Update externaldns files
Change-Id: Iaa2e23dba0868803bb0fee2d7c16b02f462a0072
Related-PROD: PROD-23628
diff --git a/kubernetes/files/kube-addons/coredns/coredns-cm.yml b/kubernetes/files/kube-addons/coredns/coredns-cm.yml
index 4fed36c..71ddcb9 100644
--- a/kubernetes/files/kube-addons/coredns/coredns-cm.yml
+++ b/kubernetes/files/kube-addons/coredns/coredns-cm.yml
@@ -15,14 +15,14 @@
etcd {{ master.federation.name }} {
stubzones
path /skydns
- endpoint http://coredns-etcd-cluster-client:2379
+ endpoint http://{{ common.addons.coredns.etcd.client_address }}:2379
}
{% endif %}
{% if common.addons.externaldns.enabled %}
etcd {{ common.addons.externaldns.domain }} {
stubzones
path /skydns
- endpoint http://coredns-etcd-cluster-client:2379
+ endpoint http://{{ common.addons.coredns.etcd.client_address }}:2379
}
{% endif %}
errors
diff --git a/kubernetes/files/kube-addons/coredns/coredns-etcd-cluster-svc.yml b/kubernetes/files/kube-addons/coredns/coredns-etcd-cluster-svc.yml
new file mode 100644
index 0000000..8b637e4
--- /dev/null
+++ b/kubernetes/files/kube-addons/coredns/coredns-etcd-cluster-svc.yml
@@ -0,0 +1,21 @@
+{%- from "kubernetes/map.jinja" import common with context -%}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: coredns-etcd-cluster-client
+ namespace: {{ common.addons.coredns.namespace }}
+ labels:
+ app: coredns-etcd-operator
+ etcd_cluster: coredns-etcd-cluster
+ addonmanager.kubernetes.io/mode: Reconcile
+spec:
+ clusterIP: {{ common.addons.coredns.etcd.client_address }}
+ ports:
+ - name: client
+ port: 2379
+ protocol: TCP
+ targetPort: 2379
+ selector:
+ etcd_cluster: coredns-etcd-cluster
+ type: ClusterIP
\ No newline at end of file
diff --git a/kubernetes/files/kube-addons/coredns/coredns-etcd-operator-deployment.yaml b/kubernetes/files/kube-addons/coredns/coredns-etcd-operator-deployment.yaml
index ba981f4..116a584 100644
--- a/kubernetes/files/kube-addons/coredns/coredns-etcd-operator-deployment.yaml
+++ b/kubernetes/files/kube-addons/coredns/coredns-etcd-operator-deployment.yaml
@@ -27,9 +27,12 @@
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ serviceAccountName: etcd-operator
containers:
- name: coredns-etcd-operator
image: {{ common.addons.coredns.etcd.operator_image }}
+ command:
+ - etcd-operator
env:
- name: MY_POD_NAMESPACE
valueFrom:
diff --git a/kubernetes/files/kube-addons/coredns/coredns-etcd-operator-rbac.yml b/kubernetes/files/kube-addons/coredns/coredns-etcd-operator-rbac.yml
new file mode 100644
index 0000000..031e2d2
--- /dev/null
+++ b/kubernetes/files/kube-addons/coredns/coredns-etcd-operator-rbac.yml
@@ -0,0 +1,78 @@
+{%- from "kubernetes/map.jinja" import common with context -%}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ creationTimestamp: null
+ name: etcd-operator
+ namespace: {{ common.addons.coredns.namespace }}
+ labels:
+ app: coredns-etcd-operator
+ addonmanager.kubernetes.io/mode: Reconcile
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ name: etcd-operator
+ namespace: {{ common.addons.coredns.namespace }}
+ labels:
+ app: coredns-etcd-operator
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups:
+ - etcd.database.coreos.com
+ resources:
+ - etcdclusters
+ - etcdbackups
+ - etcdrestores
+ verbs:
+ - '*'
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - '*'
+- apiGroups:
+ - '*'
+ resources:
+ - pods
+ - services
+ - endpoints
+ - persistentvolumeclaims
+ - events
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ name: etcd-operator
+ namespace: {{ common.addons.coredns.namespace }}
+ labels:
+ app: coredns-etcd-operator
+ addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: etcd-operator
+subjects:
+- kind: ServiceAccount
+ name: etcd-operator
+ namespace: {{ common.addons.coredns.namespace }}
diff --git a/kubernetes/files/kube-addons/externaldns/externaldns-deploy.yml b/kubernetes/files/kube-addons/externaldns/externaldns-deploy.yml
index 4304de9..e7e4a5b 100644
--- a/kubernetes/files/kube-addons/externaldns/externaldns-deploy.yml
+++ b/kubernetes/files/kube-addons/externaldns/externaldns-deploy.yml
@@ -6,7 +6,7 @@
name: external-dns
namespace: {{ common.addons.externaldns.namespace }}
labels:
- k8s-app: externaldns
+ app: external-dns
addonmanager.kubernetes.io/mode: Reconcile
spec:
replicas: 1
@@ -24,6 +24,7 @@
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ serviceAccountName: externaldns
containers:
- name: external-dns
image: {{ common.addons.externaldns.image }}
diff --git a/kubernetes/files/kube-addons/externaldns/externaldns-rbac.yml b/kubernetes/files/kube-addons/externaldns/externaldns-rbac.yml
new file mode 100644
index 0000000..91a2575
--- /dev/null
+++ b/kubernetes/files/kube-addons/externaldns/externaldns-rbac.yml
@@ -0,0 +1,51 @@
+{%- from "kubernetes/map.jinja" import common with context -%}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ creationTimestamp: null
+ name: externaldns
+ namespace: {{ common.addons.externaldns.namespace }}
+ labels:
+ app: external-dns
+ addonmanager.kubernetes.io/mode: Reconcile
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ name: externaldns
+ namespace: {{ common.addons.externaldns.namespace }}
+ labels:
+ app: external-dns
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - nodes
+ - ingresses
+ - services
+ - pods
+ verbs:
+ - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ name: externaldns-rw
+ namespace: {{ common.addons.externaldns.namespace }}
+ labels:
+ app: external-dns
+ addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: externaldns
+subjects:
+- kind: ServiceAccount
+ name: externaldns
+ namespace: {{ common.addons.externaldns.namespace }}
diff --git a/kubernetes/master/kube-addons.sls b/kubernetes/master/kube-addons.sls
index e312dcb..99bf155 100644
--- a/kubernetes/master/kube-addons.sls
+++ b/kubernetes/master/kube-addons.sls
@@ -225,6 +225,22 @@
- group: root
- dir_mode: 755
- makedirs: True
+
+/etc/kubernetes/addons/coredns/coredns-etcd-cluster-svc.yml:
+ file.managed:
+ - source: salt://kubernetes/files/kube-addons/coredns/coredns-etcd-cluster-svc.yml
+ - template: jinja
+ - group: root
+ - dir_mode: 755
+ - makedirs: True
+
+/etc/kubernetes/addons/coredns/coredns-etcd-operator-rbac.yml:
+ file.managed:
+ - source: salt://kubernetes/files/kube-addons/coredns/coredns-etcd-operator-rbac.yml
+ - template: jinja
+ - group: root
+ - dir_mode: 755
+ - makedirs: True
{% endif %}
/etc/kubernetes/addons/coredns/coredns-cm.yml:
@@ -327,6 +343,14 @@
- dir_mode: 755
- makedirs: True
+/etc/kubernetes/addons/externaldns/externaldns-rbac.yml:
+ file.managed:
+ - source: salt://kubernetes/files/kube-addons/externaldns/externaldns-rbac.yml
+ - template: jinja
+ - group: root
+ - dir_mode: 755
+ - makedirs: True
+
{%- if common.addons.get('externaldns', {}).get('provider') == 'designate' %}
/etc/kubernetes/addons/externaldns/externaldns-designate-secret.yaml:
file.managed:
diff --git a/metadata/service/common.yml b/metadata/service/common.yml
index 5cdb2a0..3d01377 100644
--- a/metadata/service/common.yml
+++ b/metadata/service/common.yml
@@ -44,9 +44,10 @@
domain: cluster.local
server: 10.254.0.10
etcd:
- operator_image: quay.io/coreos/etcd-operator:v0.5.2
+ operator_image: quay.io/coreos/etcd-operator:v0.9.2
version: 3.1.8
base_image: quay.io/coreos/etcd
+ client_address: 10.254.0.15
externaldns:
enabled: False
namespace: kube-system