openstack/openstack-helm
Code Issues Proposed changes

Update DNS policy for pods in host network namespace

Browse Source 
This PS updates the DNS policy for pods that run in the hosts network
namespace.

Change-Id: I5ff11985459c967e5248d1ce9f62ebfc578e3afb
This commit is contained in:
Pete Birley 2017-08-10 12:29:23 -05:00
parent c4050ba375
commit 0c75f1ab9c
15 changed files with 9 additions and 106 deletions

2
neutron/templates/configmap-etc.yaml

@ -241,7 +241,5 @@ data:
{{- if .Values.conf.sriov_agent.append -}}
{{ .Values.conf.sriov_agent.append | indent 4 }}
{{- end }}
resolv.conf: |+
{{ tuple "etc/_resolv.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dnsmasq.conf: ""
{{- end }}

6
neutron/templates/daemonset-dhcp-agent.yaml

@ -38,7 +38,7 @@ spec:
{{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_dhcp_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -76,10 +76,6 @@ spec:
mountPath: /etc/neutron/dnsmasq.conf
subPath: dnsmasq.conf
readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: runopenvswitch
mountPath: /run/openvswitch
- name: socket

6
neutron/templates/daemonset-l3-agent.yaml

@ -38,7 +38,7 @@ spec:
{{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_l3_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -72,10 +72,6 @@ spec:
mountPath: /etc/neutron/l3_agent.ini
subPath: l3_agent.ini
readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: runopenvswitch
mountPath: /run/openvswitch
- name: libmodules

6
neutron/templates/daemonset-metadata-agent.yaml

@ -38,7 +38,7 @@ spec:
{{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -74,10 +74,6 @@ spec:
mountPath: /etc/neutron/metadata_agent.ini
subPath: metadata_agent.ini
readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: runopenvswitch
mountPath: /run/openvswitch
- name: socket

8
neutron/templates/daemonset-ovs-agent.yaml

@ -36,7 +36,7 @@ spec:
spec:
nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -73,9 +73,6 @@ spec:
readOnly: true
- name: run
mountPath: /run
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
{{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
containers:
- name: ovs-agent
@ -118,9 +115,6 @@ spec:
readOnly: true
- name: run
mountPath: /run
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
{{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: varlibopenvswitch

6
neutron/templates/daemonset-ovs-db.yaml

@ -35,7 +35,7 @@ spec:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
containers:
- name: ovs-db
@ -51,10 +51,6 @@ spec:
mountPath: /tmp/openvswitch-db-server.sh
subPath: openvswitch-db-server.sh
readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: varlibopenvswitch
mountPath: /var/lib/openvswitch/
- name: run

2
neutron/templates/daemonset-ovs-vswitchd.yaml

@ -35,7 +35,7 @@ spec:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
containers:
- name: ovs-vswitchd

21
neutron/templates/etc/_resolv.conf.tpl

@ -1,21 +0,0 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }}
{{- range .Values.network.dns.servers }}
nameserver {{ . | title }}
{{- end }}
options ndots:5

7
neutron/values.yaml

@ -60,13 +60,6 @@ labels:
node_selector_value: enabled
network:
dns:
kubernetes_domain: cluster.local
# this must list the skydns server first, and in calico
# this is consistently 10.96.0.10
servers:
- 10.96.0.10
- 8.8.8.8
external_bridge: br-ex
ip_address: 0.0.0.0
interface:

2
nova/templates/configmap-etc.yaml

@ -125,8 +125,6 @@ data:
{{- else -}}
{{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
resolv.conf: |+
{{ tuple "etc/_resolv.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
libvirtd.conf: |+
{{ tuple "etc/_libvirtd.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
qemu.conf: |+

10
nova/templates/daemonset-compute.yaml

@ -40,7 +40,7 @@ spec:
runAsUser: 0
hostNetwork: true
hostPID: true
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
initContainers:
{{ tuple $envAll $dependencies $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if .Values.ceph.enabled }}
@ -81,10 +81,6 @@ spec:
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: nova-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
@ -132,10 +128,6 @@ spec:
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
{{- if .Values.ceph.enabled }}
- name: etcceph
mountPath: /etc/ceph

6
nova/templates/daemonset-libvirt.yaml

@ -40,7 +40,7 @@ spec:
runAsUser: 0
hostNetwork: true
hostPID: true
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
initContainers:
{{ tuple $envAll $dependencies $mounts_nova_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if .Values.ceph.enabled }}
@ -98,10 +98,6 @@ spec:
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- mountPath: /lib/modules
name: libmodules
readOnly: true

6
nova/templates/deployment-novncproxy.yaml

@ -41,7 +41,7 @@ spec:
nodeSelector:
{{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }}
hostNetwork: true
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirstWithHostNet
initContainers:
{{ tuple $envAll $dependencies $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: nova-novncproxy-init
@ -77,10 +77,6 @@ spec:
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
{{- if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}

21
nova/templates/etc/_resolv.conf.tpl

@ -1,21 +0,0 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }}
{{- range .Values.network.dns.servers }}
nameserver {{ . | title }}
{{- end }}
options ndots:5

6
nova/values.yaml

@ -105,12 +105,6 @@ bootstrap:
vcpus: 8
network:
dns:
servers:
- "10.96.0.10"
- "8.8.8.8"
kubernetes_domain: "cluster.local"
other_domains: ""
osapi:
port: 8774
ingress: