Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true (#4843)

This commit is contained in:
Andreas Krüger 2019-06-05 12:17:56 +02:00 committed by Kubernetes Prow Robot
parent 045acc724b
commit 818aa7aeb1
27 changed files with 30 additions and 4 deletions

View file

@ -12,12 +12,10 @@ spec:
labels:
app: netchecker-agent-hostnet
spec:
hostNetwork: True
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
beta.kubernetes.io/os: linux
{% if kube_version is version('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}

View file

@ -26,6 +26,7 @@ spec:
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostIPC: false
hostPID: false
runAsUser:

View file

@ -34,6 +34,7 @@ spec:
{% endif %}
serviceAccountName: cloud-controller-manager
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:

View file

@ -65,6 +65,7 @@ spec:
volumes:
- '*'
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPorts:
- min: 0
max: 65535

View file

@ -29,6 +29,7 @@ spec:
- operator: "Exists"
effect: "NoSchedule"
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
volumes:
- name: device-plugin

View file

@ -36,6 +36,7 @@ spec:
effect: "NoSchedule"
operator: "Exists"
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
volumes:
- name: dev

View file

@ -24,6 +24,7 @@ spec:
serviceAccountName: ingress-nginx
{% if ingress_nginx_host_network %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
{% if ingress_nginx_nodeselector %}
nodeSelector:

View file

@ -26,6 +26,9 @@ spec:
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: {{ ingress_nginx_host_network|bool }}
{%% if ingress_nginx_host_network %}
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
hostPorts:
- min: 0
max: 65535

View file

@ -25,6 +25,7 @@ spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
serviceAccountName: calico-kube-controllers
tolerations:
- key: CriticalAddonsOnly

View file

@ -35,6 +35,7 @@ spec:
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPorts:
- min: 5000
max: 5000

View file

@ -8,6 +8,7 @@ metadata:
k8s-app: kube-haproxy
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
beta.kubernetes.io/os: linux
{% if kube_version is version('v1.11.1', '>=') %}

View file

@ -8,6 +8,7 @@ metadata:
k8s-app: kube-nginx
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
beta.kubernetes.io/os: linux
{% if kube_version is version('v1.11.1', '>=') %}

View file

@ -29,6 +29,7 @@ spec:
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
serviceAccountName: calico-node
tolerations:
- effect: NoExecute

View file

@ -51,6 +51,7 @@ spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly

View file

@ -19,6 +19,7 @@ spec:
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
serviceAccountName: canal
tolerations:
- operator: Exists

View file

@ -172,6 +172,7 @@ spec:
- "NET_ADMIN"
privileged: true
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
volumes:
# To keep state between restarts / upgrades
- name: cilium-run

View file

@ -22,6 +22,7 @@ spec:
# The API proxy must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
nodeSelector:
node-role.kubernetes.io/master: ""

View file

@ -19,6 +19,7 @@ spec:
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
tolerations:
- operator: Exists

View file

@ -19,6 +19,7 @@ spec:
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
affinity:
nodeAffinity:

View file

@ -19,6 +19,7 @@ spec:
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
nodeSelector:
node-role.kubernetes.io/master: ""

View file

@ -22,6 +22,7 @@ spec:
# The netmaster must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
nodeSelector:
node-role.kubernetes.io/master: ""

View file

@ -24,6 +24,7 @@ spec:
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
tolerations:
- operator: Exists

View file

@ -21,6 +21,7 @@ spec:
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
tolerations:
- operator: Exists

View file

@ -110,6 +110,7 @@ spec:
- name: host-cni-bin
mountPath: /host/opt/cni/bin/
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- operator: Exists
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)

View file

@ -152,6 +152,7 @@ spec:
- name: kubeconfig
mountPath: /var/lib/kube-router
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{% if kube_router_enable_dsr %}
hostIPC: true
hostPID: true

View file

@ -15,6 +15,7 @@ spec:
app: multus
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:

View file

@ -216,6 +216,7 @@ items:
- name: xtables-lock
mountPath: /run/xtables.lock
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
restartPolicy: Always
securityContext: