From 595d6427ac098cace88da056ad7ecc2433fa78c5 Mon Sep 17 00:00:00 2001
From: Danny Kulchinsky <dannyk@tuenti.com>
Date: Mon, 28 Jan 2019 04:57:40 -0500
Subject: [PATCH] [Nodelocal DNS cache] Mount host /run/xtables.lock in
 nodelocaldns container (#4074)

* Mount host /run/xtables.lock in nodelocaldns container

* fix typo in nodelocaldns daemonset manifest yml

* Add prometheus scrape annotation, updateStrategy and reduce termination grace period

* fix indentation

* actually fix it..

* Bump k8s-dns-node-cache tag to 1.15.1 (fixes https://github.com/kubernetes/dns/issues/282)
---
 roles/download/defaults/main.yml              |  2 +-
 .../ansible/tasks/nodelocaldns.yml            |  2 +-
 ...t.yml.j2 => nodelocaldns-daemonset.yml.j2} | 21 ++++++++++++++++---
 3 files changed, 20 insertions(+), 5 deletions(-)
 rename roles/kubernetes-apps/ansible/templates/{nodelocaldns-deamonset.yml.j2 => nodelocaldns-daemonset.yml.j2} (74%)

diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 19beba03c..41b78266b 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -194,7 +194,7 @@ coredns_version: "1.2.6"
 coredns_image_repo: "coredns/coredns"
 coredns_image_tag: "{{ coredns_version }}"
 
-nodelocaldns_version: "1.15.0"
+nodelocaldns_version: "1.15.1"
 nodelocaldns_image_repo: "k8s.gcr.io/k8s-dns-node-cache"
 nodelocaldns_image_tag: "{{ nodelocaldns_version }}"
 
diff --git a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
index 0f56daa25..ef0d61a7f 100644
--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -6,7 +6,7 @@
   with_items:
     - { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
     - { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
-    - { name: nodelocaldns, file: nodelocaldns-deamonset.yml, type: daemonset }
+    - { name: nodelocaldns, file: nodelocaldns-daemonset.yml, type: daemonset }
   register: nodelocaldns_manifests
   vars:
     clusterIP: "{{ skydns_server }}"
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
similarity index 74%
rename from roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
rename to roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
index c5a4c09aa..c7b28d276 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
@@ -13,8 +13,11 @@ spec:
       k8s-app: nodelocaldns
   template:
     metadata:
-       labels:
-          k8s-app: nodelocaldns
+      labels:
+        k8s-app: nodelocaldns
+      annotations:
+        prometheus.io/scrape: 'true'
+        prometheus.io/port: '9253'
     spec:
 {% if kube_version is version('v1.11.1', '>=') %}
       priorityClassName: system-cluster-critical
@@ -62,6 +65,8 @@ spec:
         volumeMounts:
         - name: config-volume
           mountPath: /etc/coredns
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
       volumes:
         - name: config-volume
           configMap:
@@ -69,4 +74,14 @@ spec:
             items:
             - key: Corefile
               path: Corefile
-      terminationGracePeriodSeconds: 30
+        - name: xtables-lock
+          hostPath:
+            path: /run/xtables.lock
+            type: FileOrCreate
+      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
+      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
+      terminationGracePeriodSeconds: 0
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ serial | default('20%') }}
+    type: RollingUpdate