Merge "Update DNS policy for pods in host network namespace"

2017-08-11 15:16:17 +00:00 · 2017-08-11 15:16:17 +00:00 · 8a8c813727
commit 8a8c813727
parent 53966ecbe1 0c75f1ab9c
15 changed files with 9 additions and 106 deletions
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -241,7 +241,5 @@ data:
 {{- if .Values.conf.sriov_agent.append -}}
 {{ .Values.conf.sriov_agent.append | indent 4 }}
 {{- end }}
  resolv.conf: |+
 {{ tuple "etc/_resolv.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  dnsmasq.conf: ""
 {{- end }}
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@ -38,7 +38,7 @@ spec:
        {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }}
      securityContext:
        runAsUser: 0
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      initContainers:
 {{ tuple $envAll $dependencies $mounts_neutron_dhcp_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -76,10 +76,6 @@ spec:
              mountPath: /etc/neutron/dnsmasq.conf
              subPath: dnsmasq.conf
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            - name: runopenvswitch
              mountPath: /run/openvswitch
            - name: socket
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@ -38,7 +38,7 @@ spec:
        {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
      securityContext:
        runAsUser: 0
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      initContainers:
 {{ tuple $envAll $dependencies $mounts_neutron_l3_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -72,10 +72,6 @@ spec:
              mountPath: /etc/neutron/l3_agent.ini
              subPath: l3_agent.ini
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            - name: runopenvswitch
              mountPath: /run/openvswitch
            - name: libmodules
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@ -38,7 +38,7 @@ spec:
        {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }}
      securityContext:
        runAsUser: 0
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      initContainers:
 {{ tuple $envAll $dependencies $mounts_neutron_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -74,10 +74,6 @@ spec:
              mountPath: /etc/neutron/metadata_agent.ini
              subPath: metadata_agent.ini
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            - name: runopenvswitch
              mountPath: /run/openvswitch
            - name: socket
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@ -36,7 +36,7 @@ spec:
    spec:
      nodeSelector:
        {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      initContainers:
 {{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -73,9 +73,6 @@ spec:
              readOnly: true
            - name: run
              mountPath: /run
            - name: neutron-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
 {{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
      containers:
        - name: ovs-agent
@ -118,9 +115,6 @@ spec:
              readOnly: true
            - name: run
              mountPath: /run
            - name: neutron-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
 {{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: varlibopenvswitch
--- a/neutron/templates/daemonset-ovs-db.yaml
+++ b/neutron/templates/daemonset-ovs-db.yaml
@ -35,7 +35,7 @@ spec:
        {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
      securityContext:
        runAsUser: 0
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      containers:
        - name: ovs-db
@ -51,10 +51,6 @@ spec:
              mountPath: /tmp/openvswitch-db-server.sh
              subPath: openvswitch-db-server.sh
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            - name: varlibopenvswitch
              mountPath: /var/lib/openvswitch/
            - name: run
--- a/neutron/templates/daemonset-ovs-vswitchd.yaml
+++ b/neutron/templates/daemonset-ovs-vswitchd.yaml
@ -35,7 +35,7 @@ spec:
        {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
      securityContext:
        runAsUser: 0
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      containers:
        - name: ovs-vswitchd
--- a/neutron/templates/etc/_resolv.conf.tpl
+++ b/neutron/templates/etc/_resolv.conf.tpl
@ -1,21 +0,0 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }}
 {{- range .Values.network.dns.servers }}
 nameserver {{ . | title }}
 {{- end }}
 options ndots:5
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -60,13 +60,6 @@ labels:
    node_selector_value: enabled
 network:
  dns:
    kubernetes_domain: cluster.local
    # this must list the skydns server first, and in calico
    # this is consistently 10.96.0.10
    servers:
    - 10.96.0.10
    - 8.8.8.8
  external_bridge: br-ex
  ip_address: 0.0.0.0
  interface:
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@ -125,8 +125,6 @@ data:
 {{- else -}}
 {{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}
  resolv.conf: |+
 {{ tuple "etc/_resolv.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  libvirtd.conf: |+
 {{ tuple "etc/_libvirtd.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  qemu.conf: |+
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@ -40,7 +40,7 @@ spec:
        runAsUser: 0
      hostNetwork: true
      hostPID: true
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
 {{ tuple $envAll $dependencies $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        {{- if .Values.ceph.enabled }}
@ -81,10 +81,6 @@ spec:
              mountPath: /etc/nova/api-paste.ini
              subPath: api-paste.ini
              readOnly: true
            - name: nova-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            - name: nova-etc
              mountPath: /etc/ceph/ceph.conf
              subPath: ceph.conf
@ -132,10 +128,6 @@ spec:
              mountPath: /etc/nova/policy.yaml
              subPath: policy.yaml
              readOnly: true
            - name: nova-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            {{- if .Values.ceph.enabled }}
            - name: etcceph
              mountPath: /etc/ceph
--- a/nova/templates/daemonset-libvirt.yaml
+++ b/nova/templates/daemonset-libvirt.yaml
@ -40,7 +40,7 @@ spec:
        runAsUser: 0
      hostNetwork: true
      hostPID: true
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
 {{ tuple $envAll $dependencies $mounts_nova_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        {{- if .Values.ceph.enabled }}
@ -98,10 +98,6 @@ spec:
              mountPath: /etc/nova/api-paste.ini
              subPath: api-paste.ini
              readOnly: true
            - name: nova-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            - mountPath: /lib/modules
              name: libmodules
              readOnly: true
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@ -41,7 +41,7 @@ spec:
      nodeSelector:
        {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }}
      hostNetwork: true
-      dnsPolicy: ClusterFirst
+      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
 {{ tuple $envAll $dependencies $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: nova-novncproxy-init
@ -77,10 +77,6 @@ spec:
              mountPath: /etc/nova/nova.conf
              subPath: nova.conf
              readOnly: true
            - name: nova-etc
              mountPath: /etc/resolv.conf
              subPath: resolv.conf
              readOnly: true
            - name: pod-shared
              mountPath: /tmp/pod-shared
 {{- if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}
--- a/nova/templates/etc/_resolv.conf.tpl
+++ b/nova/templates/etc/_resolv.conf.tpl
@ -1,21 +0,0 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }}
 {{- range .Values.network.dns.servers }}
 nameserver {{ . | title }}
 {{- end }}
 options ndots:5
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -105,12 +105,6 @@ bootstrap:
          vcpus: 8
 network:
  dns:
    servers:
      - "10.96.0.10"
      - "8.8.8.8"
    kubernetes_domain: "cluster.local"
    other_domains: ""
  osapi:
    port: 8774
    ingress: