DNS="${CLUSTER_DNS_CORE_DNS:-true}"
 ENABLE_CLUSTER_DNS="${KUBE_ENABLE_CLUSTER_DNS:-true}"
 DNS_SERVER_IP="10.0.0.10"
 DNS_DOMAIN="cluster.local"
--- a/cluster/gce/configure-vm.sh
+++ b/cluster/gce/configure-vm.sh
@@ -422,6 +422,7 @@ enable_rescheduler: '$(echo "$ENABLE_RESCHEDULER" | sed -e "s/'/''/g")'
 logging_destination: '$(echo "$LOGGING_DESTINATION" | sed -e "s/'/''/g")'
 elasticsearch_replicas: '$(echo "$ELASTICSEARCH_LOGGING_REPLICAS" | sed -e "s/'/''/g")'
 enable_cluster_dns: '$(echo "$ENABLE_CLUSTER_DNS" | sed -e "s/'/''/g")'
 cluster_dns_core_dns: '$(echo "$CLUSTER_DNS_CORE_DNS" | sed -e "s/'/''/g")'
 enable_cluster_registry: '$(echo "$ENABLE_CLUSTER_REGISTRY" | sed -e "s/'/''/g")'
 dns_server: '$(echo "$DNS_SERVER_IP" | sed -e "s/'/''/g")'
 dns_domain: '$(echo "$DNS_DOMAIN" | sed -e "s/'/''/g")'
--- a/cluster/gce/container-linux/configure-helper.sh
+++ b/cluster/gce/container-linux/configure-helper.sh
@@ -1293,22 +1293,32 @@ EOF
    setup-addon-manifests "addons" "metrics-server"
  fi
  if [[ "${ENABLE_CLUSTER_DNS:-}" == "true" ]]; then
-    setup-addon-manifests "addons" "dns"
+    if [[ "${CLUSTER_DNS_CORE_DNS:-}" == "true" ]]; then
-    local -r kubedns_file="${dst_dir}/dns/kube-dns.yaml"
+      setup-addon-manifests "addons" "dns"
-    mv "${dst_dir}/dns/kube-dns.yaml.in" "${kubedns_file}"
+      local -r coredns_file="${dst_dir}/dns/coredns.yaml"
-    if [ -n "${CUSTOM_KUBE_DNS_YAML:-}" ]; then
+      mv "${dst_dir}/dns/coredns.yaml.in" "${coredns_file}"
-      # Replace with custom GKE kube-dns deployment.
+      # Replace the salt configurations with variable values.
-      cat > "${kubedns_file}" <<EOF
+      sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${coredns_file}"
      sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${coredns_file}"
      sed -i -e "s@{{ *pillar\['service_cluster_ip_range'\] *}}@${SERVICE_CLUSTER_IP_RANGE}@g" "${coredns_file}"
    else
      setup-addon-manifests "addons" "dns"
      local -r kubedns_file="${dst_dir}/dns/kube-dns.yaml"
      mv "${dst_dir}/dns/kube-dns.yaml.in" "${kubedns_file}"
      if [ -n "${CUSTOM_KUBE_DNS_YAML:-}" ]; then
        # Replace with custom GKE kube-dns deployment.
        cat > "${kubedns_file}" <<EOF
 $(echo "$CUSTOM_KUBE_DNS_YAML")
 EOF
-      update-prometheus-to-sd-parameters ${kubedns_file}
+        update-prometheus-to-sd-parameters ${kubedns_file}
-    fi
+      fi
-    # Replace the salt configurations with variable values.
+      # Replace the salt configurations with variable values.
-    sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${kubedns_file}"
+      sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${kubedns_file}"
-    sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${kubedns_file}"
+      sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${kubedns_file}"
-    if [[ "${ENABLE_DNS_HORIZONTAL_AUTOSCALER:-}" == "true" ]]; then
+      if [[ "${ENABLE_DNS_HORIZONTAL_AUTOSCALER:-}" == "true" ]]; then
-      setup-addon-manifests "addons" "dns-horizontal-autoscaler"
+        setup-addon-manifests "addons" "dns-horizontal-autoscaler"
      fi
    fi
  fi
  if [[ "${ENABLE_CLUSTER_REGISTRY:-}" == "true" ]]; then
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1837,22 +1837,32 @@ EOF
    setup-addon-manifests "addons" "metrics-server"
  fi
  if [[ "${ENABLE_CLUSTER_DNS:-}" == "true" ]]; then
-    setup-addon-manifests "addons" "dns"
+    if [[ "${CLUSTER_DNS_CORE_DNS:-}" == "true" ]]; then
-    local -r kubedns_file="${dst_dir}/dns/kube-dns.yaml"
+      setup-addon-manifests "addons" "dns"
-    mv "${dst_dir}/dns/kube-dns.yaml.in" "${kubedns_file}"
+      local -r coredns_file="${dst_dir}/dns/coredns.yaml"
-    if [ -n "${CUSTOM_KUBE_DNS_YAML:-}" ]; then
+      mv "${dst_dir}/dns/coredns.yaml.in" "${coredns_file}"
-      # Replace with custom GKE kube-dns deployment.
+      # Replace the salt configurations with variable values.
-      cat > "${kubedns_file}" <<EOF
+      sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${coredns_file}"
      sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${coredns_file}"
      sed -i -e "s@{{ *pillar\['service_cluster_ip_range'\] *}}@${SERVICE_CLUSTER_IP_RANGE}@g" "${coredns_file}"
    else
      setup-addon-manifests "addons" "dns"
      local -r kubedns_file="${dst_dir}/dns/kube-dns.yaml"
      mv "${dst_dir}/dns/kube-dns.yaml.in" "${kubedns_file}"
      if [ -n "${CUSTOM_KUBE_DNS_YAML:-}" ]; then
        # Replace with custom GKE kube-dns deployment.
        cat > "${kubedns_file}" <<EOF
 $(echo "$CUSTOM_KUBE_DNS_YAML")
 EOF
-      update-prometheus-to-sd-parameters ${kubedns_file}
+        update-prometheus-to-sd-parameters ${kubedns_file}
-    fi
+      fi
-    # Replace the salt configurations with variable values.
+      # Replace the salt configurations with variable values.
-    sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${kubedns_file}"
+      sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${kubedns_file}"
-    sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${kubedns_file}"
+      sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${kubedns_file}"
-    if [[ "${ENABLE_DNS_HORIZONTAL_AUTOSCALER:-}" == "true" ]]; then
+      if [[ "${ENABLE_DNS_HORIZONTAL_AUTOSCALER:-}" == "true" ]]; then
-      setup-addon-manifests "addons" "dns-horizontal-autoscaler"
+        setup-addon-manifests "addons" "dns-horizontal-autoscaler"
      fi
    fi
  fi
  if [[ "${ENABLE_CLUSTER_REGISTRY:-}" == "true" ]]; then