From 94df580674b8b5f8a496567d0fbf8f13ee592c09 Mon Sep 17 00:00:00 2001 From: Cristian Chiru Date: Sat, 1 Aug 2020 10:29:41 +0300 Subject: [PATCH] Moved docker_dns_options to defaults so it can be overridden (#6394) * Moved docker_dns_options to defaults so it can be overridden * Fixed yaml indentation and markdown * Moved docker_dns_search_domains to defaults --- docs/dns-stack.md | 10 ++++++++++ .../container-engine/docker/tasks/set_facts_dns.yml | 11 ----------- roles/kubespray-defaults/defaults/main.yaml | 12 ++++++++++-- 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/docs/dns-stack.md b/docs/dns-stack.md index bd9e00d74..7f30c3641 100644 --- a/docs/dns-stack.md +++ b/docs/dns-stack.md @@ -137,6 +137,16 @@ The following dns options are added to the docker daemon * timeout:2 * attempts:2 +These dns options can be overridden by setting a different list: + +```yaml +docker_dns_options: +- ndots:{{ ndots }} +- timeout:2 +- attempts:2 +- rotate +``` + For normal PODs, k8s will ignore these options and setup its own DNS settings for the PODs, taking the --cluster_dns (either coredns or coredns_dual, depending on dns_mode) kubelet option into account. For ``hostNetwork: true`` PODs however, k8s will let docker setup DNS settings. Docker containers which diff --git a/roles/container-engine/docker/tasks/set_facts_dns.yml b/roles/container-engine/docker/tasks/set_facts_dns.yml index b884c7cf0..5af3d64d5 100644 --- a/roles/container-engine/docker/tasks/set_facts_dns.yml +++ b/roles/container-engine/docker/tasks/set_facts_dns.yml @@ -8,17 +8,6 @@ debug: msg: "{{ docker_dns_servers }}" -- name: set base docker dns facts - set_fact: - docker_dns_search_domains: - - 'default.svc.{{ dns_domain }}' - - 'svc.{{ dns_domain }}' - docker_dns_options: - - ndots:{{ ndots }} - - timeout:2 - - attempts:2 - - - name: add upstream dns servers set_fact: docker_dns_servers: "{{ docker_dns_servers + upstream_dns_servers|default([]) }}" diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 2e41e9d8b..5b7e5cd12 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -75,6 +75,11 @@ epel_enabled: false cluster_name: cluster.local # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods ndots: 2 +# Default resolv.conf options +docker_dns_options: +- ndots:{{ ndots }} +- timeout:2 +- attempts:2 # Can be coredns, coredns_dual, manual, or none dns_mode: coredns @@ -94,6 +99,9 @@ deploy_netchecker: false skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" skydns_server_secondary: "{{ kube_service_addresses|ipaddr('net')|ipaddr(4)|ipaddr('address') }}" dns_domain: "{{ cluster_name }}" +docker_dns_search_domains: +- 'default.svc.{{ dns_domain }}' +- 'svc.{{ dns_domain }}' kube_dns_servers: coredns: ["{{skydns_server}}"] @@ -367,9 +375,9 @@ external_openstack_lbaas_monitor_timeout: "30s" external_openstack_lbaas_monitor_max_retries: "3" external_openstack_network_ipv6_disabled: false external_openstack_network_internal_networks: - - "" +- "" external_openstack_network_public_networks: - - "" +- "" ## List of authorization modes that must be configured for ## the k8s cluster. Only 'AlwaysAllow', 'AlwaysDeny', 'Node' and