From e57b86795734c9188d1d42cd906a29a9e926024b Mon Sep 17 00:00:00 2001 From: Sandeep Rajan Date: Fri, 24 May 2019 10:34:13 -0400 Subject: [PATCH 1/5] add coredns migration support to upgrade.sh --- cluster/gce/upgrade.sh | 83 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/cluster/gce/upgrade.sh b/cluster/gce/upgrade.sh index b3460808165..60a7b9d4ae3 100755 --- a/cluster/gce/upgrade.sh +++ b/cluster/gce/upgrade.sh @@ -439,6 +439,85 @@ function do-node-upgrade() { echo "== Finished upgrading nodes to ${KUBE_VERSION}. ==" >&2 } + +function update-coredns-config() { + # Get the current CoreDNS version + local -r coredns_addon_path="/etc/kubernetes/addons/0-dns/coredns" + local -r tmpdir=/tmp + local -r download_dir=$(mktemp --tmpdir=${tmpdir} -d coredns-migration.XXXXXXXXXX) || exit 1 + + # Get the new installed CoreDNS version + echo "Waiting for CoreDNS to update" + until [[ $(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.metadata.resourceVersion}') -ne ${COREDNS_DEPLOY_RESOURCE_VERSION} ]]; do + sleep 1 + done + echo "Fetching the latest installed CoreDNS version" + NEW_COREDNS_VERSION=$(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d ":" -f 2) + + case "$(uname -m)" in + x86_64*) + host_arch=amd64 + ;; + i?86_64*) + host_arch=amd64 + ;; + amd64*) + host_arch=amd64 + ;; + aarch64*) + host_arch=arm64 + ;; + arm64*) + host_arch=arm64 + ;; + arm*) + host_arch=arm + ;; + i?86*) + host_arch=x86 + ;; + s390x*) + host_arch=s390x + ;; + ppc64le*) + host_arch=ppc64le + ;; + *) + echo "Unsupported host arch. Must be x86_64, 386, arm, arm64, s390x or ppc64le." >&2 + exit 1 + ;; + esac + + # Download the CoreDNS migration tool + echo "== Downloading the CoreDNS migration tool ==" + wget -P ${download_dir} "https://github.com/coredns/corefile-migration/releases/download/v1.0.2/corefile-tool-${host_arch}" >/dev/null 2>&1 + chmod +x ${download_dir}/corefile-tool-${host_arch} + + # Migrate the CoreDNS ConfigMap depending on whether it is being downgraded or upgraded. + ${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get cm coredns -o jsonpath='{.data.Corefile}' > ${download_dir}/Corefile-old + + if test "$(printf '%s\n' ${CURRENT_COREDNS_VERSION} ${NEW_COREDNS_VERSION} | sort -V | head -n 1)" != ${NEW_COREDNS_VERSION}; then + echo "== Upgrading the CoreDNS ConfigMap ==" + ./corefile-tool-${host_arch} migrate --from ${CURRENT_COREDNS_VERSION} --to ${NEW_COREDNS_VERSION} --corefile ${download_dir}/Corefile-old > ${download_dir}/Corefile + ${KUBE_ROOT}/cluster/kubectl.sh -n kube-system create configmap coredns --from-file ${download_dir}/Corefile -o yaml --dry-run | ${KUBE_ROOT}/cluster/kubectl.sh apply -f - + else + # In case of a downgrade, a custom CoreDNS Corefile will be overwritten by a default Corefile. In that case, + # the user will need to manually modify the resulting (default) Corefile after the downgrade is complete. + echo "== Applying the latest default CoreDNS configuration ==" + gcloud compute --project ${PROJECT} scp --zone ${ZONE} ${MASTER_NAME}:${coredns_addon_path}/coredns.yaml ${download_dir}/coredns-manifest.yaml > /dev/null + ${KUBE_ROOT}/cluster/kubectl.sh apply -f ${download_dir}/coredns-manifest.yaml + fi + + # clean up + rm -rf ${download_dir} + + echo "== The CoreDNS Config has been updated ==" +} + +echo "Fetching the previously installed CoreDNS version" +CURRENT_COREDNS_VERSION=$(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d ":" -f 2) +COREDNS_DEPLOY_RESOURCE_VERSION=$(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.metadata.resourceVersion}') + master_upgrade=true node_upgrade=true node_prereqs=false @@ -580,6 +659,10 @@ if [[ "${node_upgrade}" == "true" ]]; then fi fi +if [[ "${CLUSTER_DNS_CORE_DNS:-}" == "true" ]]; then + update-coredns-config +fi + echo "== Validating cluster post-upgrade ==" "${KUBE_ROOT}/cluster/validate-cluster.sh" From 7980da9f46fa1c5da9e9e35bcf35a67c5f3523eb Mon Sep 17 00:00:00 2001 From: Sandeep Rajan Date: Thu, 15 Aug 2019 11:45:47 -0400 Subject: [PATCH 2/5] bump coredns to 1.5.0 --- build/dependencies.yaml | 2 +- cluster/addons/dns/coredns/coredns.yaml.base | 8 ++++---- cluster/addons/dns/coredns/coredns.yaml.in | 8 ++++---- cluster/addons/dns/coredns/coredns.yaml.sed | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 48739c27b4e..ff1226ac381 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -63,7 +63,7 @@ dependencies: - name: "coredns-kube-up" - version: 1.3.1 + version: 1.5.0 refPaths: - path: cluster/addons/dns/coredns/coredns.yaml.base match: k8s.gcr.io/coredns diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base index f89f56a740f..4bb74125103 100644 --- a/cluster/addons/dns/coredns/coredns.yaml.base +++ b/cluster/addons/dns/coredns/coredns.yaml.base @@ -64,9 +64,9 @@ data: .:53 { errors health + ready kubernetes __PILLAR__DNS__DOMAIN__ in-addr.arpa ip6.arpa { pods insecure - upstream fallthrough in-addr.arpa ip6.arpa ttl 30 } @@ -116,7 +116,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: k8s.gcr.io/coredns:1.3.1 + image: k8s.gcr.io/coredns:1.5.0 imagePullPolicy: IfNotPresent resources: limits: @@ -150,8 +150,8 @@ spec: failureThreshold: 5 readinessProbe: httpGet: - path: /health - port: 8080 + path: /ready + port: 8181 scheme: HTTP securityContext: allowPrivilegeEscalation: false diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in index c70c8bff674..11efa9d886a 100644 --- a/cluster/addons/dns/coredns/coredns.yaml.in +++ b/cluster/addons/dns/coredns/coredns.yaml.in @@ -64,9 +64,9 @@ data: .:53 { errors health + ready kubernetes {{ pillar['dns_domain'] }} in-addr.arpa ip6.arpa { pods insecure - upstream fallthrough in-addr.arpa ip6.arpa ttl 30 } @@ -116,7 +116,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: k8s.gcr.io/coredns:1.3.1 + image: k8s.gcr.io/coredns:1.5.0 imagePullPolicy: IfNotPresent resources: limits: @@ -150,8 +150,8 @@ spec: failureThreshold: 5 readinessProbe: httpGet: - path: /health - port: 8080 + path: /ready + port: 8181 scheme: HTTP securityContext: allowPrivilegeEscalation: false diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed index 556afa76042..b02caa1655a 100644 --- a/cluster/addons/dns/coredns/coredns.yaml.sed +++ b/cluster/addons/dns/coredns/coredns.yaml.sed @@ -64,9 +64,9 @@ data: .:53 { errors health + ready kubernetes $DNS_DOMAIN in-addr.arpa ip6.arpa { pods insecure - upstream fallthrough in-addr.arpa ip6.arpa ttl 30 } @@ -116,7 +116,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: k8s.gcr.io/coredns:1.3.1 + image: k8s.gcr.io/coredns:1.5.0 imagePullPolicy: IfNotPresent resources: limits: @@ -150,8 +150,8 @@ spec: failureThreshold: 5 readinessProbe: httpGet: - path: /health - port: 8080 + path: /ready + port: 8181 scheme: HTTP securityContext: allowPrivilegeEscalation: false From 3b6b7f99b0e33df0c62eba07ee9e0dd9edfca6f3 Mon Sep 17 00:00:00 2001 From: Sandeep Rajan Date: Wed, 28 Aug 2019 16:03:28 -0400 Subject: [PATCH 3/5] add checksum --- cluster/gce/upgrade.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cluster/gce/upgrade.sh b/cluster/gce/upgrade.sh index 60a7b9d4ae3..23d9dc4c0c3 100755 --- a/cluster/gce/upgrade.sh +++ b/cluster/gce/upgrade.sh @@ -33,6 +33,7 @@ source "${KUBE_ROOT}/cluster/kube-util.sh" function usage() { echo "!!! EXPERIMENTAL !!!" + echo "!!! This upgrade script is not meant to be run in production !!!" echo "" echo "${0} [-M | -N | -P] [-o] (-l | )" echo " Upgrades master and nodes by default" @@ -491,6 +492,14 @@ function update-coredns-config() { # Download the CoreDNS migration tool echo "== Downloading the CoreDNS migration tool ==" wget -P ${download_dir} "https://github.com/coredns/corefile-migration/releases/download/v1.0.2/corefile-tool-${host_arch}" >/dev/null 2>&1 + wget -P ${download_dir} "https://github.com/coredns/corefile-migration/releases/download/v1.0.2/corefile-tool-${host_arch}.sha256" >/dev/null 2>&1 + + local -r checkSHA=$(echo "$(cat ${download_dir}/corefile-tool-${host_arch}.sha256 | cut -d " " -f 1) ${download_dir}/corefile-tool-${host_arch}" | sha256sum --check | cut -d " " -f 2) + if [[ "${checkSHA}" != "corefile-tool-${host_arch}: OK" ]]; then + echo "!!! CheckSum for the CoreDNS migration tool did not match !!!" >&2 + exit 1 + fi + chmod +x ${download_dir}/corefile-tool-${host_arch} # Migrate the CoreDNS ConfigMap depending on whether it is being downgraded or upgraded. @@ -498,7 +507,7 @@ function update-coredns-config() { if test "$(printf '%s\n' ${CURRENT_COREDNS_VERSION} ${NEW_COREDNS_VERSION} | sort -V | head -n 1)" != ${NEW_COREDNS_VERSION}; then echo "== Upgrading the CoreDNS ConfigMap ==" - ./corefile-tool-${host_arch} migrate --from ${CURRENT_COREDNS_VERSION} --to ${NEW_COREDNS_VERSION} --corefile ${download_dir}/Corefile-old > ${download_dir}/Corefile + ${download_dir}/corefile-tool-${host_arch} migrate --from ${CURRENT_COREDNS_VERSION} --to ${NEW_COREDNS_VERSION} --corefile ${download_dir}/Corefile-old > ${download_dir}/Corefile ${KUBE_ROOT}/cluster/kubectl.sh -n kube-system create configmap coredns --from-file ${download_dir}/Corefile -o yaml --dry-run | ${KUBE_ROOT}/cluster/kubectl.sh apply -f - else # In case of a downgrade, a custom CoreDNS Corefile will be overwritten by a default Corefile. In that case, @@ -509,7 +518,10 @@ function update-coredns-config() { fi # clean up - rm -rf ${download_dir} + cleanup() { + rm -rf "${download_dir}" + } + trap cleanup EXIT echo "== The CoreDNS Config has been updated ==" } From 8a7a8032b1c6cfd877624ea2bbf37bec3570cd48 Mon Sep 17 00:00:00 2001 From: Sandeep Rajan Date: Thu, 29 Aug 2019 10:03:29 -0400 Subject: [PATCH 4/5] hardcoded check sha of corefile tool --- cluster/addons/dns/coredns/coredns.yaml.base | 2 +- cluster/addons/dns/coredns/coredns.yaml.in | 2 +- cluster/addons/dns/coredns/coredns.yaml.sed | 2 +- cluster/gce/upgrade.sh | 28 +++++++++++--------- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base index 4bb74125103..e4aecf85acd 100644 --- a/cluster/addons/dns/coredns/coredns.yaml.base +++ b/cluster/addons/dns/coredns/coredns.yaml.base @@ -116,7 +116,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: k8s.gcr.io/coredns:1.5.0 + image: k8s.gcr.io/coredns:1.6.2 imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in index 11efa9d886a..1367336efe1 100644 --- a/cluster/addons/dns/coredns/coredns.yaml.in +++ b/cluster/addons/dns/coredns/coredns.yaml.in @@ -116,7 +116,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: k8s.gcr.io/coredns:1.5.0 + image: k8s.gcr.io/coredns:1.6.2 imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed index b02caa1655a..ca061bb1c00 100644 --- a/cluster/addons/dns/coredns/coredns.yaml.sed +++ b/cluster/addons/dns/coredns/coredns.yaml.sed @@ -116,7 +116,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: k8s.gcr.io/coredns:1.5.0 + image: k8s.gcr.io/coredns:1.6.2 imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster/gce/upgrade.sh b/cluster/gce/upgrade.sh index 23d9dc4c0c3..77b7981fb4b 100755 --- a/cluster/gce/upgrade.sh +++ b/cluster/gce/upgrade.sh @@ -447,6 +447,12 @@ function update-coredns-config() { local -r tmpdir=/tmp local -r download_dir=$(mktemp --tmpdir=${tmpdir} -d coredns-migration.XXXXXXXXXX) || exit 1 + # clean up + cleanup() { + rm -rf "${download_dir}" + } + trap cleanup EXIT + # Get the new installed CoreDNS version echo "Waiting for CoreDNS to update" until [[ $(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.metadata.resourceVersion}') -ne ${COREDNS_DEPLOY_RESOURCE_VERSION} ]]; do @@ -458,30 +464,35 @@ function update-coredns-config() { case "$(uname -m)" in x86_64*) host_arch=amd64 + corefile_tool_SHA="fd4d8a42d8a1c38cb49b75cca3c7c82677b97c0c6e5ee2a7d5fb02314ccfbb59" ;; i?86_64*) host_arch=amd64 + corefile_tool_SHA="fd4d8a42d8a1c38cb49b75cca3c7c82677b97c0c6e5ee2a7d5fb02314ccfbb59" ;; amd64*) host_arch=amd64 + corefile_tool_SHA="fd4d8a42d8a1c38cb49b75cca3c7c82677b97c0c6e5ee2a7d5fb02314ccfbb59" ;; aarch64*) host_arch=arm64 + corefile_tool_SHA="05503f379eaaa703034c50da7ce7c273d7a7b3569eddb55afe300bd6d6c40988" ;; arm64*) host_arch=arm64 + corefile_tool_SHA="05503f379eaaa703034c50da7ce7c273d7a7b3569eddb55afe300bd6d6c40988" ;; arm*) host_arch=arm - ;; - i?86*) - host_arch=x86 + corefile_tool_SHA="bc826bde6662c11cbb6e6e215397d07d4fedb754c1a6e208271d7d784eb28600" ;; s390x*) host_arch=s390x + corefile_tool_SHA="4ed6b7067f65dc8f147a4dd116242495fbec5e6057bb68e1868ef1fb25e07993" ;; ppc64le*) host_arch=ppc64le + corefile_tool_SHA="7bce38ed762a2607e158c65b378e6f23e2b80fc4e93dcf50a55f986c7ea2db43" ;; *) echo "Unsupported host arch. Must be x86_64, 386, arm, arm64, s390x or ppc64le." >&2 @@ -492,10 +503,9 @@ function update-coredns-config() { # Download the CoreDNS migration tool echo "== Downloading the CoreDNS migration tool ==" wget -P ${download_dir} "https://github.com/coredns/corefile-migration/releases/download/v1.0.2/corefile-tool-${host_arch}" >/dev/null 2>&1 - wget -P ${download_dir} "https://github.com/coredns/corefile-migration/releases/download/v1.0.2/corefile-tool-${host_arch}.sha256" >/dev/null 2>&1 - local -r checkSHA=$(echo "$(cat ${download_dir}/corefile-tool-${host_arch}.sha256 | cut -d " " -f 1) ${download_dir}/corefile-tool-${host_arch}" | sha256sum --check | cut -d " " -f 2) - if [[ "${checkSHA}" != "corefile-tool-${host_arch}: OK" ]]; then + local -r checkSHA=$(sha256sum ${download_dir}/corefile-tool-${host_arch} | cut -d " " -f 1) + if [[ "${checkSHA}" != "${corefile_tool_SHA}" ]]; then echo "!!! CheckSum for the CoreDNS migration tool did not match !!!" >&2 exit 1 fi @@ -517,12 +527,6 @@ function update-coredns-config() { ${KUBE_ROOT}/cluster/kubectl.sh apply -f ${download_dir}/coredns-manifest.yaml fi - # clean up - cleanup() { - rm -rf "${download_dir}" - } - trap cleanup EXIT - echo "== The CoreDNS Config has been updated ==" } From 620b4a0845ee0bc21097ac21cdf419d4cdc4f033 Mon Sep 17 00:00:00 2001 From: Sandeep Rajan Date: Thu, 29 Aug 2019 10:08:29 -0400 Subject: [PATCH 5/5] update dependencies file --- build/dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/dependencies.yaml b/build/dependencies.yaml index ff1226ac381..9493ba7afdb 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -63,7 +63,7 @@ dependencies: - name: "coredns-kube-up" - version: 1.5.0 + version: 1.6.2 refPaths: - path: cluster/addons/dns/coredns/coredns.yaml.base match: k8s.gcr.io/coredns