[Nodelocal DNS cache] Mount host /run/xtables.lock in nodelocaldns container (#4074)

* Mount host /run/xtables.lock in nodelocaldns container * fix typo in nodelocaldns daemonset manifest yml * Add prometheus scrape annotation, updateStrategy and reduce termination grace period * fix indentation * actually fix it.. * Bump k8s-dns-node-cache tag to 1.15.1 (fixes https://github.com/kubernetes/dns/issues/282)

[Nodelocal DNS cache] Mount host /run/xtables.lock in nodelocaldns container (#4074)
595d6427 · Danny Kulchinsky · Kubernetes Prow Robot · 39dc61b9 · 595d6427 · 595d6427
Commit 595d6427 authored 6 years ago by Danny Kulchinsky Committed by Kubernetes Prow Robot 6 years ago
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -194,7 +194,7 @@ coredns_version: "1.2.6"
 coredns_image_repo: "coredns/coredns"
 coredns_image_tag: "{{ coredns_version }}"

-nodelocaldns_version: "1.15.0"
+nodelocaldns_version: "1.15.1"
 nodelocaldns_image_repo: "k8s.gcr.io/k8s-dns-node-cache"
 nodelocaldns_image_tag: "{{ nodelocaldns_version }}"


--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -6,7 +6,7 @@
  with_items:
    - { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
    - { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
-    - { name: nodelocaldns, file: nodelocaldns-deamonset.yml, type: daemonset }
+    - { name: nodelocaldns, file: nodelocaldns-daemonset.yml, type: daemonset }
  register: nodelocaldns_manifests
  vars:
    clusterIP: "{{ skydns_server }}"

--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
@@ -15,6 +15,9 @@ spec:
    metadata:
      labels:
        k8s-app: nodelocaldns
+      annotations:
+        prometheus.io/scrape: 'true'
+        prometheus.io/port: '9253'
    spec:
 {% if kube_version is version('v1.11.1', '>=') %}
      priorityClassName: system-cluster-critical
@@ -62,6 +65,8 @@ spec:
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
      volumes:
        - name: config-volume
          configMap:
@@ -69,4 +74,14 @@ spec:
            items:
            - key: Corefile
              path: Corefile
-      terminationGracePeriodSeconds: 30
+        - name: xtables-lock
+          hostPath:
+            path: /run/xtables.lock
+            type: FileOrCreate
+      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
+      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
+      terminationGracePeriodSeconds: 0
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ serial | default('20%') }}
+    type: RollingUpdate