containerd: change default resolvconf_mode to host_resolvconf (#8247)
* containerd: change default resolvconf_mode to host_resolvconf * Wait for kube-apiserver to come back after pod refresh * Handle resolv.conf gracefully * Retain currently configured DNS entries to ensure we don't break the resolvers * Suse uses wickedd for network management so no dhcp hooks * Molecule: increase ansible timeout * CI: Increase ansible timeout to 120s for Packet jobs
This commit is contained in:
Cristian Calin
GitHub
parent
5a25de37ef
commit
682c8a59c2
23 changed files with 83 additions and 9 deletions
|
|
@ -2,6 +2,7 @@
|
||||||
.packet:
|
.packet:
|
||||||
extends: .testcases
|
extends: .testcases
|
||||||
variables:
|
variables:
|
||||||
|
ANSIBLE_TIMEOUT: "120"
|
||||||
CI_PLATFORM: packet
|
CI_PLATFORM: packet
|
||||||
SSH_USER: kubespray
|
SSH_USER: kubespray
|
||||||
tags:
|
tags:
|
||||||
|
|
|
||||||
|
|
@ -192,7 +192,7 @@ coredns_k8s_external_zone: k8s_external.local
|
||||||
enable_coredns_k8s_endpoint_pod_names: false
|
enable_coredns_k8s_endpoint_pod_names: false
|
||||||
|
|
||||||
# Can be docker_dns, host_resolvconf or none
|
# Can be docker_dns, host_resolvconf or none
|
||||||
resolvconf_mode: docker_dns
|
resolvconf_mode: host_resolvconf
|
||||||
# Deploy netchecker app to verify DNS resolve as an HTTP service
|
# Deploy netchecker app to verify DNS resolve as an HTTP service
|
||||||
deploy_netchecker: false
|
deploy_netchecker: false
|
||||||
# Ip address of the kubernetes skydns service
|
# Ip address of the kubernetes skydns service
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,10 @@ platforms:
|
||||||
memory: 512
|
memory: 512
|
||||||
provisioner:
|
provisioner:
|
||||||
name: ansible
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
verifier:
|
verifier:
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,10 @@ platforms:
|
||||||
memory: 512
|
memory: 512
|
||||||
provisioner:
|
provisioner:
|
||||||
name: ansible
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
inventory:
|
inventory:
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,10 @@ platforms:
|
||||||
memory: 512
|
memory: 512
|
||||||
provisioner:
|
provisioner:
|
||||||
name: ansible
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
inventory:
|
inventory:
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,7 @@ provisioner:
|
||||||
config_options:
|
config_options:
|
||||||
defaults:
|
defaults:
|
||||||
callback_whitelist: profile_tasks
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
options:
|
options:
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@ provisioner:
|
||||||
config_options:
|
config_options:
|
||||||
defaults:
|
defaults:
|
||||||
callback_whitelist: profile_tasks
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
options:
|
options:
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ provisioner:
|
||||||
config_options:
|
config_options:
|
||||||
defaults:
|
defaults:
|
||||||
callback_whitelist: profile_tasks
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
options:
|
options:
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@ provisioner:
|
||||||
config_options:
|
config_options:
|
||||||
defaults:
|
defaults:
|
||||||
callback_whitelist: profile_tasks
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
options:
|
options:
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@ provisioner:
|
||||||
config_options:
|
config_options:
|
||||||
defaults:
|
defaults:
|
||||||
callback_whitelist: profile_tasks
|
callback_whitelist: profile_tasks
|
||||||
|
timeout: 120
|
||||||
lint:
|
lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
options:
|
options:
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
- Preinstall | restart kube-controller-manager crio/containerd
|
- Preinstall | restart kube-controller-manager crio/containerd
|
||||||
- Preinstall | restart kube-apiserver docker
|
- Preinstall | restart kube-apiserver docker
|
||||||
- Preinstall | restart kube-apiserver crio/containerd
|
- Preinstall | restart kube-apiserver crio/containerd
|
||||||
|
- Preinstall | wait for the apiserver to be running
|
||||||
when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
|
when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
|
||||||
|
|
||||||
- name: Preinstall | update resolvconf for Flatcar Container Linux by Kinvolk
|
- name: Preinstall | update resolvconf for Flatcar Container Linux by Kinvolk
|
||||||
|
|
@ -101,6 +102,21 @@
|
||||||
- dns_mode != 'none'
|
- dns_mode != 'none'
|
||||||
- resolvconf_mode == 'host_resolvconf'
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
|
|
||||||
|
# When running this as the last phase ensure we wait for kube-apiserver to come up
|
||||||
|
- name: Preinstall | wait for the apiserver to be running
|
||||||
|
uri:
|
||||||
|
url: "{{ kube_apiserver_endpoint }}/healthz"
|
||||||
|
validate_certs: no
|
||||||
|
register: result
|
||||||
|
until: result.status == 200
|
||||||
|
retries: 60
|
||||||
|
delay: 1
|
||||||
|
when:
|
||||||
|
- dns_late
|
||||||
|
- inventory_hostname in groups['kube_control_plane']
|
||||||
|
- dns_mode != 'none'
|
||||||
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
|
|
||||||
- name: Preinstall | Restart systemd-resolved
|
- name: Preinstall | Restart systemd-resolved
|
||||||
service:
|
service:
|
||||||
name: systemd-resolved
|
name: systemd-resolved
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,39 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
|
- name: check existence of /etc/resolvconf/resolv.conf.d
|
||||||
|
stat:
|
||||||
|
path: /etc/resolvconf/resolv.conf.d
|
||||||
|
get_attributes: no
|
||||||
|
get_checksum: no
|
||||||
|
get_mime: no
|
||||||
|
failed_when: false
|
||||||
|
register: resolvconfd_path
|
||||||
|
|
||||||
|
- name: check status of /etc/resolv.conf
|
||||||
|
stat:
|
||||||
|
path: /etc/resolv.conf
|
||||||
|
follow: no
|
||||||
|
get_attributes: no
|
||||||
|
get_checksum: no
|
||||||
|
get_mime: no
|
||||||
|
failed_when: false
|
||||||
|
register: resolvconf_stat
|
||||||
|
|
||||||
|
- block:
|
||||||
|
|
||||||
|
- name: get content of /etc/resolv.conf
|
||||||
|
slurp:
|
||||||
|
src: /etc/resolv.conf
|
||||||
|
register: resolvconf_slurp
|
||||||
|
|
||||||
|
- name: get currently configured nameservers
|
||||||
|
set_fact:
|
||||||
|
configured_nameservers: "{{ resolvconf_slurp.content | b64decode | regex_findall('\\s*nameserver\\s*(.*)') | ipaddr }}"
|
||||||
|
when: resolvconf_slurp.content is defined
|
||||||
|
|
||||||
|
when: resolvconf_stat.stat.exists is defined and resolvconf_stat.stat.exists
|
||||||
|
|
||||||
- name: check systemd-resolved
|
- name: check systemd-resolved
|
||||||
# noqa 303 Should we use service_facts for this?
|
# noqa 303 Should we use service_facts for this?
|
||||||
command: systemctl is-active systemd-resolved
|
command: systemctl is-active systemd-resolved
|
||||||
|
|
@ -45,7 +78,7 @@
|
||||||
- name: set dns facts
|
- name: set dns facts
|
||||||
set_fact:
|
set_fact:
|
||||||
resolvconf: >-
|
resolvconf: >-
|
||||||
{%- if resolvconf.rc == 0 -%}true{%- else -%}false{%- endif -%}
|
{%- if resolvconf.rc == 0 and resolvconfd_path.stat.isdir is defined and resolvconfd_path.stat.isdir -%}true{%- else -%}false{%- endif -%}
|
||||||
bogus_domains: |-
|
bogus_domains: |-
|
||||||
{% for d in [ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([]) -%}
|
{% for d in [ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([]) -%}
|
||||||
{{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
|
{{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
|
||||||
|
|
@ -147,7 +180,7 @@
|
||||||
- name: generate nameservers to resolvconf
|
- name: generate nameservers to resolvconf
|
||||||
set_fact:
|
set_fact:
|
||||||
nameserverentries:
|
nameserverentries:
|
||||||
nameserver {{ ( ( [nodelocaldns_ip] if enable_nodelocaldns else []) + coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(',nameserver ') }}
|
nameserver {{ ( ( [nodelocaldns_ip] if enable_nodelocaldns else []) + coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([]) + configured_nameservers|d([])) | unique | join(',nameserver ') }}
|
||||||
supersede_nameserver:
|
supersede_nameserver:
|
||||||
supersede domain-name-servers {{ ( coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
|
supersede domain-name-servers {{ ( coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@
|
||||||
state: present
|
state: present
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
create: yes
|
create: yes
|
||||||
backup: yes
|
backup: "{{ not resolvconf_stat.stat.islnk }}"
|
||||||
marker: "# Ansible entries {mark}"
|
marker: "# Ansible entries {mark}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: Preinstall | propagate resolvconf to k8s components
|
notify: Preinstall | propagate resolvconf to k8s components
|
||||||
|
|
@ -25,7 +25,7 @@
|
||||||
replace:
|
replace:
|
||||||
path: "{{ item[0] }}"
|
path: "{{ item[0] }}"
|
||||||
regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
|
regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
|
||||||
backup: yes
|
backup: "{{ not resolvconf_stat.stat.islnk }}"
|
||||||
with_nested:
|
with_nested:
|
||||||
- "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
|
- "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
|
||||||
- [ 'search ', 'nameserver ', 'domain ', 'options ' ]
|
- [ 'search ', 'nameserver ', 'domain ', 'options ' ]
|
||||||
|
|
@ -36,13 +36,12 @@
|
||||||
path: "{{ item[0] }}"
|
path: "{{ item[0] }}"
|
||||||
regexp: '(# Ansible entries END\n(?:(?!^{{ item[1] }}).*\n)*)(?:^{{ item[1] }}.*\n?)+'
|
regexp: '(# Ansible entries END\n(?:(?!^{{ item[1] }}).*\n)*)(?:^{{ item[1] }}.*\n?)+'
|
||||||
replace: '\1'
|
replace: '\1'
|
||||||
backup: yes
|
backup: "{{ not resolvconf_stat.stat.islnk }}"
|
||||||
with_nested:
|
with_nested:
|
||||||
- "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
|
- "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
|
||||||
- [ 'search ', 'nameserver ', 'domain ', 'options ' ]
|
- [ 'search ', 'nameserver ', 'domain ', 'options ' ]
|
||||||
notify: Preinstall | propagate resolvconf to k8s components
|
notify: Preinstall | propagate resolvconf to k8s components
|
||||||
|
|
||||||
|
|
||||||
- name: get temporary resolveconf cloud init file content
|
- name: get temporary resolveconf cloud init file content
|
||||||
command: cat {{ resolvconffile }}
|
command: cat {{ resolvconffile }}
|
||||||
register: cloud_config
|
register: cloud_config
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
mode: 0755
|
mode: 0755
|
||||||
notify: Preinstall | propagate resolvconf to k8s components
|
notify: Preinstall | propagate resolvconf to k8s components
|
||||||
when: ansible_os_family != "RedHat"
|
when: ansible_os_family not in [ "RedHat", "Suse" ]
|
||||||
|
|
||||||
- name: Configure dhclient hooks for resolv.conf (RH-only)
|
- name: Configure dhclient hooks for resolv.conf (RH-only)
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,7 @@ nodelocaldns_secondary_skew_seconds: 5
|
||||||
manual_dns_server: ""
|
manual_dns_server: ""
|
||||||
|
|
||||||
# Can be docker_dns, host_resolvconf or none
|
# Can be docker_dns, host_resolvconf or none
|
||||||
resolvconf_mode: docker_dns
|
resolvconf_mode: host_resolvconf
|
||||||
# Deploy netchecker app to verify DNS resolve as an HTTP service
|
# Deploy netchecker app to verify DNS resolve as an HTTP service
|
||||||
deploy_netchecker: false
|
deploy_netchecker: false
|
||||||
# Ip address of the kubernetes DNS service (called skydns for historical reasons)
|
# Ip address of the kubernetes DNS service (called skydns for historical reasons)
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ kubernetes_audit: true
|
||||||
# Docker specific settings:
|
# Docker specific settings:
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
||||||
# Needed to upgrade from 1.16 to 1.17, otherwise upgrade is partial and bug followed
|
# Needed to upgrade from 1.16 to 1.17, otherwise upgrade is partial and bug followed
|
||||||
upgrade_cluster_setup: true
|
upgrade_cluster_setup: true
|
||||||
|
|
|
||||||
|
|
@ -10,3 +10,4 @@ calico_iptables_backend: "Auto"
|
||||||
# Use docker
|
# Use docker
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
|
||||||
|
|
@ -6,3 +6,4 @@ mode: default
|
||||||
# Use docker
|
# Use docker
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
|
||||||
|
|
@ -6,3 +6,4 @@ mode: default
|
||||||
# Use docker
|
# Use docker
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
|
||||||
|
|
@ -9,3 +9,4 @@ kube_network_plugin: weave
|
||||||
# Docker specific settings:
|
# Docker specific settings:
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ auto_renew_certificates: true
|
||||||
# Docker specific settings:
|
# Docker specific settings:
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
||||||
# Ubuntu 16 - docker containerd package available stopped at 1.4.6
|
# Ubuntu 16 - docker containerd package available stopped at 1.4.6
|
||||||
docker_containerd_version: latest
|
docker_containerd_version: latest
|
||||||
|
|
|
||||||
|
|
@ -7,3 +7,4 @@ vm_memory: 1600Mi
|
||||||
# Use docker
|
# Use docker
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
|
||||||
|
|
@ -14,3 +14,4 @@ enable_nodelocaldns: False
|
||||||
# Use docker
|
# Use docker
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
etcd_deployment_type: docker
|
etcd_deployment_type: docker
|
||||||
|
resolvconf_mode: docker_dns
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue