[CE-390]Fix the agent dns upstream lookup issue

Ansible agent sets up k8s cluster from scratch. However in recent changes, the dns service was not setup correctly for upstream dns services. This patch fixes the following problems: 1. DNS upstream dns lookup 2. Upgrade to kube-dns 1.14.8 3. Setup chaincode vm endpoint to be default, so that people can easily see chaincode images and containers by easily login to the daemon set pods 4. Allow users to control if the fabric service like orderer and peer should be expose to the world Change-Id: I99a9703d18a8186205ce814c75002a6fc4ba911e Signed-off-by: Tong Li <litong01@us.ibm.com>
hyperledger-cello · Jun 22, 2018 · a5f98ca · a5f98ca
1 parent e53af90
commit a5f98ca
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 22 deletions.
diff --git a/src/agent/ansible/roles/deploy_k8s/fabricsetup/tasks/apply.yml b/src/agent/ansible/roles/deploy_k8s/fabricsetup/tasks/apply.yml
@@ -161,6 +161,24 @@
   retries: 50
   delay: 5
 
+- name: Get all the endpoint pods
+  command: >-
+    ./kubectl --kubeconfig kubeconfig -o=custom-columns=NAME:.metadata.name
+    get pods -l name=dind --no-headers
+  args:
+    chdir: "{{ playbook_dir }}/../../vars/"
+  register: dindpods
+  tags: "downloadccenv"
+
+- name: Download chaincode container image
+  command: >-
+    ./kubectl --kubeconfig kubeconfig exec {{ item }} --
+    docker pull {{ fabric.repo.url }}fabric-ccenv:{{ fabric.baseimage_tag }}
+  args:
+    chdir: "{{ playbook_dir }}/../../vars/"
+  with_items: "{{ dindpods.stdout_lines }}"
+  tags: "downloadccenv"
+
 - name: Start channel operations
   command: "./kubectl --kubeconfig kubeconfig apply -f ../run/cli-k8s.yaml"
   args:

diff --git a/src/agent/ansible/roles/deploy_k8s/fabricsetup/templates/chainep.j2 b/src/agent/ansible/roles/deploy_k8s/fabricsetup/templates/chainep.j2
@@ -18,14 +18,14 @@ spec:
         image: docker:dind
         args:
           - dockerd
-          - -H unix:///var/run/dind/docker.sock
+          - -H unix:///var/run/docker.sock
         securityContext:
           privileged: true
         volumeMounts:
         - name: varlibdocker
           mountPath: /var/lib/docker
         - name: rundind
-          mountPath: /var/run/dind
+          mountPath: /var/run
       terminationGracePeriodSeconds: 30
       volumes:
       - name: varlibdocker

diff --git a/src/agent/ansible/roles/deploy_k8s/fabricsetup/templates/fabric-pod.j2 b/src/agent/ansible/roles/deploy_k8s/fabricsetup/templates/fabric-pod.j2
@@ -196,6 +196,9 @@ metadata:
 spec:
   selector:
     k8s-app: {{ ca.name }}
+{% if fabric.k8s.exposeserviceport %}
+  type: NodePort
+{% endif %}
   ports:
     - name: port1
       port: 7054
@@ -232,9 +235,6 @@ spec:
                 - peer
           topologyKey: kubernetes.io/hostname
   volumes:
-    - name: varrun
-      hostPath:
-        path: /var/run
     - name: task-pv-storage
       persistentVolumeClaim:
         claimName: fabriccerts
@@ -263,7 +263,7 @@ spec:
       securityContext:
         privileged: true
       env:
-        - { name: "CORE_VM_ENDPOINT", value: "unix:///var/run/dind/docker.sock" }
+        - { name: "CORE_VM_ENDPOINT", value: "unix:///var/run/docker.sock" }
         - { name: "FABRIC_CFG_PATH", value: "/etc/hyperledger/fabric/keyfiles/{{ peer.org }}/peers/{{ peer.name }}.{{ peer.org }}" }
         - { name: "CORE_LOGGING_LEVEL", value: "{{ fabric.logging_level | default('ERROR') }}" }
         - { name: "CORE_PEER_ENDORSER_ENABLED", value: "true" }
@@ -295,9 +295,8 @@ spec:
 {% endif %}
 {% include './resource.j2' %}
       volumeMounts:
-        - { mountPath: "/host/var/run", name: "varrun" }
         - { mountPath: "/etc/hyperledger/fabric", name: "task-pv-storage" }
-        - { mountPath: "/var/run/dind", name: "rundind" }
+        - { mountPath: "/var/run", name: "rundind" }
       command: ["peer"]
       args: ["node", "start"]
 ---
@@ -310,6 +309,9 @@ metadata:
 spec:
   selector:
     k8s-app: {{ peer.name }}
+{% if fabric.k8s.exposeserviceport %}
+  type: NodePort
+{% endif %}
   ports:
   - name: port1
     port: 7051
@@ -391,6 +393,9 @@ metadata:
 spec:
   selector:
     k8s-app: {{ orderer.name }}
+{% if fabric.k8s.exposeserviceport %}
+  type: NodePort
+{% endif %}
   ports:
     - name: port1
       port: 7050

diff --git a/src/agent/ansible/roles/env_k8s/post/tasks/apply.yml b/src/agent/ansible/roles/env_k8s/post/tasks/apply.yml
@@ -6,12 +6,6 @@
     node_name: "{{ hostvars[ansible_host].inter_name }}"
     fabricroot: "/opt/fabric"
 
-- include: common.yml
-
-- name: Combine all possible name servers
-  set_fact:
-    nameservers: "{{ nameserverraw.stdout_lines | join(',') }}"
-
 - name: Upload addon service configuration files
   template:
     src: "{{ playbook_dir }}/../env_k8s/post/templates/{{ item }}.j2"

diff --git a/src/agent/ansible/roles/env_k8s/post/tasks/common.yml b/src/agent/ansible/roles/env_k8s/post/tasks/common.yml
diff --git a/src/agent/ansible/roles/env_k8s/post/templates/dnscontroller.j2 b/src/agent/ansible/roles/env_k8s/post/templates/dnscontroller.j2
@@ -1,3 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kube-dns
+  namespace: kube-system
+data:
+  upstreamNameservers: |
+    ["8.8.8.8", "8.8.4.4"]
+---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@@ -37,7 +46,7 @@ spec:
         dashboardId: master
       containers:
       - name: kubedns
-        image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4
+        image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.8
         resources:
           limits:
             memory: 170Mi
@@ -64,8 +73,8 @@ spec:
         - --domain=fabricnet.
         - --dns-port=10053
         - --kubecfg-file=/kube-config
+        - --config-dir=/kube-dns-config
         - --kube-master-url=http://{{ private_ip }}:8080
-        - --nameservers={{ nameservers }}
         - --v=2
         env:
         - name: PROMETHEUS_PORT
@@ -83,8 +92,10 @@ spec:
         volumeMounts:
         - name: kube-config
           mountPath: /kube-config
+        - name: kube-dns-config
+          mountPath: /kube-dns-config
       - name: dnsmasq
-        image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4
+        image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -121,7 +132,7 @@ spec:
         - name: kube-dns-config
           mountPath: /etc/k8s/dns/dnsmasq-nanny
       - name: sidecar
-        image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4
+        image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.8
         livenessProbe:
           httpGet:
             path: /metrics

diff --git a/src/agent/ansible/vars/bc1st.yml b/src/agent/ansible/vars/bc1st.yml
@@ -20,6 +20,7 @@ fabric: {
   tls: false,
   logging_level: "ERROR",
   k8s: {
+    exposeserviceport: False,
     storageclass: "default",
     storagecapacity: "2Gi",
     shared_storage: false,

diff --git a/src/agent/ansible/vars/bc2nd.yml b/src/agent/ansible/vars/bc2nd.yml
@@ -14,6 +14,7 @@ fabric: {
   tls: true,
   logging_level: "ERROR",
   k8s: {
+    exposeserviceport: False,
     storageclass: "default",
     storagecapacity: "2Gi",
     shared_storage: false,

diff --git a/src/agent/ansible/vars/vb1st.yml b/src/agent/ansible/vars/vb1st.yml
@@ -20,6 +20,7 @@ fabric: {
   tls: false,
   logging_level: "ERROR",
   k8s: {
+    exposeserviceport: True,
     storageclass: "default",
     storagecapacity: "2Gi",
     shared_storage: false,