Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true (#4843)
This commit is contained in:
Andreas Krüger
Kubernetes Prow Robot
parent
045acc724b
commit
818aa7aeb1
27 changed files with 30 additions and 4 deletions
|
|
@ -12,12 +12,10 @@ spec:
|
||||||
labels:
|
labels:
|
||||||
app: netchecker-agent-hostnet
|
app: netchecker-agent-hostnet
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: True
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
{% if kube_version is version('v1.6', '>=') %}
|
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
|
||||||
{% endif %}
|
|
||||||
{% if kube_version is version('v1.11.1', '>=') %}
|
{% if kube_version is version('v1.11.1', '>=') %}
|
||||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,7 @@ spec:
|
||||||
- 'downwardAPI'
|
- 'downwardAPI'
|
||||||
- 'persistentVolumeClaim'
|
- 'persistentVolumeClaim'
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostIPC: false
|
hostIPC: false
|
||||||
hostPID: false
|
hostPID: false
|
||||||
runAsUser:
|
runAsUser:
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ spec:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
serviceAccountName: cloud-controller-manager
|
serviceAccountName: cloud-controller-manager
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ""
|
||||||
tolerations:
|
tolerations:
|
||||||
|
|
|
||||||
|
|
@ -65,6 +65,7 @@ spec:
|
||||||
volumes:
|
volumes:
|
||||||
- '*'
|
- '*'
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPorts:
|
hostPorts:
|
||||||
- min: 0
|
- min: 0
|
||||||
max: 65535
|
max: 65535
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ spec:
|
||||||
- operator: "Exists"
|
- operator: "Exists"
|
||||||
effect: "NoSchedule"
|
effect: "NoSchedule"
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: device-plugin
|
- name: device-plugin
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,7 @@ spec:
|
||||||
effect: "NoSchedule"
|
effect: "NoSchedule"
|
||||||
operator: "Exists"
|
operator: "Exists"
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: dev
|
- name: dev
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ spec:
|
||||||
serviceAccountName: ingress-nginx
|
serviceAccountName: ingress-nginx
|
||||||
{% if ingress_nginx_host_network %}
|
{% if ingress_nginx_host_network %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if ingress_nginx_nodeselector %}
|
{% if ingress_nginx_nodeselector %}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,9 @@ spec:
|
||||||
- 'downwardAPI'
|
- 'downwardAPI'
|
||||||
- 'persistentVolumeClaim'
|
- 'persistentVolumeClaim'
|
||||||
hostNetwork: {{ ingress_nginx_host_network|bool }}
|
hostNetwork: {{ ingress_nginx_host_network|bool }}
|
||||||
|
{%% if ingress_nginx_host_network %}
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
|
{% endif %}
|
||||||
hostPorts:
|
hostPorts:
|
||||||
- min: 0
|
- min: 0
|
||||||
max: 65535
|
max: 65535
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@ spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
serviceAccountName: calico-kube-controllers
|
serviceAccountName: calico-kube-controllers
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: CriticalAddonsOnly
|
- key: CriticalAddonsOnly
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,7 @@ spec:
|
||||||
- 'downwardAPI'
|
- 'downwardAPI'
|
||||||
- 'persistentVolumeClaim'
|
- 'persistentVolumeClaim'
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPorts:
|
hostPorts:
|
||||||
- min: 5000
|
- min: 5000
|
||||||
max: 5000
|
max: 5000
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ metadata:
|
||||||
k8s-app: kube-haproxy
|
k8s-app: kube-haproxy
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
{% if kube_version is version('v1.11.1', '>=') %}
|
{% if kube_version is version('v1.11.1', '>=') %}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ metadata:
|
||||||
k8s-app: kube-nginx
|
k8s-app: kube-nginx
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
{% if kube_version is version('v1.11.1', '>=') %}
|
{% if kube_version is version('v1.11.1', '>=') %}
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
serviceAccountName: calico-node
|
serviceAccountName: calico-node
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoExecute
|
- effect: NoExecute
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,7 @@ spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
beta.kubernetes.io/os: linux
|
beta.kubernetes.io/os: linux
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
tolerations:
|
tolerations:
|
||||||
# Mark the pod as a critical add-on for rescheduling.
|
# Mark the pod as a critical add-on for rescheduling.
|
||||||
- key: CriticalAddonsOnly
|
- key: CriticalAddonsOnly
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
serviceAccountName: canal
|
serviceAccountName: canal
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- operator: Exists
|
||||||
|
|
|
||||||
|
|
@ -172,6 +172,7 @@ spec:
|
||||||
- "NET_ADMIN"
|
- "NET_ADMIN"
|
||||||
privileged: true
|
privileged: true
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
volumes:
|
volumes:
|
||||||
# To keep state between restarts / upgrades
|
# To keep state between restarts / upgrades
|
||||||
- name: cilium-run
|
- name: cilium-run
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ spec:
|
||||||
# The API proxy must run in the host network namespace so that
|
# The API proxy must run in the host network namespace so that
|
||||||
# it isn't governed by policy that would prevent it from working.
|
# it isn't governed by policy that would prevent it from working.
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ""
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- operator: Exists
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
affinity:
|
affinity:
|
||||||
nodeAffinity:
|
nodeAffinity:
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ""
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ spec:
|
||||||
# The netmaster must run in the host network namespace so that
|
# The netmaster must run in the host network namespace so that
|
||||||
# it isn't governed by policy that would prevent it from working.
|
# it isn't governed by policy that would prevent it from working.
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ""
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- operator: Exists
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- operator: Exists
|
||||||
|
|
|
||||||
|
|
@ -110,6 +110,7 @@ spec:
|
||||||
- name: host-cni-bin
|
- name: host-cni-bin
|
||||||
mountPath: /host/opt/cni/bin/
|
mountPath: /host/opt/cni/bin/
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- operator: Exists
|
||||||
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
|
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
|
||||||
|
|
|
||||||
|
|
@ -152,6 +152,7 @@ spec:
|
||||||
- name: kubeconfig
|
- name: kubeconfig
|
||||||
mountPath: /var/lib/kube-router
|
mountPath: /var/lib/kube-router
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
{% if kube_router_enable_dsr %}
|
{% if kube_router_enable_dsr %}
|
||||||
hostIPC: true
|
hostIPC: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ spec:
|
||||||
app: multus
|
app: multus
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
beta.kubernetes.io/arch: amd64
|
beta.kubernetes.io/arch: amd64
|
||||||
tolerations:
|
tolerations:
|
||||||
|
|
|
||||||
|
|
@ -216,6 +216,7 @@ items:
|
||||||
- name: xtables-lock
|
- name: xtables-lock
|
||||||
mountPath: /run/xtables.lock
|
mountPath: /run/xtables.lock
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostPID: true
|
hostPID: true
|
||||||
restartPolicy: Always
|
restartPolicy: Always
|
||||||
securityContext:
|
securityContext:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue