diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 31f577c10569b8841fa3712a044bcd971b15fc69..bd89b4f7fd3c1540c38343d6256551bb310af66b 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -181,7 +181,7 @@ dnsmasq_sidecar_image_tag: "{{ kubedns_version }}"
dnsmasqautoscaler_version: 1.1.2
dnsmasqautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-{{ image_arch }}"
dnsmasqautoscaler_image_tag: "{{ dnsmasqautoscaler_version }}"
-dnsautoscaler_version: 1.2.0
+dnsautoscaler_version: 1.3.0
dnsautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-{{ image_arch }}"
dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
test_image_repo: busybox
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index ff2bbd3f23ad90f36c54d92bf70ae6fa540c849a..8b851e086ae502fb9320f536c0d35c5b2d67a984 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -9,6 +9,8 @@ dns_cpu_requests: 100m
dns_memory_requests: 70Mi
dns_min_replicas: 2
dns_nodes_per_replica: 10
+dns_cores_per_replica: 20
+dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas > '1' else 'false' }}"
# Images
image_arch: "{{host_architecture}}"
diff --git a/roles/kubernetes-apps/ansible/tasks/kubedns.yml b/roles/kubernetes-apps/ansible/tasks/kubedns.yml
index 99a35769892b7808f2a8a434ee5f91ec5185e712..0627a5fca94fa8966e653486becbce8035d4b78b 100644
--- a/roles/kubernetes-apps/ansible/tasks/kubedns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/kubedns.yml
@@ -6,6 +6,7 @@
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- { name: kube-dns, file: kubedns-sa.yml, type: sa }
+ - { name: kube-dns, file: kubedns-config.yml, type: configmap }
- { name: kube-dns, file: kubedns-deploy.yml, type: deployment }
- { name: kube-dns, file: kubedns-svc.yml, type: svc }
- { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa }
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-clusterrole.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-clusterrole.yml.j2
index 812d95211155f0ac860274eb5c6c1137d2b88e23..248cd8cb2a0aa3c2310802e97ec0a7344b6ad083 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-clusterrole.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-clusterrole.yml.j2
@@ -1,9 +1,10 @@
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
+ addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
@@ -16,3 +17,9 @@ rules:
verbs:
- list
- watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
index bbda5ebc430cffa5b0d30b2db4fb54a96ef6c45e..7c79ccfdec50bc9ab9c14925897a239df623bc56 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
@@ -1,11 +1,12 @@
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
+ addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
index 928f82cdf41863e29e38457c031386c634f08872..1df7b148f9a93a8331694c54370be7c56645f237 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@@ -4,6 +4,8 @@ kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
+ labels:
+ addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index 8e98ecaf7b5e5916c4253e14473c5ffdb602403a..a1da84eb488cf94ffbbcb979b7db1123e274f3a8 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -2,10 +2,12 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
- name: coredns{{ coredns_ordinal_suffix | default('') }}
+ name: "coredns{{ coredns_ordinal_suffix | default('') }}"
namespace: kube-system
labels:
- k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
+ k8s-app: "coredns{{ coredns_ordinal_suffix | default('') }}"
+ kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}"
spec:
strategy:
@@ -21,7 +23,7 @@ spec:
labels:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
+ seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
index 8d2b47c46cf19561fce25b10bc9dd5ba0bcce8ca..8b661936e772992573a092aa385b22452abd4fde 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
@@ -4,3 +4,6 @@ kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
+ labels:
+ kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
index 1eb3947ad32b0d915fb6c7c036cecbd06bc4fefe..75513f59e503478f92b9dcd0c3f10c3ac81d6b4d 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
@@ -8,6 +8,7 @@ metadata:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}"
+ addonmanager.kubernetes.io/mode: Reconcile
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "9153"
diff --git a/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrole.yml.j2 b/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrole.yml.j2
index dba3ff73d9b5c31d2c82dd44aceccaf990e48483..772ad8626231bf478203289ddc689729c95821f4 100644
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrole.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrole.yml.j2
@@ -14,10 +14,11 @@
# limitations under the License.
kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: cluster-proportional-autoscaler
- namespace: kube-system
+ name: system:dns-autoscaler
+ labels:
+ addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups: [""]
resources: ["nodes"]
diff --git a/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrolebinding.yml.j2 b/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrolebinding.yml.j2
index 3b11c6b9fcb1a8912188b7cbe8579d5e7de375d4..da1a0a9179e37350eefe2a23e0e46b57c2e601df 100644
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrolebinding.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler-clusterrolebinding.yml.j2
@@ -14,15 +14,16 @@
# limitations under the License.
kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: cluster-proportional-autoscaler
- namespace: kube-system
+ name: system:dns-autoscaler
+ labels:
+ addonmanager.kubernetes.io/mode: Reconcile
subjects:
- kind: ServiceAccount
- name: cluster-proportional-autoscaler
+ name: dns-autoscaler
namespace: kube-system
roleRef:
kind: ClusterRole
- name: cluster-proportional-autoscaler
+ name: system:dns-autoscaler
apiGroup: rbac.authorization.k8s.io
diff --git a/roles/kubernetes-apps/ansible/templates/dns-autoscaler-sa.yml.j2 b/roles/kubernetes-apps/ansible/templates/dns-autoscaler-sa.yml.j2
index 4c440f653f134e2bde87fcf330ad9ef6c9a60f82..3ce9b5137543c6ec8d12f52ec5789d3ef694e09b 100644
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler-sa.yml.j2
@@ -16,5 +16,7 @@
kind: ServiceAccount
apiVersion: v1
metadata:
- name: cluster-proportional-autoscaler
+ name: dns-autoscaler
namespace: kube-system
+ labels:
+ addonmanager.kubernetes.io/mode: Reconcile
diff --git a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
index d894eebf23babe3aa9ad0d1e6c95b11ed9eb1fd7..df86b1025fd608681ed983437e092e9f72739a23 100644
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: dns-autoscaler
@@ -23,10 +23,16 @@ metadata:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
+ selector:
+ matchLabels:
+ k8s-app: dns-autoscaler
template:
metadata:
labels:
k8s-app: dns-autoscaler
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
@@ -63,7 +69,7 @@ spec:
command:
- /cluster-proportional-autoscaler
- --namespace=kube-system
- - --default-params={"linear":{"nodesPerReplica":{{ dns_nodes_per_replica }},"min":{{ dns_min_replicas }}}}
+ - --default-params={"linear":{"preventSinglePointFailure":{{ dns_prevent_single_point_failure }},"coresPerReplica":{{ dns_cores_per_replica }},"nodesPerReplica":{{ dns_nodes_per_replica }},"min":{{ dns_min_replicas }}}}
- --logtostderr=true
- --v=2
- --configmap=dns-autoscaler
@@ -73,4 +79,7 @@ spec:
{% if dns_mode in ['kubedns', 'dnsmasq_kubedns'] %}
- --target=Deployment/kube-dns
{% endif %}
- serviceAccountName: cluster-proportional-autoscaler
+ tolerations:
+ - key: "CriticalAddonsOnly"
+ operator: "Exists"
+ serviceAccountName: dns-autoscaler
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-config.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b271e37c1b9ff80e01070777f9fc72cb1891e054
--- /dev/null
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-config.yml.j2
@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kube-dns
+ namespace: kube-system
+ labels:
+ addonmanager.kubernetes.io/mode: EnsureExists
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 37ed1db4ed10e1eb9f3d93d9532f9e92e1779b30..ef9fa5dbf2fd21c4fe37b0b93ce71dcf8a3c3254 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -26,6 +26,7 @@ spec:
k8s-app: kube-dns
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
+ seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
@@ -135,6 +136,7 @@ spec:
- --
- -k
- --cache-size=1000
+ - --no-negcache
- --dns-loop-detect
- --log-facility=-
- --server=/{{ dns_domain }}/127.0.0.1#10053
@@ -169,8 +171,8 @@ spec:
args:
- --v={{ kube_log_level }}
- --logtostderr
- - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ dns_domain }},5,A
- - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ dns_domain }},5,A
+ - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ dns_domain }},5,SRV
+ - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ dns_domain }},5,SRV
ports:
- containerPort: 10054
name: metrics
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
index 296a3a938201181734d041e404d637bdd6e738c7..fe8173a313b8922396b4c037d845d3a489a95b63 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
@@ -6,3 +6,4 @@ metadata:
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile