From 6069681288c50619c2c37c352d475987d9939820 Mon Sep 17 00:00:00 2001 From: Kevin Richardson Date: Thu, 20 Aug 2020 11:22:06 -0400 Subject: [PATCH 1/2] Always create dnsmasq-node-coredns-local.yaml If this file does not exist (as would be the case if the CoreDNS local feature has not been enabled), controller nodes will fail to come up with the error: > error: the path "/srv/kubernetes/manifests/dnsmasq-node-coredns-local.yaml" does not exist This is caused when `kubectl delete` is called against the file because of the line `remove "${mfdir}/dnsmasq-node-coredns-local.yaml`. This manifest must always be generated because the CoreDNS-local feature cannot be enabled and then later disabled without otherwise requiring manual operator intervention. --- builtin/files/userdata/cloud-config-controller | 2 -- 1 file changed, 2 deletions(-) diff --git a/builtin/files/userdata/cloud-config-controller b/builtin/files/userdata/cloud-config-controller index 1684ea8ab..66857a557 100644 --- a/builtin/files/userdata/cloud-config-controller +++ b/builtin/files/userdata/cloud-config-controller @@ -3975,7 +3975,6 @@ write_files: - --v=2 - --logtostderr -{{ if and .KubeDns.NodeLocalResolver .KubeDns.DNSMasq.CoreDNSLocal.Enabled }} - path: /srv/kubernetes/manifests/dnsmasq-node-coredns-local.yaml content: | apiVersion: v1 @@ -4052,7 +4051,6 @@ write_files: cache 30 reload } -{{ end }} {{ if .KubeDns.NodeLocalResolver }} - path: /srv/kubernetes/manifests/dnsmasq-node-ds.yaml From ecce43e374285dc82d98d5e36c809c1f30474004 Mon Sep 17 00:00:00 2001 From: Kevin Richardson Date: Thu, 20 Aug 2020 13:08:52 -0400 Subject: [PATCH 2/2] Create dnsmasq-node's ServiceAccount if it is enabled This ServiceAccount must exist whether or not CoreDNS-local has been enabled. Therefore, it is created alongside the DaemonSet rather than as part of the coredns-local manifest. --- .../files/userdata/cloud-config-controller | 72 +++++++++---------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/builtin/files/userdata/cloud-config-controller b/builtin/files/userdata/cloud-config-controller index 66857a557..e3b90110c 100644 --- a/builtin/files/userdata/cloud-config-controller +++ b/builtin/files/userdata/cloud-config-controller @@ -3976,6 +3976,42 @@ write_files: - --logtostderr - path: /srv/kubernetes/manifests/dnsmasq-node-coredns-local.yaml + content: | + apiVersion: v1 + kind: ConfigMap + metadata: + name: coredns-local + namespace: kube-system + labels: + application: coredns + data: + Corefile: | + {{- if and (eq .KubeDns.Provider "coredns") .KubeDns.AdditionalZoneCoreDNSConfig }} +{{ .KubeDns.AdditionalZoneCoreDNSConfig | indent 12 }} + {{- end }} + + cluster.local:9254 {{ .PodCIDR }}:9254 {{ .ServiceCIDR }}:9254 { + errors + kubernetes { + pods insecure + } + cache 30 + log svc.svc.cluster.local. + prometheus :9153 + } + + .:9254 { + errors + health :9154 # this is global for all servers + prometheus :9153 + forward . /etc/resolv.conf + pprof 127.0.0.1:9156 + cache 30 + reload + } + +{{ if .KubeDns.NodeLocalResolver }} + - path: /srv/kubernetes/manifests/dnsmasq-node-ds.yaml content: | apiVersion: v1 kind: ServiceAccount @@ -4019,42 +4055,6 @@ write_files: name: dnsmasq namespace: kube-system --- - apiVersion: v1 - kind: ConfigMap - metadata: - name: coredns-local - namespace: kube-system - labels: - application: coredns - data: - Corefile: | - {{- if and (eq .KubeDns.Provider "coredns") .KubeDns.AdditionalZoneCoreDNSConfig }} -{{ .KubeDns.AdditionalZoneCoreDNSConfig | indent 12 }} - {{- end }} - - cluster.local:9254 {{ .PodCIDR }}:9254 {{ .ServiceCIDR }}:9254 { - errors - kubernetes { - pods insecure - } - cache 30 - log svc.svc.cluster.local. - prometheus :9153 - } - - .:9254 { - errors - health :9154 # this is global for all servers - prometheus :9153 - forward . /etc/resolv.conf - pprof 127.0.0.1:9156 - cache 30 - reload - } - -{{ if .KubeDns.NodeLocalResolver }} - - path: /srv/kubernetes/manifests/dnsmasq-node-ds.yaml - content: | apiVersion: extensions/v1beta1 kind: DaemonSet metadata: