Browse Source
Merge pull request #504 from bogdando/rework_dnsstack
Merge pull request #504 from bogdando/rework_dnsstack
Make dnsmasq daemon set optionalpull/505/head
Smaine Kahlouch
8 years ago
committed by
GitHub
11 changed files with 199 additions and 145 deletions
Split View
Diff Options
-
21docs/dns-stack.md
-
BINdocs/figures/dns.png
-
2inventory/group_vars/all.yml
-
58roles/dnsmasq/tasks/dnsmasq.yml
-
135roles/dnsmasq/tasks/main.yml
-
100roles/dnsmasq/tasks/resolvconf.yml
-
15roles/dnsmasq/templates/01-kube-dns.conf.j2
-
1roles/dnsmasq/templates/dnsmasq-ds.yml
-
1roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
-
7roles/kubernetes/node/defaults/main.yml
-
4roles/kubernetes/node/templates/kubelet.j2
@ -0,0 +1,21 @@ |
|||
K8s DNS stack by Kargo |
|||
====================== |
|||
|
|||
Here is an approximate picture of how DNS things working and |
|||
being configured by Kargo ansible playbooks: |
|||
|
|||
![Image](figures/dns.png?raw=true) |
|||
|
|||
Note that an additional dnsmasq daemon set is installed by Kargo |
|||
by default. Kubelet will configure DNS base of all pods to use that |
|||
dnsmasq cluster IP. You can disable it with the ``skip_dnsmasq`` |
|||
var. This may be the case, if you're fine with Linux limit of max 3 |
|||
nameservers in the ``/etc/resolv.conf``. When skipped and bypassed |
|||
directly to Kubedns's dnsmasq cluster IP, it greatly simplifies things |
|||
by the price of limited nameservers though. |
|||
|
|||
Nameservers are configured in the hosts' ``/etc/resolv.conf`` files |
|||
from the ``nameservers`` (see also ``searchdomains``) vars. While the |
|||
``upstream_dns_servers`` will define additional DNS servers for the |
|||
dnsmasq daemon set running on all hosts (unless bypassed with |
|||
``skip_dnsmasq``). |
@ -0,0 +1,58 @@ |
|||
--- |
|||
- name: ensure dnsmasq.d directory exists |
|||
file: |
|||
path: /etc/dnsmasq.d |
|||
state: directory |
|||
|
|||
- name: ensure dnsmasq.d-available directory exists |
|||
file: |
|||
path: /etc/dnsmasq.d-available |
|||
state: directory |
|||
|
|||
- name: Write dnsmasq configuration |
|||
template: |
|||
src: 01-kube-dns.conf.j2 |
|||
dest: /etc/dnsmasq.d-available/01-kube-dns.conf |
|||
mode: 0755 |
|||
backup: yes |
|||
|
|||
- name: Stat dnsmasq configuration |
|||
stat: path=/etc/dnsmasq.d/01-kube-dns.conf |
|||
register: sym |
|||
|
|||
- name: Move previous configuration |
|||
command: mv /etc/dnsmasq.d/01-kube-dns.conf /etc/dnsmasq.d-available/01-kube-dns.conf.bak |
|||
changed_when: False |
|||
when: sym.stat.islnk is defined and sym.stat.islnk == False |
|||
|
|||
- name: Enable dnsmasq configuration |
|||
file: |
|||
src: /etc/dnsmasq.d-available/01-kube-dns.conf |
|||
dest: /etc/dnsmasq.d/01-kube-dns.conf |
|||
state: link |
|||
|
|||
- name: Create dnsmasq manifests |
|||
template: src={{item.file}} dest=/etc/kubernetes/{{item.file}} |
|||
with_items: |
|||
- {file: dnsmasq-ds.yml, type: ds} |
|||
- {file: dnsmasq-svc.yml, type: svc} |
|||
register: manifests |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: Start Resources |
|||
kube: |
|||
name: dnsmasq |
|||
namespace: kube-system |
|||
kubectl: "{{bin_dir}}/kubectl" |
|||
resource: "{{item.item.type}}" |
|||
filename: /etc/kubernetes/{{item.item.file}} |
|||
state: "{{item.changed | ternary('latest','present') }}" |
|||
with_items: "{{ manifests.results }}" |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: Check for dnsmasq port (pulling image and running container) |
|||
wait_for: |
|||
host: "{{dns_server}}" |
|||
port: 53 |
|||
delay: 5 |
|||
when: inventory_hostname == groups['kube-node'][0] |
@ -1,134 +1,5 @@ |
|||
--- |
|||
- name: ensure dnsmasq.d directory exists |
|||
file: |
|||
path: /etc/dnsmasq.d |
|||
state: directory |
|||
- include: dnsmasq.yml |
|||
when: "{{ not skip_dnsmasq|bool }}" |
|||
|
|||
- name: ensure dnsmasq.d-available directory exists |
|||
file: |
|||
path: /etc/dnsmasq.d-available |
|||
state: directory |
|||
|
|||
- name: Write dnsmasq configuration |
|||
template: |
|||
src: 01-kube-dns.conf.j2 |
|||
dest: /etc/dnsmasq.d-available/01-kube-dns.conf |
|||
mode: 0755 |
|||
backup: yes |
|||
|
|||
- name: Stat dnsmasq configuration |
|||
stat: path=/etc/dnsmasq.d/01-kube-dns.conf |
|||
register: sym |
|||
|
|||
- name: Move previous configuration |
|||
command: mv /etc/dnsmasq.d/01-kube-dns.conf /etc/dnsmasq.d-available/01-kube-dns.conf.bak |
|||
changed_when: False |
|||
when: sym.stat.islnk is defined and sym.stat.islnk == False |
|||
|
|||
- name: Enable dnsmasq configuration |
|||
file: |
|||
src: /etc/dnsmasq.d-available/01-kube-dns.conf |
|||
dest: /etc/dnsmasq.d/01-kube-dns.conf |
|||
state: link |
|||
|
|||
- name: Create dnsmasq manifests |
|||
template: src={{item.file}} dest=/etc/kubernetes/{{item.file}} |
|||
with_items: |
|||
- {file: dnsmasq-ds.yml, type: ds} |
|||
- {file: dnsmasq-svc.yml, type: svc} |
|||
register: manifests |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: Start Resources |
|||
kube: |
|||
name: dnsmasq |
|||
namespace: kube-system |
|||
kubectl: "{{bin_dir}}/kubectl" |
|||
resource: "{{item.item.type}}" |
|||
filename: /etc/kubernetes/{{item.item.file}} |
|||
state: "{{item.changed | ternary('latest','present') }}" |
|||
with_items: "{{ manifests.results }}" |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: Check for dnsmasq port (pulling image and running container) |
|||
wait_for: |
|||
host: "{{dns_server}}" |
|||
port: 53 |
|||
delay: 5 |
|||
when: inventory_hostname == groups['kube-node'][0] |
|||
|
|||
|
|||
- name: check resolvconf |
|||
shell: which resolvconf |
|||
register: resolvconf |
|||
ignore_errors: yes |
|||
|
|||
- name: target resolv.conf file |
|||
set_fact: |
|||
resolvconffile: >- |
|||
{%- if resolvconf.rc == 0 -%}/etc/resolvconf/resolv.conf.d/head{%- else -%}/etc/resolv.conf{%- endif -%} |
|||
|
|||
- name: generate search domains to resolvconf |
|||
set_fact: |
|||
searchentries="{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}" |
|||
|
|||
- name: generate nameservers to resolvconf |
|||
set_fact: |
|||
nameserverentries="{{ nameservers|default([]) + [ dns_server ] }}" |
|||
|
|||
- name: Add search resolv.conf |
|||
lineinfile: |
|||
line: "search {{searchentries}}" |
|||
dest: "{{resolvconffile}}" |
|||
state: present |
|||
insertbefore: BOF |
|||
backup: yes |
|||
follow: yes |
|||
|
|||
- name: Add local dnsmasq to resolv.conf |
|||
blockinfile: |
|||
dest: "{{resolvconffile}}" |
|||
block: |- |
|||
{% for item in nameserverentries -%} |
|||
nameserver {{ item }} |
|||
{% endfor %} |
|||
state: present |
|||
create: yes |
|||
backup: yes |
|||
follow: yes |
|||
marker: "# Ansible nameservers {mark}" |
|||
|
|||
- name: Add options to resolv.conf |
|||
lineinfile: |
|||
line: options {{ item }} |
|||
dest: "{{resolvconffile}}" |
|||
state: present |
|||
regexp: "^options.*{{ item }}$" |
|||
insertafter: EOF |
|||
backup: yes |
|||
follow: yes |
|||
with_items: |
|||
- timeout:2 |
|||
- attempts:2 |
|||
|
|||
- name: Remove search and nameserver options from resolvconf base |
|||
lineinfile: |
|||
dest: /etc/resolvconf/resolv.conf.d/base |
|||
state: absent |
|||
regexp: "^{{ item }}.*$" |
|||
backup: yes |
|||
follow: yes |
|||
with_items: |
|||
- search |
|||
- nameserver |
|||
when: resolvconf.rc == 0 |
|||
|
|||
- name: disable resolv.conf modification by dhclient |
|||
copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/znodnsupdate mode=0755 |
|||
notify: Dnsmasq | restart network |
|||
when: ansible_os_family == "Debian" |
|||
|
|||
- name: disable resolv.conf modification by dhclient |
|||
copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient.d/nodnsupdate mode=u+x |
|||
notify: Dnsmasq | restart network |
|||
when: ansible_os_family == "RedHat" |
|||
- include: resolvconf.yml |
@ -0,0 +1,100 @@ |
|||
--- |
|||
- name: check resolvconf |
|||
shell: which resolvconf |
|||
register: resolvconf |
|||
ignore_errors: yes |
|||
|
|||
- name: target resolv.conf file |
|||
set_fact: |
|||
resolvconffile: >- |
|||
{%- if resolvconf.rc == 0 -%}/etc/resolvconf/resolv.conf.d/head{%- else -%}/etc/resolv.conf{%- endif -%} |
|||
|
|||
- name: generate search domains to resolvconf |
|||
set_fact: |
|||
searchentries: |
|||
"{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}" |
|||
|
|||
- name: pick dnsmasq cluster IP |
|||
set_fact: |
|||
dnsmasq_server: >- |
|||
{%- if skip_dnsmasq|bool -%}{{ [ skydns_server ] + upstream_dns_servers|default([]) }}{%- else -%}{{ [ dns_server ] }}{%- endif -%} |
|||
|
|||
- name: generate nameservers to resolvconf |
|||
set_fact: |
|||
nameserverentries: |
|||
"{{ nameservers|default([]) + dnsmasq_server|default([]) }}" |
|||
|
|||
- name: Remove search and nameserver options from resolvconf head |
|||
lineinfile: |
|||
dest: /etc/resolvconf/resolv.conf.d/head |
|||
state: absent |
|||
regexp: "^{{ item }}.*$" |
|||
backup: yes |
|||
follow: yes |
|||
with_items: |
|||
- search |
|||
- nameserver |
|||
when: resolvconf.rc == 0 |
|||
notify: Dnsmasq | update resolvconf |
|||
|
|||
- name: Add search resolv.conf |
|||
lineinfile: |
|||
line: "search {{searchentries}}" |
|||
dest: "{{resolvconffile}}" |
|||
state: present |
|||
insertbefore: BOF |
|||
backup: yes |
|||
follow: yes |
|||
notify: Dnsmasq | update resolvconf |
|||
|
|||
- name: Add local dnsmasq to resolv.conf |
|||
blockinfile: |
|||
dest: "{{resolvconffile}}" |
|||
block: |- |
|||
{% for item in nameserverentries -%} |
|||
nameserver {{ item }} |
|||
{% endfor %} |
|||
state: present |
|||
insertafter: "^search.*$" |
|||
create: yes |
|||
backup: yes |
|||
follow: yes |
|||
marker: "# Ansible nameservers {mark}" |
|||
notify: Dnsmasq | update resolvconf |
|||
|
|||
- name: Add options to resolv.conf |
|||
lineinfile: |
|||
line: options {{ item }} |
|||
dest: "{{resolvconffile}}" |
|||
state: present |
|||
regexp: "^options.*{{ item }}$" |
|||
insertafter: EOF |
|||
backup: yes |
|||
follow: yes |
|||
with_items: |
|||
- timeout:2 |
|||
- attempts:2 |
|||
notify: Dnsmasq | update resolvconf |
|||
|
|||
- name: Remove search and nameserver options from resolvconf base |
|||
lineinfile: |
|||
dest: /etc/resolvconf/resolv.conf.d/base |
|||
state: absent |
|||
regexp: "^{{ item }}.*$" |
|||
backup: yes |
|||
follow: yes |
|||
with_items: |
|||
- search |
|||
- nameserver |
|||
when: resolvconf.rc == 0 |
|||
notify: Dnsmasq | update resolvconf |
|||
|
|||
- name: disable resolv.conf modification by dhclient |
|||
copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/znodnsupdate mode=0755 |
|||
notify: Dnsmasq | restart network |
|||
when: ansible_os_family == "Debian" |
|||
|
|||
- name: disable resolv.conf modification by dhclient |
|||
copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient.d/nodnsupdate mode=u+x |
|||
notify: Dnsmasq | restart network |
|||
when: ansible_os_family == "RedHat" |
Write
Preview
Loading…
Cancel
Save