C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix host DNS config 1) being edited too soon and 2) not working with NM (#8575)

Browse source 
Signed-off-by: Mac Chaffee <me@macchaffee.com>
This commit is contained in:
Mac Chaffee 2022-02-26 13:29:23 -05:00 committed by GitHub
parent 6d683c98a3
commit b554246502
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 46 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
cluster.yml
View file

@ -118,7 +118,8 @@
- { role: kubernetes-apps/external_provisioner, tags: external-provisioner } - { role: kubernetes-apps/external_provisioner, tags: external-provisioner }
- { role: kubernetes-apps, tags: apps } - { role: kubernetes-apps, tags: apps }
- hosts: k8s_cluster - name: Apply resolv.conf changes now that cluster DNS is up
hosts: k8s_cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"

1
roles/kubernetes/preinstall/defaults/main.yml
View file

@ -3,6 +3,7 @@
ignore_assert_errors: false ignore_assert_errors: false
epel_enabled: false epel_enabled: false
# Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf
dns_late: false dns_late: false
common_required_pkgs: common_required_pkgs:

3
roles/kubernetes/preinstall/handlers/main.yml
View file

@ -23,12 +23,11 @@
command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }} command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }}
when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- name: Preinstall | update resolvconf for Fedora CoreOS - name: Preinstall | update resolvconf for networkmanager
command: /bin/true command: /bin/true
notify: notify:
- Preinstall | reload NetworkManager - Preinstall | reload NetworkManager
- Preinstall | reload kubelet - Preinstall | reload kubelet
when: is_fedora_coreos
- name: Preinstall | reload NetworkManager - name: Preinstall | reload NetworkManager
service: service:

29
roles/kubernetes/preinstall/tasks/0040-set_facts.yml
View file

@ -67,6 +67,14 @@
when: resolvconf_stat.stat.exists is defined and resolvconf_stat.stat.exists when: resolvconf_stat.stat.exists is defined and resolvconf_stat.stat.exists
- name: NetworkManager | Check if host has NetworkManager
# noqa 303 Should we use service_facts for this?
command: systemctl is-active --quiet NetworkManager.service
register: networkmanager_enabled
failed_when: false
changed_when: false
check_mode: false
- name: check systemd-resolved - name: check systemd-resolved
# noqa 303 Should we use service_facts for this? # noqa 303 Should we use service_facts for this?
command: systemctl is-active systemd-resolved command: systemctl is-active systemd-resolved
@ -98,8 +106,7 @@
- name: check if early DNS configuration stage - name: check if early DNS configuration stage
set_fact: set_fact:
dns_early: >- dns_early: "{{ not kubelet_configured.stat.exists }}"
{%- if kubelet_configured.stat.exists -%}false{%- else -%}true{%- endif -%}
- name: target resolv.conf files - name: target resolv.conf files
set_fact: set_fact:
@ -177,12 +184,24 @@
{{ upstream_dns_servers|default([]) }} {{ upstream_dns_servers|default([]) }}
{%- endif -%} {%- endif -%}
- name: generate nameservers to resolvconf # This task should only run after cluster/nodelocal DNS is up, otherwise all DNS lookups will timeout
- name: generate nameservers for resolvconf, including cluster DNS
set_fact: set_fact:
nameserverentries: nameserverentries: |-
nameserver {{ ( ( [nodelocaldns_ip] if enable_nodelocaldns else []) + coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([]) + configured_nameservers|d([])) | unique | join(',nameserver ') }} {{ ( ( [nodelocaldns_ip] if enable_nodelocaldns else []) + coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([]) + configured_nameservers|d([])) | unique | join(',') }}
supersede_nameserver: supersede_nameserver:
supersede domain-name-servers {{ ( coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }}; supersede domain-name-servers {{ ( coredns_server|d([]) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
when: not dns_early or dns_late
# This task should run instead of the above task when cluster/nodelocal DNS hasn't
# been deployed yet (like scale.yml/cluster.yml) or when it's down (reset.yml)
- name: generate nameservers for resolvconf, not including cluster DNS
set_fact:
nameserverentries: |-
{{ ( nameservers|d([]) + cloud_resolver|d([]) + configured_nameservers|d([])) | unique | join(',') }}
supersede_nameserver:
supersede domain-name-servers {{ ( nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
when: dns_early and not dns_late
- name: gather os specific variables - name: gather os specific variables
include_vars: "{{ item }}" include_vars: "{{ item }}"

5
roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
View file

@ -7,9 +7,12 @@
blockinfile: blockinfile:
path: "{{ resolvconffile }}" path: "{{ resolvconffile }}"
block: |- block: |-
{% for item in [domainentry] + [searchentries] + nameserverentries.split(',') -%} {% for item in [domainentry] + [searchentries] -%}
{{ item }} {{ item }}
{% endfor %} {% endfor %}
{% for item in nameserverentries.split(',') %}
nameserver {{ item }}
{% endfor %}
options ndots:{{ ndots }} options ndots:{{ ndots }}
options timeout:2 options timeout:2
options attempts:2 options attempts:2

11
roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
View file

@ -1,18 +1,9 @@
--- ---
- name: NetworkManager | Check if host has NetworkManager
# noqa 303 Should we use service_facts for this?
command: systemctl is-active --quiet NetworkManager.service
register: nm_check
failed_when: false
changed_when: false
check_mode: false
- name: NetworkManager | Ensure NetworkManager conf.d dir - name: NetworkManager | Ensure NetworkManager conf.d dir
file: file:
path: "/etc/NetworkManager/conf.d" path: "/etc/NetworkManager/conf.d"
state: directory state: directory
recurse: yes recurse: yes
when: nm_check.rc == 0
- name: NetworkManager | Prevent NetworkManager from managing Calico interfaces (cali*/tunl*/vxlan.calico) - name: NetworkManager | Prevent NetworkManager from managing Calico interfaces (cali*/tunl*/vxlan.calico)
copy: copy:
@ -22,7 +13,6 @@
dest: /etc/NetworkManager/conf.d/calico.conf dest: /etc/NetworkManager/conf.d/calico.conf
mode: 0644 mode: 0644
when: when:
- nm_check.rc == 0
- kube_network_plugin == "calico" - kube_network_plugin == "calico"
notify: Preinstall | reload NetworkManager notify: Preinstall | reload NetworkManager
@ -35,5 +25,4 @@
unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns
dest: /etc/NetworkManager/conf.d/k8s.conf dest: /etc/NetworkManager/conf.d/k8s.conf
mode: 0644 mode: 0644
when: nm_check.rc == 0
notify: Preinstall | reload NetworkManager notify: Preinstall | reload NetworkManager

8
roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml
View file

@ -4,10 +4,10 @@
path: /etc/NetworkManager/conf.d/dns.conf path: /etc/NetworkManager/conf.d/dns.conf
section: global-dns-domain-* section: global-dns-domain-*
option: servers option: servers
value: "{{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(',') }}" value: "{{ nameserverentries }}"
mode: '0600' mode: '0600'
backup: yes backup: yes
notify: Preinstall | update resolvconf for Fedora CoreOS notify: Preinstall | update resolvconf for networkmanager
- name: NetworkManager | Add DNS search to NM configuration - name: NetworkManager | Add DNS search to NM configuration
ini_file: ini_file:
@ -17,7 +17,7 @@
value: "{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(',') }}" value: "{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(',') }}"
mode: '0600' mode: '0600'
backup: yes backup: yes
notify: Preinstall | update resolvconf for Fedora CoreOS notify: Preinstall | update resolvconf for networkmanager
- name: NetworkManager | Add DNS options to NM configuration - name: NetworkManager | Add DNS options to NM configuration
ini_file: ini_file:
@ -27,4 +27,4 @@
value: "ndots:{{ ndots }};timeout:2;attempts:2;" value: "ndots:{{ ndots }};timeout:2;attempts:2;"
mode: '0600' mode: '0600'
backup: yes backup: yes
notify: Preinstall | update resolvconf for Fedora CoreOS notify: Preinstall | update resolvconf for networkmanager

6
roles/kubernetes/preinstall/tasks/main.yml
View file

@ -25,7 +25,7 @@
- dns_mode != 'none' - dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf' - resolvconf_mode == 'host_resolvconf'
- systemd_resolved_enabled.rc != 0 - systemd_resolved_enabled.rc != 0
- not is_fedora_coreos - networkmanager_enabled.rc != 0
tags: tags:
- bootstrap-os - bootstrap-os
- resolvconf - resolvconf
@ -40,6 +40,8 @@
- resolvconf - resolvconf
- import_tasks: 0062-networkmanager-unmanaged-devices.yml - import_tasks: 0062-networkmanager-unmanaged-devices.yml
when:
- networkmanager_enabled.rc == 0
tags: tags:
- bootstrap-os - bootstrap-os
@ -47,7 +49,7 @@
when: when:
- dns_mode != 'none' - dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf' - resolvconf_mode == 'host_resolvconf'
- is_fedora_coreos - networkmanager_enabled.rc == 0
tags: tags:
- bootstrap-os - bootstrap-os
- resolvconf - resolvconf

5
scale.yml
View file

@ -99,10 +99,11 @@
- { role: kubernetes/node-label, tags: node-label } - { role: kubernetes/node-label, tags: node-label }
- { role: network_plugin, tags: network } - { role: network_plugin, tags: network }
- hosts: k8s_cluster - name: Apply resolv.conf changes now that cluster DNS is up
hosts: k8s_cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf } - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }

5
upgrade-cluster.yml
View file

@ -155,10 +155,11 @@
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes-apps, tags: apps } - { role: kubernetes-apps, tags: apps }
- hosts: k8s_cluster - name: Apply resolv.conf changes now that cluster DNS is up
hosts: k8s_cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf } - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }