mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-28 05:57:25 +00:00
Merge pull request #82093 from rajansandeep/reconcilecorednscm
Add the ability to migrate CoreDNS configmap in kube-up
This commit is contained in:
commit
7236850194
@ -63,7 +63,7 @@ dependencies:
|
|||||||
|
|
||||||
|
|
||||||
- name: "coredns-kube-up"
|
- name: "coredns-kube-up"
|
||||||
version: 1.3.1
|
version: 1.6.2
|
||||||
refPaths:
|
refPaths:
|
||||||
- path: cluster/addons/dns/coredns/coredns.yaml.base
|
- path: cluster/addons/dns/coredns/coredns.yaml.base
|
||||||
match: k8s.gcr.io/coredns
|
match: k8s.gcr.io/coredns
|
||||||
|
@ -64,9 +64,9 @@ data:
|
|||||||
.:53 {
|
.:53 {
|
||||||
errors
|
errors
|
||||||
health
|
health
|
||||||
|
ready
|
||||||
kubernetes __PILLAR__DNS__DOMAIN__ in-addr.arpa ip6.arpa {
|
kubernetes __PILLAR__DNS__DOMAIN__ in-addr.arpa ip6.arpa {
|
||||||
pods insecure
|
pods insecure
|
||||||
upstream
|
|
||||||
fallthrough in-addr.arpa ip6.arpa
|
fallthrough in-addr.arpa ip6.arpa
|
||||||
ttl 30
|
ttl 30
|
||||||
}
|
}
|
||||||
@ -116,7 +116,7 @@ spec:
|
|||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: coredns
|
- name: coredns
|
||||||
image: k8s.gcr.io/coredns:1.3.1
|
image: k8s.gcr.io/coredns:1.6.2
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
@ -150,8 +150,8 @@ spec:
|
|||||||
failureThreshold: 5
|
failureThreshold: 5
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /health
|
path: /ready
|
||||||
port: 8080
|
port: 8181
|
||||||
scheme: HTTP
|
scheme: HTTP
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
@ -64,9 +64,9 @@ data:
|
|||||||
.:53 {
|
.:53 {
|
||||||
errors
|
errors
|
||||||
health
|
health
|
||||||
|
ready
|
||||||
kubernetes {{ pillar['dns_domain'] }} in-addr.arpa ip6.arpa {
|
kubernetes {{ pillar['dns_domain'] }} in-addr.arpa ip6.arpa {
|
||||||
pods insecure
|
pods insecure
|
||||||
upstream
|
|
||||||
fallthrough in-addr.arpa ip6.arpa
|
fallthrough in-addr.arpa ip6.arpa
|
||||||
ttl 30
|
ttl 30
|
||||||
}
|
}
|
||||||
@ -116,7 +116,7 @@ spec:
|
|||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: coredns
|
- name: coredns
|
||||||
image: k8s.gcr.io/coredns:1.3.1
|
image: k8s.gcr.io/coredns:1.6.2
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
@ -150,8 +150,8 @@ spec:
|
|||||||
failureThreshold: 5
|
failureThreshold: 5
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /health
|
path: /ready
|
||||||
port: 8080
|
port: 8181
|
||||||
scheme: HTTP
|
scheme: HTTP
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
@ -64,9 +64,9 @@ data:
|
|||||||
.:53 {
|
.:53 {
|
||||||
errors
|
errors
|
||||||
health
|
health
|
||||||
|
ready
|
||||||
kubernetes $DNS_DOMAIN in-addr.arpa ip6.arpa {
|
kubernetes $DNS_DOMAIN in-addr.arpa ip6.arpa {
|
||||||
pods insecure
|
pods insecure
|
||||||
upstream
|
|
||||||
fallthrough in-addr.arpa ip6.arpa
|
fallthrough in-addr.arpa ip6.arpa
|
||||||
ttl 30
|
ttl 30
|
||||||
}
|
}
|
||||||
@ -116,7 +116,7 @@ spec:
|
|||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: coredns
|
- name: coredns
|
||||||
image: k8s.gcr.io/coredns:1.3.1
|
image: k8s.gcr.io/coredns:1.6.2
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
@ -150,8 +150,8 @@ spec:
|
|||||||
failureThreshold: 5
|
failureThreshold: 5
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /health
|
path: /ready
|
||||||
port: 8080
|
port: 8181
|
||||||
scheme: HTTP
|
scheme: HTTP
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
@ -33,6 +33,7 @@ source "${KUBE_ROOT}/cluster/kube-util.sh"
|
|||||||
|
|
||||||
function usage() {
|
function usage() {
|
||||||
echo "!!! EXPERIMENTAL !!!"
|
echo "!!! EXPERIMENTAL !!!"
|
||||||
|
echo "!!! This upgrade script is not meant to be run in production !!!"
|
||||||
echo ""
|
echo ""
|
||||||
echo "${0} [-M | -N | -P] [-o] (-l | <version number or publication>)"
|
echo "${0} [-M | -N | -P] [-o] (-l | <version number or publication>)"
|
||||||
echo " Upgrades master and nodes by default"
|
echo " Upgrades master and nodes by default"
|
||||||
@ -439,6 +440,100 @@ function do-node-upgrade() {
|
|||||||
echo "== Finished upgrading nodes to ${KUBE_VERSION}. ==" >&2
|
echo "== Finished upgrading nodes to ${KUBE_VERSION}. ==" >&2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function update-coredns-config() {
|
||||||
|
# Get the current CoreDNS version
|
||||||
|
local -r coredns_addon_path="/etc/kubernetes/addons/0-dns/coredns"
|
||||||
|
local -r tmpdir=/tmp
|
||||||
|
local -r download_dir=$(mktemp --tmpdir=${tmpdir} -d coredns-migration.XXXXXXXXXX) || exit 1
|
||||||
|
|
||||||
|
# clean up
|
||||||
|
cleanup() {
|
||||||
|
rm -rf "${download_dir}"
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
# Get the new installed CoreDNS version
|
||||||
|
echo "Waiting for CoreDNS to update"
|
||||||
|
until [[ $(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.metadata.resourceVersion}') -ne ${COREDNS_DEPLOY_RESOURCE_VERSION} ]]; do
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
echo "Fetching the latest installed CoreDNS version"
|
||||||
|
NEW_COREDNS_VERSION=$(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d ":" -f 2)
|
||||||
|
|
||||||
|
case "$(uname -m)" in
|
||||||
|
x86_64*)
|
||||||
|
host_arch=amd64
|
||||||
|
corefile_tool_SHA="fd4d8a42d8a1c38cb49b75cca3c7c82677b97c0c6e5ee2a7d5fb02314ccfbb59"
|
||||||
|
;;
|
||||||
|
i?86_64*)
|
||||||
|
host_arch=amd64
|
||||||
|
corefile_tool_SHA="fd4d8a42d8a1c38cb49b75cca3c7c82677b97c0c6e5ee2a7d5fb02314ccfbb59"
|
||||||
|
;;
|
||||||
|
amd64*)
|
||||||
|
host_arch=amd64
|
||||||
|
corefile_tool_SHA="fd4d8a42d8a1c38cb49b75cca3c7c82677b97c0c6e5ee2a7d5fb02314ccfbb59"
|
||||||
|
;;
|
||||||
|
aarch64*)
|
||||||
|
host_arch=arm64
|
||||||
|
corefile_tool_SHA="05503f379eaaa703034c50da7ce7c273d7a7b3569eddb55afe300bd6d6c40988"
|
||||||
|
;;
|
||||||
|
arm64*)
|
||||||
|
host_arch=arm64
|
||||||
|
corefile_tool_SHA="05503f379eaaa703034c50da7ce7c273d7a7b3569eddb55afe300bd6d6c40988"
|
||||||
|
;;
|
||||||
|
arm*)
|
||||||
|
host_arch=arm
|
||||||
|
corefile_tool_SHA="bc826bde6662c11cbb6e6e215397d07d4fedb754c1a6e208271d7d784eb28600"
|
||||||
|
;;
|
||||||
|
s390x*)
|
||||||
|
host_arch=s390x
|
||||||
|
corefile_tool_SHA="4ed6b7067f65dc8f147a4dd116242495fbec5e6057bb68e1868ef1fb25e07993"
|
||||||
|
;;
|
||||||
|
ppc64le*)
|
||||||
|
host_arch=ppc64le
|
||||||
|
corefile_tool_SHA="7bce38ed762a2607e158c65b378e6f23e2b80fc4e93dcf50a55f986c7ea2db43"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unsupported host arch. Must be x86_64, 386, arm, arm64, s390x or ppc64le." >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Download the CoreDNS migration tool
|
||||||
|
echo "== Downloading the CoreDNS migration tool =="
|
||||||
|
wget -P ${download_dir} "https://github.com/coredns/corefile-migration/releases/download/v1.0.2/corefile-tool-${host_arch}" >/dev/null 2>&1
|
||||||
|
|
||||||
|
local -r checkSHA=$(sha256sum ${download_dir}/corefile-tool-${host_arch} | cut -d " " -f 1)
|
||||||
|
if [[ "${checkSHA}" != "${corefile_tool_SHA}" ]]; then
|
||||||
|
echo "!!! CheckSum for the CoreDNS migration tool did not match !!!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
chmod +x ${download_dir}/corefile-tool-${host_arch}
|
||||||
|
|
||||||
|
# Migrate the CoreDNS ConfigMap depending on whether it is being downgraded or upgraded.
|
||||||
|
${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get cm coredns -o jsonpath='{.data.Corefile}' > ${download_dir}/Corefile-old
|
||||||
|
|
||||||
|
if test "$(printf '%s\n' ${CURRENT_COREDNS_VERSION} ${NEW_COREDNS_VERSION} | sort -V | head -n 1)" != ${NEW_COREDNS_VERSION}; then
|
||||||
|
echo "== Upgrading the CoreDNS ConfigMap =="
|
||||||
|
${download_dir}/corefile-tool-${host_arch} migrate --from ${CURRENT_COREDNS_VERSION} --to ${NEW_COREDNS_VERSION} --corefile ${download_dir}/Corefile-old > ${download_dir}/Corefile
|
||||||
|
${KUBE_ROOT}/cluster/kubectl.sh -n kube-system create configmap coredns --from-file ${download_dir}/Corefile -o yaml --dry-run | ${KUBE_ROOT}/cluster/kubectl.sh apply -f -
|
||||||
|
else
|
||||||
|
# In case of a downgrade, a custom CoreDNS Corefile will be overwritten by a default Corefile. In that case,
|
||||||
|
# the user will need to manually modify the resulting (default) Corefile after the downgrade is complete.
|
||||||
|
echo "== Applying the latest default CoreDNS configuration =="
|
||||||
|
gcloud compute --project ${PROJECT} scp --zone ${ZONE} ${MASTER_NAME}:${coredns_addon_path}/coredns.yaml ${download_dir}/coredns-manifest.yaml > /dev/null
|
||||||
|
${KUBE_ROOT}/cluster/kubectl.sh apply -f ${download_dir}/coredns-manifest.yaml
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "== The CoreDNS Config has been updated =="
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Fetching the previously installed CoreDNS version"
|
||||||
|
CURRENT_COREDNS_VERSION=$(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d ":" -f 2)
|
||||||
|
COREDNS_DEPLOY_RESOURCE_VERSION=$(${KUBE_ROOT}/cluster/kubectl.sh -n kube-system get deployment coredns -o=jsonpath='{$.metadata.resourceVersion}')
|
||||||
|
|
||||||
master_upgrade=true
|
master_upgrade=true
|
||||||
node_upgrade=true
|
node_upgrade=true
|
||||||
node_prereqs=false
|
node_prereqs=false
|
||||||
@ -580,6 +675,10 @@ if [[ "${node_upgrade}" == "true" ]]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "${CLUSTER_DNS_CORE_DNS:-}" == "true" ]]; then
|
||||||
|
update-coredns-config
|
||||||
|
fi
|
||||||
|
|
||||||
echo "== Validating cluster post-upgrade =="
|
echo "== Validating cluster post-upgrade =="
|
||||||
"${KUBE_ROOT}/cluster/validate-cluster.sh"
|
"${KUBE_ROOT}/cluster/validate-cluster.sh"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user