Merge pull request #1372 from seungkyua/apply_kubedns_to_the_latest

Make kubedns up to date
This commit is contained in:
Brad Beam 2017-06-26 21:58:03 -05:00 committed by GitHub
commit 0cfa6a8981
5 changed files with 103 additions and 65 deletions

View file

@ -1,23 +1,20 @@
# Versions # Versions
kubedns_version: 1.9 kubedns_version : 1.14.2
kubednsmasq_version: 1.3
exechealthz_version: 1.1
# Limits for dnsmasq/kubedns apps # Limits for dnsmasq/kubedns apps
dns_cpu_limit: 100m
dns_memory_limit: 170Mi dns_memory_limit: 170Mi
dns_cpu_requests: 70m dns_cpu_requests: 100m
dns_memory_requests: 50Mi dns_memory_requests: 70Mi
kubedns_min_replicas: 1 kubedns_min_replicas: 1
kubedns_nodes_per_replica: 10 kubedns_nodes_per_replica: 10
# Images # Images
kubedns_image_repo: "gcr.io/google_containers/kubedns-amd64" kubedns_image_repo: "gcr.io/google_containers/k8s-dns-kube-dns-amd64"
kubedns_image_tag: "{{ kubedns_version }}" kubedns_image_tag: "{{ kubedns_version }}"
kubednsmasq_image_repo: "gcr.io/google_containers/kube-dnsmasq-amd64" dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64"
kubednsmasq_image_tag: "{{ kubednsmasq_version }}" dnsmasq_nanny_image_tag: "{{ kubedns_version }}"
exechealthz_image_repo: "gcr.io/google_containers/exechealthz-amd64" dnsmasq_sidecar_image_repo: "gcr.io/google_containers/k8s-dns-sidecar-amd64"
exechealthz_image_tag: "{{ exechealthz_version }}" dnsmasq_sidecar_image_tag: "{{ kubedns_version }}"
# Netchecker # Netchecker
deploy_netchecker: false deploy_netchecker: false
@ -40,3 +37,4 @@ netchecker_server_memory_requests: 64M
# SSL # SSL
etcd_cert_dir: "/etc/ssl/etcd/ssl" etcd_cert_dir: "/etc/ssl/etcd/ssl"
canal_cert_dir: "/etc/canal/certs" canal_cert_dir: "/etc/canal/certs"

View file

@ -13,8 +13,8 @@
src: "{{item.file}}" src: "{{item.file}}"
dest: "{{kube_config_dir}}/{{item.file}}" dest: "{{kube_config_dir}}/{{item.file}}"
with_items: with_items:
- {name: kubedns, file: kubedns-deploy.yml, type: deployment} - {name: kube-dns, file: kubedns-deploy.yml, type: deployment}
- {name: kubedns, file: kubedns-svc.yml, type: svc} - {name: kube-dns, file: kubedns-svc.yml, type: svc}
- {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment} - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
register: manifests register: manifests
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]

View file

@ -42,7 +42,7 @@ spec:
- --namespace=kube-system - --namespace=kube-system
- --configmap=kubedns-autoscaler - --configmap=kubedns-autoscaler
# Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
- --target=Deployment/kubedns - --target=Deployment/kube-dns
- --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}} - --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
- --logtostderr=true - --logtostderr=true
- --v=2 - --v=2

View file

@ -1,25 +1,39 @@
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: kubedns name: kube-dns
namespace: {{ system_namespace }} namespace: "{{system_namespace}}"
labels: labels:
k8s-app: kubedns k8s-app: kube-dns
version: v19
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec: spec:
replicas: {{ kubedns_min_replicas }} # replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
rollingUpdate:
maxSurge: 10%
maxUnavailable: 0
selector: selector:
matchLabels: matchLabels:
k8s-app: kubedns k8s-app: kube-dns
version: v19
template: template:
metadata: metadata:
labels: labels:
k8s-app: kubedns k8s-app: kube-dns
version: v19 annotations:
kubernetes.io/cluster-service: "true" scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
volumes:
- name: kube-dns-config
configMap:
name: kube-dns
optional: true
containers: containers:
- name: kubedns - name: kubedns
image: "{{ kubedns_image_repo }}:{{ kubedns_image_tag }}" image: "{{ kubedns_image_repo }}:{{ kubedns_image_tag }}"
@ -30,15 +44,14 @@ spec:
# guaranteed class. Currently, this container falls into the # guaranteed class. Currently, this container falls into the
# "burstable" category so the kubelet doesn't backoff from restarting it. # "burstable" category so the kubelet doesn't backoff from restarting it.
limits: limits:
cpu: {{ dns_cpu_limit }}
memory: {{ dns_memory_limit }} memory: {{ dns_memory_limit }}
requests: requests:
cpu: {{ dns_cpu_requests }} cpu: {{ dns_cpu_requests }}
memory: {{ dns_memory_requests }} memory: {{ dns_memory_requests }}
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthcheck/kubedns
port: 8080 port: 10054
scheme: HTTP scheme: HTTP
initialDelaySeconds: 60 initialDelaySeconds: 60
timeoutSeconds: 5 timeoutSeconds: 5
@ -51,13 +64,16 @@ spec:
scheme: HTTP scheme: HTTP
# we poll on pod startup for the Kubernetes master service and # we poll on pod startup for the Kubernetes master service and
# only setup the /readiness HTTP server once that's available. # only setup the /readiness HTTP server once that's available.
initialDelaySeconds: 30 initialDelaySeconds: 3
timeoutSeconds: 5 timeoutSeconds: 5
args: args:
# command = "/kube-dns"
- --domain={{ dns_domain }}. - --domain={{ dns_domain }}.
- --dns-port=10053 - --dns-port=10053
- --config-dir=/kube-dns-config
- --v={{ kube_log_level }} - --v={{ kube_log_level }}
env:
- name: PROMETHEUS_PORT
value: "10055"
ports: ports:
- containerPort: 10053 - containerPort: 10053
name: dns-local name: dns-local
@ -65,25 +81,36 @@ spec:
- containerPort: 10053 - containerPort: 10053
name: dns-tcp-local name: dns-tcp-local
protocol: TCP protocol: TCP
- containerPort: 10055
name: metrics
protocol: TCP
volumeMounts:
- name: kube-dns-config
mountPath: /kube-dns-config
- name: dnsmasq - name: dnsmasq
image: "{{ kubednsmasq_image_repo }}:{{ kubednsmasq_image_tag }}" image: "{{ dnsmasq_nanny_image_repo }}:{{ dnsmasq_nanny_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
resources: livenessProbe:
limits: httpGet:
cpu: {{ dns_cpu_limit }} path: /healthcheck/dnsmasq
memory: {{ dns_memory_limit }} port: 10054
requests: scheme: HTTP
cpu: {{ dns_cpu_requests }} initialDelaySeconds: 60
memory: {{ dns_memory_requests }} timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args: args:
- --log-facility=- - -v={{ kube_log_level }}
- -logtostderr
- -configDir=/etc/k8s/dns/dnsmasq-nanny
- -restartDnsmasq=true
- --
- -k
- --cache-size=1000 - --cache-size=1000
- --no-resolv - --log-facility=-
- --server=127.0.0.1#10053 - --server=/{{ dns_domain }}/127.0.0.1#10053
{% if kube_log_level == '4' %} - --server=/in-addr.arpa/127.0.0.1#10053
- --log-queries - --server=/ip6.arpa/127.0.0.1#10053
{% endif %}
- --local=/{{ bogus_domains }}
ports: ports:
- containerPort: 53 - containerPort: 53
name: dns name: dns
@ -91,26 +118,37 @@ spec:
- containerPort: 53 - containerPort: 53
name: dns-tcp name: dns-tcp
protocol: TCP protocol: TCP
- name: healthz # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
image: "{{ exechealthz_image_repo }}:{{ exechealthz_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
resources: resources:
# keep request = limit to keep this container in guaranteed class
limits:
cpu: 10m
memory: 50Mi
requests: requests:
cpu: 10m cpu: 150m
# Note that this container shouldn't really need 50Mi of memory. The memory: 20Mi
# limits are set higher than expected pending investigation on #29688. volumeMounts:
# The extra memory was stolen from the kubedns container to keep the - name: kube-dns-config
# net memory requested by the pod constant. mountPath: /etc/k8s/dns/dnsmasq-nanny
memory: 50Mi - name: sidecar
image: "{{ dnsmasq_sidecar_image_repo }}:{{ dnsmasq_sidecar_image_tag }}"
livenessProbe:
httpGet:
path: /metrics
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args: args:
- -cmd=nslookup kubernetes.default.svc.{{ dns_domain }} 127.0.0.1 >/dev/null && nslookup kubernetes.default.svc.{{ dns_domain }} 127.0.0.1:10053 >/dev/null - --v={{ kube_log_level }}
- -port=8080 - --logtostderr
- -quiet - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ dns_domain }},5,A
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ dns_domain }},5,A
ports: ports:
- containerPort: 8080 - containerPort: 10054
name: metrics
protocol: TCP protocol: TCP
resources:
requests:
memory: 20Mi
cpu: 10m
dnsPolicy: Default # Don't use cluster DNS. dnsPolicy: Default # Don't use cluster DNS.

View file

@ -1,15 +1,16 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: kubedns name: kube-dns
namespace: {{ system_namespace }} namespace: {{ system_namespace }}
labels: labels:
k8s-app: kubedns k8s-app: kube-dns
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
kubernetes.io/name: "kubedns" addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "KubeDNS"
spec: spec:
selector: selector:
k8s-app: kubedns k8s-app: kube-dns
clusterIP: {{ skydns_server }} clusterIP: {{ skydns_server }}
ports: ports:
- name: dns - name: dns
@ -18,3 +19,4 @@ spec:
- name: dns-tcp - name: dns-tcp
port: 53 port: 53
protocol: TCP protocol: TCP