diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index 9f4169ace891e0ea9187a4502041da94ec0cf9f7..d044c08851e715af83a2915373c2a1db258906d7 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -28,15 +28,6 @@
- '^127\.0\.0\.1(\s+){{ inventory_hostname }}.*'
- '^::1(\s+){{ inventory_hostname }}.*'
-- name: install dnsmasq and bindr9utils
- apt:
- name: "{{ item }}"
- state: present
- update_cache: yes
- with_items:
- - dnsmasq
- - bind9utils
- when: inventory_hostname in groups['kube-master']
- name: ensure dnsmasq.d directory exists
file:
@@ -54,13 +45,6 @@
- restart dnsmasq
when: inventory_hostname in groups['kube-master']
-- name: enable dnsmasq
- service:
- name: dnsmasq
- state: started
- enabled: yes
- when: inventory_hostname in groups['kube-master']
-
- name: update resolv.conf with new DNS setup
template:
src: resolv.conf.j2
diff --git a/roles/dnsmasq/templates/dnsmasq-pod.yml b/roles/dnsmasq/templates/dnsmasq-pod.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1150e14c709e5f66afc38bba38932b32a675a7d0
--- /dev/null
+++ b/roles/dnsmasq/templates/dnsmasq-pod.yml
@@ -0,0 +1,49 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: dnsmasq
+ namespace: kube-system
+spec:
+ hostNetwork: true
+ containers:
+ - name: dnsmasq
+ image: andyshinn/dnsmasq:2.72
+ command:
+ - dnsmasq
+ args:
+ - -k
+ - "-7"
+ - /etc/dnsmasq.d
+ - --local-service
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
+ imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: 100m
+ memory: 256M
+ ports:
+ - name: dns
+ containerPort: 53
+ hostPort: 53
+ protocol: UDP
+ - name: dns-tcp
+ containerPort: 53
+ hostPort: 53
+ protocol: TCP
+ volumeMounts:
+ - name: etcdnsmasqd
+ mountPath: /etc/dnsmasq.d
+ - name: etcdnsmasqdavailable
+ mountPath: /etc/dnsmasq.d-available
+
+ volumes:
+ - name: etcdnsmasqd
+ hostPath:
+ path: /etc/dnsmasq.d
+ - name: etcdnsmasqdavailable
+ hostPath:
+ path: /etc/dnsmasq.d-available