update kubedns addon
using deployment
secured connection to master
detect deployment by svc
Change-Id: I1a90b09de5f3da785b64e0a545e86ef5607cbedb
diff --git a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
new file mode 100644
index 0000000..4fb8a52
--- /dev/null
+++ b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
@@ -0,0 +1,146 @@
+{%- from "kubernetes/map.jinja" import master with context %}
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: kube-dns
+ namespace: kube-system
+ labels:
+ k8s-app: kube-dns
+ kubernetes.io/cluster-service: "true"
+spec:
+ # replicas: not specified here:
+ # 1. In order to make Addon Manager do not reconcile this replicas parameter.
+ # 2. Default is 1.
+ # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
+ strategy:
+ rollingUpdate:
+ maxSurge: 10%
+ maxUnavailable: 0
+ selector:
+ matchLabels:
+ k8s-app: kube-dns
+ template:
+ metadata:
+ labels:
+ k8s-app: kube-dns
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ spec:
+ containers:
+ - name: kubedns
+ image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.11.0
+ resources:
+ # TODO: Set memory limits when we've profiled the container for large
+ # clusters, then set request = limit to keep this container in
+ # guaranteed class. Currently, this container falls into the
+ # "burstable" category so the kubelet doesn't backoff from restarting it.
+ limits:
+ memory: 170Mi
+ requests:
+ cpu: 100m
+ memory: 70Mi
+ livenessProbe:
+ httpGet:
+ path: /healthcheck/kubedns
+ port: 10054
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: 8081
+ scheme: HTTP
+ # we poll on pod startup for the Kubernetes master service and
+ # only setup the /readiness HTTP server once that's available.
+ initialDelaySeconds: 3
+ timeoutSeconds: 5
+ args:
+ - --domain={{ master.addons.dns.domain }}.
+ - --dns-port=10053
+ - --config-map=kube-dns
+ - -v=2
+ env:
+ - name: PROMETHEUS_PORT
+ value: "10055"
+ ports:
+ - containerPort: 10053
+ name: dns-local
+ protocol: UDP
+ - containerPort: 10053
+ name: dns-tcp-local
+ protocol: TCP
+ - containerPort: 10055
+ name: metrics
+ protocol: TCP
+ - name: dnsmasq
+ image: gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.11.0
+ livenessProbe:
+ httpGet:
+ path: /healthcheck/dnsmasq
+ port: 10054
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ args:
+{%- if master.addons.dns.get('dnsmasq', {}) %}
+{%- for option_name, option_value in master.addons.dns.dnsmasq.iteritems() %}
+ - --{{ option_name }}{% if option_value %}={{ option_value }}{% endif %}
+{%- endfor %}
+{%- endif %}
+ ports:
+ - containerPort: 53
+ name: dns
+ protocol: UDP
+ - containerPort: 53
+ name: dns-tcp
+ protocol: TCP
+ # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
+ resources:
+ requests:
+ cpu: 150m
+ memory: 10Mi
+ - name: sidecar
+ image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.11.0
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: 10054
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ args:
+ - --v=2
+ - --logtostderr
+ - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ master.addons.dns.domain }},5,A
+ - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ master.addons.dns.domain }},5,A
+ ports:
+ - containerPort: 10054
+ name: metrics
+ protocol: TCP
+ resources:
+ requests:
+ memory: 20Mi
+ cpu: 10m
+ dnsPolicy: Default # Don't use cluster DNS.
diff --git a/kubernetes/files/kube-addons/dns/kubedns-svc.yaml b/kubernetes/files/kube-addons/dns/kubedns-svc.yaml
new file mode 100644
index 0000000..6585954
--- /dev/null
+++ b/kubernetes/files/kube-addons/dns/kubedns-svc.yaml
@@ -0,0 +1,35 @@
+{%- from "kubernetes/map.jinja" import master with context %}
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: kube-dns
+ namespace: kube-system
+ labels:
+ k8s-app: kube-dns
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "KubeDNS"
+spec:
+ selector:
+ k8s-app: kube-dns
+ clusterIP: {{ master.addons.dns.server }}
+ ports:
+ - name: dns
+ port: 53
+ protocol: UDP
+ - name: dns-tcp
+ port: 53
+ protocol: TCP
diff --git a/kubernetes/files/kube-addons/dns/skydns-rc.yaml b/kubernetes/files/kube-addons/dns/skydns-rc.yaml
deleted file mode 100644
index d5901fe..0000000
--- a/kubernetes/files/kube-addons/dns/skydns-rc.yaml
+++ /dev/null
@@ -1,104 +0,0 @@
-{%- from "kubernetes/map.jinja" import master with context %}
-apiVersion: v1
-kind: ReplicationController
-metadata:
- name: dns
- namespace: kube-system
- labels:
- k8s-app: kube-dns
- version: v20
- kubernetes.io/cluster-service: "true"
-spec:
- replicas: {{ master.addons.dns.replicas }}
- selector:
- k8s-app: kube-dns
- version: v20
- template:
- metadata:
- labels:
- k8s-app: kube-dns
- version: v20
- annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
- scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
- spec:
- containers:
- - name: kubedns
- image: gcr.io/google_containers/kubedns-amd64:1.8
- resources:
- limits:
- memory: 170Mi
- requests:
- cpu: 100m
- memory: 70Mi
- livenessProbe:
- httpGet:
- path: /healthz-kubedns
- port: 8080
- scheme: HTTP
- initialDelaySeconds: 60
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 5
- readinessProbe:
- httpGet:
- path: /readiness
- port: 8081
- scheme: HTTP
- initialDelaySeconds: 3
- timeoutSeconds: 5
- args:
- # command = "/kube-dns"
- - --domain={{ master.addons.dns.domain }}
- - --dns-port=10053
- - --kube-master-url=http://{{ master.apiserver.insecure_address }}:8080
- ports:
- - containerPort: 10053
- name: dns-local
- protocol: UDP
- - containerPort: 10053
- name: dns-tcp-local
- protocol: TCP
- - name: dnsmasq
- image: gcr.io/google_containers/kube-dnsmasq-amd64:1.4
- livenessProbe:
- httpGet:
- path: /healthz-dnsmasq
- port: 8080
- scheme: HTTP
- initialDelaySeconds: 60
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 5
- args:
-{%- if master.addons.dns.get('dnsmasq', {}) %}
-{%- for option_name, option_value in master.addons.dns.dnsmasq.iteritems() %}
- - --{{ option_name }}{% if option_value %}={{ option_value }}{% endif %}
-{%- endfor %}
-{%- endif %}
- ports:
- - containerPort: 53
- name: dns
- protocol: UDP
- - containerPort: 53
- name: dns-tcp
- protocol: TCP
- - name: healthz
- image: gcr.io/google_containers/exechealthz-amd64:1.2
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 10m
- memory: 50Mi
- args:
- - --cmd=nslookup kubernetes.default.svc.{{ master.addons.dns.domain }} 127.0.0.1 >/dev/null
- - --url=/healthz-dnsmasq
- - --cmd=nslookup kubernetes.default.svc.{{ master.addons.dns.domain }} 127.0.0.1:10053 >/dev/null
- - --url=/healthz-kubedns
- - --port=8080
- - --quiet
- ports:
- - containerPort: 8080
- protocol: TCP
- dnsPolicy: Default # Don't use cluster DNS.
diff --git a/kubernetes/files/kube-addons/dns/skydns-svc.yaml b/kubernetes/files/kube-addons/dns/skydns-svc.yaml
deleted file mode 100644
index 88ebf0b..0000000
--- a/kubernetes/files/kube-addons/dns/skydns-svc.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{%- from "kubernetes/map.jinja" import master with context %}
-apiVersion: v1
-kind: Service
-metadata:
- name: kube-dns
- namespace: kube-system
- labels:
- k8s-app: kube-dns
- kubernetes.io/cluster-service: "true"
- kubernetes.io/name: "KubeDNS"
-spec:
- selector:
- k8s-app: kube-dns
- clusterIP: {{ master.addons.dns.server }}
- ports:
- - name: dns
- port: 53
- protocol: UDP
- - name: dns-tcp
- port: 53
- protocol: TCP
\ No newline at end of file
diff --git a/kubernetes/master/kube-addons.sls b/kubernetes/master/kube-addons.sls
index 6dc809c..9a6b065 100644
--- a/kubernetes/master/kube-addons.sls
+++ b/kubernetes/master/kube-addons.sls
@@ -10,17 +10,17 @@
{%- if master.addons.dns.enabled %}
-/etc/kubernetes/addons/dns/skydns-svc.yaml:
+/etc/kubernetes/addons/dns/kubedns-svc.yaml:
file.managed:
- - source: salt://kubernetes/files/kube-addons/dns/skydns-svc.yaml
+ - source: salt://kubernetes/files/kube-addons/dns/kubedns-svc.yaml
- template: jinja
- group: root
- dir_mode: 755
- makedirs: True
-/etc/kubernetes/addons/dns/skydns-rc.yaml:
+/etc/kubernetes/addons/dns/kubedns-rc.yaml:
file.managed:
- - source: salt://kubernetes/files/kube-addons/dns/skydns-rc.yaml
+ - source: salt://kubernetes/files/kube-addons/dns/kubedns-rc.yaml
- template: jinja
- group: root
- dir_mode: 755
diff --git a/kubernetes/master/setup.sls b/kubernetes/master/setup.sls
index 56f8cf7..4b771ae 100644
--- a/kubernetes/master/setup.sls
+++ b/kubernetes/master/setup.sls
@@ -8,7 +8,7 @@
cmd.run:
- name: |
hyperkube kubectl apply -f /etc/kubernetes/addons/{{ addon_name }}
- - unless: "hyperkube kubectl get rc {{ addon.get('name', addon_name) }} --namespace=kube-system"
+ - unless: "hyperkube kubectl get svc kube-{{ addon.get('name', addon_name) }} --namespace=kube-system"
{%- endif %}
{%- endfor %}