diff --git a/roles/apps/k8s-kubedns b/roles/apps/k8s-kubedns
index b5015aed8ff5eed9c325911205cfbb23ad0e57be..d6df09a89721d98e2969a8abf29b4eb5e787fca6 160000
--- a/roles/apps/k8s-kubedns
+++ b/roles/apps/k8s-kubedns
@@ -1 +1 @@
-Subproject commit b5015aed8ff5eed9c325911205cfbb23ad0e57be
+Subproject commit d6df09a89721d98e2969a8abf29b4eb5e787fca6
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index f8b9fa197cf9acee66ea77a09720db43dbad77c6..ccff170f9f25640ba57ddff5882a41610ca93779 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -32,7 +32,6 @@
file:
path: /etc/dnsmasq.d
state: directory
- when: inventory_hostname in groups['kube-master']
- name: Write dnsmasq configuration
template:
@@ -40,17 +39,14 @@
dest: /etc/dnsmasq.d/01-kube-dns.conf
mode: 755
backup: yes
- when: inventory_hostname in groups['kube-master']
- name: Create dnsmasq pod manifest
template: src=dnsmasq-pod.yml dest=/etc/kubernetes/manifests/dnsmasq-pod.manifest
- when: inventory_hostname in groups['kube-master']
- name: Check for dnsmasq port (pulling image and running container)
wait_for:
port: 53
delay: 5
- when: inventory_hostname in groups['kube-master']
- name: check resolvconf
stat: path=/etc/resolvconf/resolv.conf.d/head
@@ -63,22 +59,34 @@
- name: Add search resolv.conf
lineinfile:
- line: search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}
+ line: "search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}"
dest: "{{resolvconffile}}"
state: present
insertbefore: BOF
backup: yes
follow: yes
-- name: Add all masters as nameserver
+- name: Add local dnsmasq to resolv.conf
lineinfile:
- line: nameserver {{ hostvars[item]['ansible_default_ipv4']['address'] }}
+ line: "nameserver 127.0.0.1"
dest: "{{resolvconffile}}"
state: present
insertafter: "^search.*$"
backup: yes
follow: yes
- with_items: groups['kube-master']
+
+- name: Add options to resolv.conf
+ lineinfile:
+ line: options {{ item }}
+ dest: "{{resolvconffile}}"
+ state: present
+ regexp: "^options.*{{ item }}$"
+ insertafter: EOF
+ backup: yes
+ follow: yes
+ with_items:
+ - timeout:2
+ - attempts:2
- name: disable resolv.conf modification by dhclient
copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate mode=u+x backup=yes
diff --git a/roles/dnsmasq/templates/01-kube-dns.conf.j2 b/roles/dnsmasq/templates/01-kube-dns.conf.j2
index e9e8d62e073125c3592ebbf03d453258ed87dccd..7a46bee827f20f917ae6cfdf645c7bae77712d58 100644
--- a/roles/dnsmasq/templates/01-kube-dns.conf.j2
+++ b/roles/dnsmasq/templates/01-kube-dns.conf.j2
@@ -1,5 +1,6 @@
-#Listen on all interfaces
-interface=*
+#Listen on localhost
+bind-interfaces
+listen-address=127.0.0.1
addn-hosts=/etc/hosts
diff --git a/roles/kubernetes/node/tasks/secrets.yml b/roles/kubernetes/node/tasks/secrets.yml
index 65c07aaa24686b47ab8cc39e6617352dd30d06e2..e448d6f2e86b9518b922a8a7504de461f065cb32 100644
--- a/roles/kubernetes/node/tasks/secrets.yml
+++ b/roles/kubernetes/node/tasks/secrets.yml
@@ -14,7 +14,6 @@
group={{ kube_cert_group }}
- include: gen_certs.yml
- run_once: true
when: inventory_hostname == groups['kube-master'][0]
- include: gen_tokens.yml
diff --git a/roles/network_plugin/handlers/main.yml b/roles/network_plugin/handlers/main.yml
index a62817981cbc46f5cfeaf66ba7850ae447124d6d..4a6e9e36065d98fff18e386f863ebcb4eadb441f 100644
--- a/roles/network_plugin/handlers/main.yml
+++ b/roles/network_plugin/handlers/main.yml
@@ -10,6 +10,7 @@
notify:
- reload systemd
- restart docker
+ - restart kubelet
- name: delete default docker bridge
command: ip link delete docker0
@@ -28,3 +29,8 @@
service:
name: docker
state: restarted
+
+- name: restart kubelet
+ service:
+ name: kubelet
+ state: restarted