Don't let node-local-dns add iptables rules

Since we use the local IP we don't need the iptables rule for the cluster dns IP
2020-10-16 11:30:19 +02:00 · 2020-10-16 11:30:19 +02:00 · a7c7af4e97
parent d105c9299e
commit a7c7af4e97
3 changed files with 20 additions and 26 deletions
--- a/upup/models/bindata.go
+++ b/upup/models/bindata.go
@ -19029,7 +19029,7 @@ data:
        }
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . {{ NodeLocalDNSClusterIP }} {
          force_tcp
        }
@ -19041,7 +19041,7 @@ data:
        cache 30
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . {{ NodeLocalDNSClusterIP }} {
          force_tcp
        }
@ -19052,7 +19052,7 @@ data:
        cache 30
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . {{ NodeLocalDNSClusterIP }} {
          force_tcp
        }
@ -19063,7 +19063,7 @@ data:
        cache 30
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . __PILLAR__UPSTREAM__SERVERS__
        prometheus :9253
    }
@ -19105,16 +19105,16 @@ spec:
        operator: "Exists"
      containers:
      - name: node-cache
-        image: k8s.gcr.io/k8s-dns-node-cache:1.15.10
+        image: k8s.gcr.io/dns/k8s-dns-node-cache:1.15.14
        resources:
          requests:
            cpu: {{ KubeDNS.NodeLocalDNS.CPURequest }}
            memory: {{ KubeDNS.NodeLocalDNS.MemoryRequest }}
-        {{ if NodeLocalDNSServerIP }}
-        args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }},{{ NodeLocalDNSServerIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
-        {{ else }}
-        args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
-        {{ end }}
+        args:
+          - -localip={{ .KubeDNS.NodeLocalDNS.LocalIP }}
+          - -conf=/etc/Corefile
+          - -upstreamsvc=kube-dns-upstream
+          - -setupiptables=false
        securityContext:
          privileged: true
        ports:
--- a/upup/models/cloudup/resources/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml.template
+++ b/upup/models/cloudup/resources/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml.template
@ -50,7 +50,7 @@ data:
        }
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . {{ NodeLocalDNSClusterIP }} {
          force_tcp
        }
@ -62,7 +62,7 @@ data:
        cache 30
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . {{ NodeLocalDNSClusterIP }} {
          force_tcp
        }
@ -73,7 +73,7 @@ data:
        cache 30
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . {{ NodeLocalDNSClusterIP }} {
          force_tcp
        }
@ -84,7 +84,7 @@ data:
        cache 30
        reload
        loop
-        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }}
+        bind {{ KubeDNS.NodeLocalDNS.LocalIP }}
        forward . __PILLAR__UPSTREAM__SERVERS__
        prometheus :9253
    }
@ -126,16 +126,16 @@ spec:
        operator: "Exists"
      containers:
      - name: node-cache
-        image: k8s.gcr.io/k8s-dns-node-cache:1.15.10
+        image: k8s.gcr.io/dns/k8s-dns-node-cache:1.15.14
        resources:
          requests:
            cpu: {{ KubeDNS.NodeLocalDNS.CPURequest }}
            memory: {{ KubeDNS.NodeLocalDNS.MemoryRequest }}
-        {{ if NodeLocalDNSServerIP }}
-        args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }},{{ NodeLocalDNSServerIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
-        {{ else }}
-        args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
-        {{ end }}
+        args:
+          - -localip={{ .KubeDNS.NodeLocalDNS.LocalIP }}
+          - -conf=/etc/Corefile
+          - -upstreamsvc=kube-dns-upstream
+          - -setupiptables=false
        securityContext:
          privileged: true
        ports:
--- a/upup/pkg/fi/cloudup/template_functions.go
+++ b/upup/pkg/fi/cloudup/template_functions.go
@ -105,12 +105,6 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
 		}
 		return "__PILLAR__CLUSTER__DNS__"
 	}
-	dest["NodeLocalDNSServerIP"] = func() string {
-		if cluster.Spec.KubeProxy.ProxyMode == "ipvs" {
-			return ""
-		}
-		return cluster.Spec.KubeDNS.ServerIP
-	}
 	dest["NodeLocalDNSHealthCheck"] = func() string {
 		return fmt.Sprintf("%d", wellknownports.NodeLocalDNSHealthCheck)
 	}