Skip to content
Snippets Groups Projects
Commit 1d2a18b3 authored by Alexander Block's avatar Alexander Block
Browse files

Introduce dns_mode and resolvconf_mode and implement docker_dns mode

Also update reset.yml to do more dns/network related cleanup.
parent aa33613b
No related branches found
No related tags found
No related merge requests found
Showing
with 265 additions and 114 deletions
...@@ -48,6 +48,7 @@ before_script: ...@@ -48,6 +48,7 @@ before_script:
GS_SECRET_ACCESS_KEY: $GS_SECRET GS_SECRET_ACCESS_KEY: $GS_SECRET
ANSIBLE_KEEP_REMOTE_FILES: "1" ANSIBLE_KEEP_REMOTE_FILES: "1"
BOOTSTRAP_OS: none BOOTSTRAP_OS: none
RESOLVCONF_MODE: docker_dns
LOG_LEVEL: "-vv" LOG_LEVEL: "-vv"
ETCD_DEPLOYMENT: "docker" ETCD_DEPLOYMENT: "docker"
KUBELET_DEPLOYMENT: "docker" KUBELET_DEPLOYMENT: "docker"
...@@ -104,6 +105,7 @@ before_script: ...@@ -104,6 +105,7 @@ before_script:
-e download_run_once=true -e download_run_once=true
-e download_localhost=true -e download_localhost=true
-e deploy_netchecker=true -e deploy_netchecker=true
-e resolvconf_mode=${RESOLVCONF_MODE}
-e local_release_dir=${PWD}/downloads -e local_release_dir=${PWD}/downloads
-e etcd_deployment_type=${ETCD_DEPLOYMENT} -e etcd_deployment_type=${ETCD_DEPLOYMENT}
-e kubelet_deployment_type=${KUBELET_DEPLOYMENT} -e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
...@@ -141,6 +143,7 @@ before_script: ...@@ -141,6 +143,7 @@ before_script:
CLOUD_REGION: us-west1-b CLOUD_REGION: us-west1-b
CLUSTER_MODE: separated CLUSTER_MODE: separated
BOOTSTRAP_OS: coreos BOOTSTRAP_OS: coreos
RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
.debian8_canal_ha_variables: &debian8_canal_ha_variables .debian8_canal_ha_variables: &debian8_canal_ha_variables
# stage: deploy-gce-part1 # stage: deploy-gce-part1
...@@ -177,6 +180,7 @@ before_script: ...@@ -177,6 +180,7 @@ before_script:
CLOUD_REGION: us-east1-b CLOUD_REGION: us-east1-b
CLUSTER_MODE: default CLUSTER_MODE: default
BOOTSTRAP_OS: coreos BOOTSTRAP_OS: coreos
RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
.rhel7_canal_sep_variables: &rhel7_canal_sep_variables .rhel7_canal_sep_variables: &rhel7_canal_sep_variables
# stage: deploy-gce-special # stage: deploy-gce-special
......
...@@ -57,8 +57,8 @@ ...@@ -57,8 +57,8 @@
- hosts: k8s-cluster - hosts: k8s-cluster
any_errors_fatal: true any_errors_fatal: true
roles: roles:
- { role: dnsmasq, tags: dnsmasq } - { role: dnsmasq, when: "dns_mode == 'dnsmasq_kubedns'", tags: dnsmasq }
- { role: kubernetes/preinstall, tags: resolvconf } - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }
- hosts: kube-master[0] - hosts: kube-master[0]
any_errors_fatal: true any_errors_fatal: true
......
...@@ -105,21 +105,21 @@ kube_apiserver_insecure_port: 8080 # (http) ...@@ -105,21 +105,21 @@ kube_apiserver_insecure_port: 8080 # (http)
# into appropriate IP addresses. It's highly advisable to run such DNS server, # into appropriate IP addresses. It's highly advisable to run such DNS server,
# as it greatly simplifies configuration of your applications - you can use # as it greatly simplifies configuration of your applications - you can use
# service names instead of magic environment variables. # service names instead of magic environment variables.
# You still must manually configure all your containers to use this DNS server,
# Kubernetes won't do this for you (yet).
# Do not install additional dnsmasq # Can be dnsmasq_kubedns, kubedns or none
skip_dnsmasq: false dns_mode: dnsmasq_kubedns
# Upstream dns servers used by dnsmasq
# Can be docker_dns, host_resolvconf or none
resolvconf_mode: docker_dns
## Upstream dns servers used by dnsmasq
#upstream_dns_servers: #upstream_dns_servers:
# - 8.8.8.8 # - 8.8.8.8
# - 8.8.4.4 # - 8.8.4.4
#
# # Use dns server : https://github.com/ansibl8s/k8s-skydns/blob/master/skydns-README.md
dns_setup: true
dns_domain: "{{ cluster_name }}" dns_domain: "{{ cluster_name }}"
#
# # Ip address of the kubernetes skydns service # Ip address of the kubernetes skydns service
skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}" dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
......
...@@ -9,47 +9,14 @@ to serve as an authoritative DNS server for a given ``dns_domain`` and its ...@@ -9,47 +9,14 @@ to serve as an authoritative DNS server for a given ``dns_domain`` and its
Other nodes in the inventory, like external storage nodes or a separate etcd cluster Other nodes in the inventory, like external storage nodes or a separate etcd cluster
node group, considered non-cluster and left up to the user to configure DNS resolve. node group, considered non-cluster and left up to the user to configure DNS resolve.
Note, custom ``ndots`` values affect only the dnsmasq daemon set (explained below).
While the kubedns has the ``ndots=5`` hardcoded, which is not recommended due to
[DNS performance reasons](https://github.com/kubernetes/kubernetes/issues/14051).
You can use config maps for the kubedns app to workaround the issue, which is
yet in the Kargo scope.
Additional search (sub)domains may be defined in the ``searchdomains``
and ``ndots`` vars. And additional recursive DNS resolvers in the `` upstream_dns_servers``,
``nameservers`` vars. Intranet/cloud provider DNS resolvers should be specified
in the first place, followed by external resolvers, for example:
```
skip_dnsmasq: true
nameservers: [8.8.8.8]
upstream_dns_servers: [172.18.32.6]
```
or
```
skip_dnsmasq: false
upstream_dns_servers: [172.18.32.6, 172.18.32.7, 8.8.8.8, 8.8.8.4]
```
The vars are explained below. For the early cluster deployment stage, when there
is yet K8s cluster and apps exist, a user may expect local repos to be
accessible via authoritative intranet resolvers. For that case, if none custom vars
was specified, the default resolver is set to either the cloud provider default
or `8.8.8.8`. And domain is set to the default ``dns_domain`` value as well.
Later, the nameservers will be reconfigured to the DNS service IP that Kargo
configures for K8s cluster.
Also note, existing records will be purged from the `/etc/resolv.conf`, DNS variables
including resolvconf's base/head/cloud-init config files and those that come from dhclient. =============
This is required for hostnet pods networking and for [kubelet to not exceed search domains
limits](https://github.com/kubernetes/kubernetes/issues/9229).
Instead, new domain, search, nameserver records and options will be defined from the There are several global variables which can be used to modify DNS settings:
aforementioned vars:
* Superseded via dhclient's DNS update hook. #### ndots
* Generated via cloud-init (CoreOS only). ndots value to be used in ``/etc/resolv.conf``
* Statically defined in the `/etc/resolv.conf`, if none of above is applicable.
* Resolvconf's head/base files are disabled from populating anything into the
`/etc/resolv.conf`.
It is important to note that multiple search domains combined with high ``ndots`` It is important to note that multiple search domains combined with high ``ndots``
values lead to poor performance of DNS stack, so please choose it wisely. values lead to poor performance of DNS stack, so please choose it wisely.
...@@ -58,48 +25,97 @@ replies for [bogus internal FQDNS](https://github.com/kubernetes/kubernetes/issu ...@@ -58,48 +25,97 @@ replies for [bogus internal FQDNS](https://github.com/kubernetes/kubernetes/issu
before it even hits the kubedns app. This enables dnsmasq to serve as a before it even hits the kubedns app. This enables dnsmasq to serve as a
protective, but still recursive resolver in front of kubedns. protective, but still recursive resolver in front of kubedns.
DNS configuration details #### searchdomains
------------------------- Custom search domains to be added in addition to the cluster search domains (``default.svc.{{ dns_domain }}, svc.{{ dns_domain }}``).
Here is an approximate picture of how DNS things working and Most Linux systems limit the total number of search domains to 6 and the total length of all search domains
being configured by Kargo ansible playbooks: to 256 characters. Depending on the length of ``dns_domain``, you're limitted to less then the total limit.
![Image](figures/dns.jpeg?raw=true) Please note that ``resolvconf_mode: docker_dns`` will automatically add your systems search domains as
additional search domains. Please take this into the accounts for the limits.
Note that an additional dnsmasq daemon set is installed by Kargo
by default. Kubelet will configure DNS base of all pods to use the #### nameservers
given dnsmasq cluster IP, which is defined via the ``dns_server`` var. This variable is only used by ``resolvconf_mode: host_resolvconf``. These nameservers are added to the hosts
The dnsmasq forwards requests for a given cluster ``dns_domain`` to ``/etc/resolv.conf`` *after* ``upstream_dns_servers`` and thus serve as backup nameservers. If this variable
Kubedns's SkyDns service. The SkyDns server is configured to be an is not set, a default resolver is chosen (depending on cloud provider or 8.8.8.8 when no cloud provider is specified).
authoritative DNS server for the given cluser domain (and its subdomains
up to ``ndots:5`` depth). Note: you should scale its replication controller #### upstream_dns_servers
up, if SkyDns chokes. These two layered DNS forwarders provide HA for the DNS servers to be added *after* the cluster DNS. Used by all ``resolvconf_mode`` modes. These serve as backup
DNS cluster IP endpoint, which is a critical moving part for Kubernetes apps. DNS servers in early cluster deployment when no cluster DNS is available yet. These are also added as upstream
DNS servers used by ``dnsmasq`` (when deployed with ``dns_mode: dnsmasq_kubedns``).
Nameservers are as well configured in the hosts' ``/etc/resolv.conf`` files,
as the given DNS cluster IP merged with ``nameservers`` values. While the DNS modes supported by kargo
DNS cluster IP merged with the ``upstream_dns_servers`` defines additional ============================
nameservers for the aforementioned nsmasq daemon set running on all hosts.
This mitigates existing Linux limitation of max 3 nameservers in the You can modify how kargo sets up DNS for your cluster with the variables ``dns_mode`` and ``resolvconf_mode``.
``/etc/resolv.conf`` and also brings an additional caching layer for the
clustered DNS services. ## dns_mode
``dns_mode`` configures how kargo will setup cluster DNS. There are three modes available:
You can skip the dnsmasq daemon set install steps by setting the
``skip_dnsmasq: true``. This may be the case, if you're fine with #### dnsmasq_kubedns (default)
the nameservers limitation. Sadly, there is no way to work around the This installs an additional dnsmasq DaemonSet which gives more flexibility and lifts some
search domain limitations of a 256 chars and 6 domains. Thus, you can limitations (e.g. number of nameservers). Kubelet is instructed to use dnsmasq instead of kubedns/skydns.
use the ``searchdomains`` var to define no more than a three custom domains. It is configured to forward all DNS queries belonging to cluster services to kubedns/skydns. All
Remaining three slots are reserved for K8s cluster default subdomains. other queries are forwardet to the nameservers found in ``upstream_dns_servers`` or ``default_resolver``
When dnsmasq skipped, Kargo redefines the DNS cluster IP to point directly #### kubedns
to SkyDns cluster IP ``skydns_server`` and configures Kubelet's This does not install the dnsmasq DaemonSet and instructs kubelet to directly use kubedns/skydns for
``--dns_cluster`` to use that IP as well. While this greatly simplifies all queries.
things, it comes by the price of limited nameservers though. As you know now,
the DNS cluster IP takes a slot in the ``/etc/resolv.conf``, thus you can #### none
specify no more than a two nameservers for infra and/or external use. This does not install any of dnsmasq and kubedns/skydns. This basically disables cluster DNS completely and
Those may be specified either in ``nameservers`` or ``upstream_dns_servers`` leaves you with a non functional cluster.
and will be merged together with the ``skydns_server`` IP into the hots'
``/etc/resolv.conf``. ## resolvconf_mode
``resolvconf_mode`` configures how kargo will setup DNS for ``hostNetwork: true`` PODs and non-k8s containers.
There are three modes available:
#### docker_dns (default)
This sets up the docker daemon with additional --dns/--dns-search/--dns-opt flags.
The following nameservers are added to the docker daemon (in the same order as listed here):
* cluster nameserver (depends on dns_mode)
* content of optional upstream_dns_servers variable
* host system nameservers (read from hosts /etc/resolv.conf)
The following search domains are added to the docker daemon (in the same order as listed here):
* cluster domains (``default.svc.{{ dns_domain }}``, ``svc.{{ dns_domain }}``)
* content of optional searchdomains variable
* host system search domains (read from hosts /etc/resolv.conf)
The following dns options are added to the docker daemon
* ndots:{{ ndots }}
* timeout:2
* attempts:2
For normal PODs, k8s will ignore these options and setup its own DNS settings for the PODs, taking
the --cluster_dns (either dnsmasq or kubedns, depending on dns_mode) kubelet option into account.
For ``hostNetwork: true`` PODs however, k8s will let docker setup DNS settings. Docker containers which
are not started/managed by k8s will also use these docker options.
The host system name servers are added to ensure name resolution is also working while cluster DNS is not
running yet. This is especially important in early stages of cluster deployment. In this early stage,
DNS queries to the cluster DNS will timeout after a few seconds, resulting in the system nameserver being
used as a backup nameserver. After cluster DNS is running, all queries will be answered by the cluster DNS
servers, which in turn will forward queries to the system nameserver if required.
#### host_resolvconf
This activates the classic kargo behaviour that modifies the hosts ``/etc/resolv.conf`` file and dhclient
configuration to point to the cluster dns server (either dnsmasq or kubedns, depending on dns_mode).
As cluster DNS is not available on early deployment stage, this mode is split into 2 stages. In the first
stage (``dns_early: true``), ``/etc/resolv.conf`` is configured to use the DNS servers found in ``upstream_dns_servers``
and ``nameservers``. Later, ``/etc/resolv.conf`` is reconfigured to use the cluster DNS server first, leaving
the other nameservers as backups.
Also note, existing records will be purged from the `/etc/resolv.conf`,
including resolvconf's base/head/cloud-init config files and those that come from dhclient.
#### none
Does nothing regarding ``/etc/resolv.conf``. This leaves you with a cluster that works as expected in most cases.
The only exception is that ``hostNetwork: true`` PODs and non-k8s managed containers will not be able to resolve
cluster service names.
Limitations Limitations
----------- -----------
......
docs/figures/dns.jpeg

654 KiB

...@@ -133,21 +133,21 @@ kube_apiserver_insecure_port: 8080 # (http) ...@@ -133,21 +133,21 @@ kube_apiserver_insecure_port: 8080 # (http)
# into appropriate IP addresses. It's highly advisable to run such DNS server, # into appropriate IP addresses. It's highly advisable to run such DNS server,
# as it greatly simplifies configuration of your applications - you can use # as it greatly simplifies configuration of your applications - you can use
# service names instead of magic environment variables. # service names instead of magic environment variables.
# You still must manually configure all your containers to use this DNS server,
# Kubernetes won't do this for you (yet).
# Do not install additional dnsmasq # Can be dnsmasq_kubedns, kubedns or none
skip_dnsmasq: false dns_mode: dnsmasq_kubedns
# Upstream dns servers used by dnsmasq
# Can be docker_dns, host_resolvconf or none
resolvconf_mode: docker_dns
## Upstream dns servers used by dnsmasq
#upstream_dns_servers: #upstream_dns_servers:
# - 8.8.8.8 # - 8.8.8.8
# - 8.8.4.4 # - 8.8.4.4
#
# # Use dns server : https://github.com/ansibl8s/k8s-skydns/blob/master/skydns-README.md
dns_setup: true
dns_domain: "{{ cluster_name }}" dns_domain: "{{ cluster_name }}"
#
# # Ip address of the kubernetes skydns service # Ip address of the kubernetes skydns service
skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}" dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
......
...@@ -18,9 +18,6 @@ dnsmasq_version: 2.72 ...@@ -18,9 +18,6 @@ dnsmasq_version: 2.72
dnsmasq_image_repo: "andyshinn/dnsmasq" dnsmasq_image_repo: "andyshinn/dnsmasq"
dnsmasq_image_tag: "{{ dnsmasq_version }}" dnsmasq_image_tag: "{{ dnsmasq_version }}"
# Skip dnsmasq setup
skip_dnsmasq: false
# Limits for dnsmasq/kubedns apps # Limits for dnsmasq/kubedns apps
dns_cpu_limit: 100m dns_cpu_limit: 100m
dns_memory_limit: 170Mi dns_memory_limit: 170Mi
......
...@@ -2,5 +2,5 @@ ...@@ -2,5 +2,5 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.dnsmasq }}" file: "{{ downloads.dnsmasq }}"
when: not skip_dnsmasq|default(false) and download_localhost|default(false) when: dns_mode == 'dnsmasq_kubedns' and download_localhost|default(false)
tags: [download, dnsmasq] tags: [download, dnsmasq]
...@@ -14,6 +14,10 @@ ...@@ -14,6 +14,10 @@
skip: true skip: true
tags: facts tags: facts
- include: set_facts_dns.yml
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
tags: facts
- name: check for minimum kernel version - name: check for minimum kernel version
fail: fail:
msg: > msg: >
...@@ -63,6 +67,13 @@ ...@@ -63,6 +67,13 @@
with_items: "{{ docker_package_info.pkgs }}" with_items: "{{ docker_package_info.pkgs }}"
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (docker_package_info.pkgs|length > 0) when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (docker_package_info.pkgs|length > 0)
- name: check minimum docker version for docker_dns mode. You need at least docker version >= 1.12 for resolvconf_mode=docker_dns
shell: docker version -f "{{ '{{' }}.Client.Version{{ '}}' }}"
register: docker_version
failed_when: docker_version.stdout|version_compare('1.12', '<')
changed_when: false
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
- name: Set docker systemd config - name: Set docker systemd config
include: systemd.yml include: systemd.yml
......
---
- name: set dns server for docker
set_fact:
docker_dns_servers: |-
{%- if dns_mode == 'kubedns' -%}
{{ [ skydns_server ] }}
{%- elif dns_mode == 'dnsmasq_kubedns' -%}
{{ [ dns_server ] }}
{%- endif -%}
- name: set base docker dns facts
set_fact:
docker_dns_search_domains:
- 'default.svc.{{ dns_domain }}'
- 'svc.{{ dns_domain }}'
docker_dns_options:
- ndots:{{ ndots }}
- timeout:2
- attempts:2
- name: add upstream dns servers (only when dnsmasq is not used)
set_fact:
docker_dns_servers: "{{ docker_dns_servers + upstream_dns_servers|default([]) }}"
when: dns_mode == 'kubedns'
- name: add global searchdomains
set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains + searchdomains|default([]) }}"
- name: check system nameservers
shell: grep "^nameserver" /etc/resolv.conf | sed 's/^nameserver\s*//'
changed_when: False
register: system_nameservers
- name: check system search domains
shell: grep "^search" /etc/resolv.conf | sed 's/^search\s*//'
changed_when: False
register: system_search_domains
- name: add system nameservers to docker options
set_fact:
docker_dns_servers: "{{ docker_dns_servers + [item] }}"
with_items: "{{ system_nameservers.stdout_lines|default([]) }}"
- name: add system search domains to docker options
set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains + [item] }}"
with_items: "{{ system_search_domains.stdout.split(' ') }}"
- name: check number of nameservers
fail: msg="Too many nameservers"
when: docker_dns_servers|length > 3
- name: check number of search domains
fail: msg="Too many search domains"
when: docker_dns_search_domains|length > 6
- name: check length of search domains
fail: msg="Search domains exceeded limit of 256 characters"
when: docker_dns_search_domains|join(' ')|length > 256
...@@ -21,4 +21,11 @@ ...@@ -21,4 +21,11 @@
dest: "/etc/systemd/system/docker.service.d/docker-options.conf" dest: "/etc/systemd/system/docker.service.d/docker-options.conf"
notify: restart docker notify: restart docker
- name: Write docker dns systemd drop-in
template:
src: docker-dns.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-dns.conf"
notify: restart docker
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
- meta: flush_handlers - meta: flush_handlers
\ No newline at end of file
[Service]
Environment="DOCKER_DNS_OPTIONS=\
{% for d in docker_dns_servers %}--dns {{ d }} {% endfor %} \
{% for d in docker_dns_search_domains %}--dns-search {{ d }} {% endfor %} \
{% for o in docker_dns_options %}--dns-opt {{ o }} {% endfor %} \
"
...@@ -22,6 +22,7 @@ ExecStart={{ docker_bin_dir }}/docker daemon \ ...@@ -22,6 +22,7 @@ ExecStart={{ docker_bin_dir }}/docker daemon \
$DOCKER_OPTS \ $DOCKER_OPTS \
$DOCKER_STORAGE_OPTIONS \ $DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \ $DOCKER_NETWORK_OPTIONS \
$DOCKER_DNS_OPTIONS \
$INSECURE_REGISTRY $INSECURE_REGISTRY
TasksMax=infinity TasksMax=infinity
LimitNOFILE=1048576 LimitNOFILE=1048576
......
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
- {file: kubedns-rc.yml, type: rc} - {file: kubedns-rc.yml, type: rc}
- {file: kubedns-svc.yml, type: svc} - {file: kubedns-svc.yml, type: svc}
register: manifests register: manifests
when: inventory_hostname == groups['kube-master'][0] when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
tags: dnsmasq tags: dnsmasq
- name: Kubernetes Apps | Start Resources - name: Kubernetes Apps | Start Resources
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"
state: "{{item.changed | ternary('latest','present') }}" state: "{{item.changed | ternary('latest','present') }}"
with_items: "{{ manifests.results }}" with_items: "{{ manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
tags: dnsmasq tags: dnsmasq
- include: tasks/calico-policy-controller.yml - include: tasks/calico-policy-controller.yml
......
...@@ -12,9 +12,9 @@ KUBELET_HOSTNAME="--hostname-override={{ ansible_hostname }}" ...@@ -12,9 +12,9 @@ KUBELET_HOSTNAME="--hostname-override={{ ansible_hostname }}"
{% set kubelet_args_base %}--pod-manifest-path={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}{% endset %} {% set kubelet_args_base %}--pod-manifest-path={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}{% endset %}
{# DNS settings for kubelet #} {# DNS settings for kubelet #}
{% if dns_setup|bool and skip_dnsmasq|bool %} {% if dns_mode == 'kubedns' %}
{% set kubelet_args_cluster_dns %}--cluster_dns={{ skydns_server }}{% endset %} {% set kubelet_args_cluster_dns %}--cluster_dns={{ skydns_server }}{% endset %}
{% elif dns_setup|bool %} {% elif dns_mode == 'dnsmasq_kubedns' %}
{% set kubelet_args_cluster_dns %}--cluster_dns={{ dns_server }}{% endset %} {% set kubelet_args_cluster_dns %}--cluster_dns={{ dns_server }}{% endset %}
{% else %} {% else %}
{% set kubelet_args_cluster_dns %}{% endset %} {% set kubelet_args_cluster_dns %}{% endset %}
......
...@@ -172,6 +172,7 @@ ...@@ -172,6 +172,7 @@
tags: [bootstrap-os, etchosts] tags: [bootstrap-os, etchosts]
- include: resolvconf.yml - include: resolvconf.yml
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
tags: [bootstrap-os, resolvconf] tags: [bootstrap-os, resolvconf]
- name: Check if we are running inside a Azure VM - name: Check if we are running inside a Azure VM
......
...@@ -67,7 +67,7 @@ ...@@ -67,7 +67,7 @@
- name: pick dnsmasq cluster IP or default resolver - name: pick dnsmasq cluster IP or default resolver
set_fact: set_fact:
dnsmasq_server: |- dnsmasq_server: |-
{%- if skip_dnsmasq|bool and not dns_early|bool -%} {%- if dns_mode == 'kubedns' and not dns_early|bool -%}
{{ [ skydns_server ] + upstream_dns_servers|default([]) }} {{ [ skydns_server ] + upstream_dns_servers|default([]) }}
{%- elif dns_early|bool -%} {%- elif dns_early|bool -%}
{{ upstream_dns_servers|default([]) }} {{ upstream_dns_servers|default([]) }}
......
...@@ -16,13 +16,26 @@ ...@@ -16,13 +16,26 @@
- etcd - etcd
register: services_removed register: services_removed
- name: reset | remove docker dropins
file:
path: "/etc/systemd/system/docker.service.d/{{ item }}"
state: absent
with_items:
- docker-dns.conf
- docker-options.conf
register: docker_dropins_removed
- name: reset | systemctl daemon-reload - name: reset | systemctl daemon-reload
command: systemctl daemon-reload command: systemctl daemon-reload
when: services_removed.changed when: services_removed.changed or docker_dropins_removed.changed
- name: reset | remove all containers - name: reset | remove all containers
shell: "{{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv" shell: "{{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv"
- name: reset | restart docker if needed
service: name=docker state=restarted
when: docker_dropins_removed.changed
- name: reset | gather mounted kubelet dirs - name: reset | gather mounted kubelet dirs
shell: mount | grep /var/lib/kubelet | awk '{print $3}' | tac shell: mount | grep /var/lib/kubelet | awk '{print $3}' | tac
register: mounted_dirs register: mounted_dirs
...@@ -42,6 +55,40 @@ ...@@ -42,6 +55,40 @@
- /etc/cni - /etc/cni
- /etc/nginx - /etc/nginx
- /etc/dnsmasq.d - /etc/dnsmasq.d
- /etc/dnsmasq.conf
- /etc/dnsmasq.d-available
- /etc/etcd.env - /etc/etcd.env
- /etc/calico - /etc/calico
- /opt/cni - /opt/cni
- /etc/dhcp/dhclient.d/zdnsupdate.sh
- /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate
- "{{ bin_dir }}/kubelet"
- name: reset | remove dns settings from dhclient.conf
blockinfile:
dest: "{{ item }}"
state: absent
follow: yes
marker: "# Ansible entries {mark}"
failed_when: false
with_items:
- /etc/dhclient.conf
- /etc/dhcp/dhclient.conf
- name: reset | remove host entries from /etc/hosts
blockinfile:
dest: "/etc/hosts"
state: absent
follow: yes
marker: "# Ansible inventory hosts {mark}"
- name: reset | Restart network
service:
name: >-
{% if ansible_os_family == "RedHat" -%}
network
{%- elif ansible_os_family == "Debian" -%}
networking
{%- endif %}
state: restarted
when: ansible_os_family != "CoreOS"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment