From bc8aa60472bd45a21c2bb5352e46ff54e8faec10 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sun, 8 Aug 2021 20:49:45 +0200 Subject: [PATCH] feat: coredns-nodecache --- .../coredns-nodecache/configmap.yaml | 121 ++++++++++++++ .../coredns-nodecache/daemonset.yaml | 147 ++++++++++++++++++ .../coredns-nodecache/kustomization.yaml | 7 + .../coredns-nodecache/service-account.yaml | 8 + cluster/core/kube-system/kustomization.yaml | 1 + .../group_vars/all/ubuntu-settings.yml | 1 + server/ansible/roles/ubuntu/tasks/network.yml | 22 +++ .../roles/ubuntu/templates/resolv.conf | 1 + 8 files changed, 308 insertions(+) create mode 100644 cluster/core/kube-system/coredns-nodecache/configmap.yaml create mode 100644 cluster/core/kube-system/coredns-nodecache/daemonset.yaml create mode 100644 cluster/core/kube-system/coredns-nodecache/kustomization.yaml create mode 100644 cluster/core/kube-system/coredns-nodecache/service-account.yaml create mode 100644 server/ansible/roles/ubuntu/templates/resolv.conf diff --git a/cluster/core/kube-system/coredns-nodecache/configmap.yaml b/cluster/core/kube-system/coredns-nodecache/configmap.yaml new file mode 100644 index 000000000..9686f75ad --- /dev/null +++ b/cluster/core/kube-system/coredns-nodecache/configmap.yaml @@ -0,0 +1,121 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns-nodecache-primary + namespace: kube-system +data: + Corefile: | + cluster.local:53 { + errors + cache { + success 9984 30 + denial 9984 5 + prefetch 3 60s 15% + } + reload + loop + bind 169.254.20.10 # Set your cluster dns to this + nodecache skipteardown + template IN AAAA { + rcode NOERROR + } + forward . 10.96.0.10 { # Kube-DNS IP + force_tcp + } + prometheus :9253 + health 169.254.20.10:8080 + } + in-addr.arpa:53 { + errors + cache 120 + reload + loop + bind 169.254.20.10 + nodecache skipteardown + template IN AAAA { + rcode NOERROR + } + forward . /etc/resolv.conf { + force_tcp + } + prometheus :9253 + } + .:53 { + errors + cache { + success 9984 86400 + denial 9984 300 + prefetch 3 60s 15% + } + reload + loop + bind 169.254.20.10 + nodecache skipteardown + template IN AAAA { + rcode NOERROR + } + forward . /etc/resolv.conf { + force_tcp + } + prometheus :9253 + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns-nodecache-secondary + namespace: kube-system +data: + Corefile: | + cluster.local:53 { + errors + cache { + success 9984 30 + denial 9984 5 + prefetch 3 60s 15% + } + reload + loop + bind 169.254.20.10 # Set your cluster dns to this + template IN AAAA { + rcode NOERROR + } + forward . 10.96.0.10 { # Kube-DNS IP + force_tcp + } + prometheus :9254 + health 169.254.20.10:8082 + } + in-addr.arpa:53 { + errors + cache 120 + reload + loop + bind 169.254.20.10 + template IN AAAA { + rcode NOERROR + } + forward . /etc/resolv.conf { + force_tcp + } + prometheus :9254 + } + .:53 { + errors + cache { + success 9984 86400 + denial 9984 300 + prefetch 3 60s 15% + } + reload + loop + bind 169.254.20.10 + template IN AAAA { + rcode NOERROR + } + forward . /etc/resolv.conf { + force_tcp + } + prometheus :9254 + } diff --git a/cluster/core/kube-system/coredns-nodecache/daemonset.yaml b/cluster/core/kube-system/coredns-nodecache/daemonset.yaml new file mode 100644 index 000000000..361e4f13b --- /dev/null +++ b/cluster/core/kube-system/coredns-nodecache/daemonset.yaml @@ -0,0 +1,147 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: coredns-nodecache-primary + namespace: kube-system + labels: + k8s-app: coredns-nodecache + kubernetes.io/cluster-service: "true" +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + selector: + matchLabels: + k8s-app: coredns-nodecache + template: + metadata: + labels: + k8s-app: coredns-nodecache + spec: + priorityClassName: system-node-critical + serviceAccountName: coredns-nodecache + hostNetwork: true + dnsPolicy: Default + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + operator: Exists + containers: + - name: coredns-nodecache + image: contentful/coredns-nodecache:latest + resources: + limits: + memory: 50Mi + requests: + cpu: 25m + memory: 5Mi + args: + - -conf + - /etc/coredns/Corefile + securityContext: + privileged: true + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9253 + name: metrics + protocol: TCP + livenessProbe: + httpGet: + host: 169.254.20.10 + path: /health + port: 8080 + initialDelaySeconds: 60 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - name: config-volume + mountPath: /etc/coredns + volumes: + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + - name: config-volume + configMap: + name: coredns-nodecache-primary + items: + - key: Corefile + path: Corefile +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: coredns-nodecache-secondary + namespace: kube-system + labels: + k8s-app: coredns-nodecache + kubernetes.io/cluster-service: "true" +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + selector: + matchLabels: + k8s-app: coredns-nodecache + template: + metadata: + labels: + k8s-app: coredns-nodecache + spec: + priorityClassName: system-node-critical + serviceAccountName: coredns-nodecache + hostNetwork: true + dnsPolicy: Default + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + containers: + - name: coredns-nodecache + image: contentful/coredns-nodecache:latest + resources: + limits: + memory: 50Mi + requests: + cpu: 25m + memory: 5Mi + args: + - -conf + - /etc/coredns/Corefile + securityContext: + privileged: true + ports: + - containerPort: 9254 + name: metrics + protocol: TCP + livenessProbe: + httpGet: + host: 169.254.20.10 + path: /health + port: 8082 + initialDelaySeconds: 60 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - name: config-volume + mountPath: /etc/coredns + volumes: + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + - name: config-volume + configMap: + name: coredns-nodecache-secondary + items: + - key: Corefile + path: Corefile diff --git a/cluster/core/kube-system/coredns-nodecache/kustomization.yaml b/cluster/core/kube-system/coredns-nodecache/kustomization.yaml new file mode 100644 index 000000000..b9d9b88bd --- /dev/null +++ b/cluster/core/kube-system/coredns-nodecache/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - service-account.yaml + - configmap.yaml + - daemonset.yaml diff --git a/cluster/core/kube-system/coredns-nodecache/service-account.yaml b/cluster/core/kube-system/coredns-nodecache/service-account.yaml new file mode 100644 index 000000000..03729506a --- /dev/null +++ b/cluster/core/kube-system/coredns-nodecache/service-account.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: coredns-nodecache + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" diff --git a/cluster/core/kube-system/kustomization.yaml b/cluster/core/kube-system/kustomization.yaml index 6b430735f..1cdb397b2 100644 --- a/cluster/core/kube-system/kustomization.yaml +++ b/cluster/core/kube-system/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml + - coredns-nodecache - descheduler - intel-gpu-plugin - kubernetes-replicator diff --git a/server/ansible/inventory/group_vars/all/ubuntu-settings.yml b/server/ansible/inventory/group_vars/all/ubuntu-settings.yml index 074e80c24..16cce20be 100644 --- a/server/ansible/inventory/group_vars/all/ubuntu-settings.yml +++ b/server/ansible/inventory/group_vars/all/ubuntu-settings.yml @@ -1,4 +1,5 @@ --- +dns_server: 192.168.8.1 # Enable to skip apt upgrade skip_upgrade_packages: false # Enable to skip removing crufty packages diff --git a/server/ansible/roles/ubuntu/tasks/network.yml b/server/ansible/roles/ubuntu/tasks/network.yml index 287049661..346603f05 100644 --- a/server/ansible/roles/ubuntu/tasks/network.yml +++ b/server/ansible/roles/ubuntu/tasks/network.yml @@ -21,3 +21,25 @@ when: - sysctl_network.changed - bridge_nf_call_iptables_result.stat.exists + +- name: network | systemd-resolved | disable + ansible.builtin.systemd: + name: systemd-resolved + state: stopped + enabled: no + +- name: network | resolv.conf | check symlink + ansible.builtin.stat: + path: "/etc/resolv.conf" + register: resolv + +- name: network | resolv.conf | remove symlink + ansible.builtin.file: + path: "/etc/resolv.conf" + state: absent + when: resolv.stat.islnk is defined and resolv.stat.islnk + +- name: network | resolv.conf | static files + ansible.builtin.template: + src: resolv.conf + dest: /etc/resolv.conf diff --git a/server/ansible/roles/ubuntu/templates/resolv.conf b/server/ansible/roles/ubuntu/templates/resolv.conf new file mode 100644 index 000000000..d86cc0b96 --- /dev/null +++ b/server/ansible/roles/ubuntu/templates/resolv.conf @@ -0,0 +1 @@ +nameserver {{ dns_server }}