From a7c7af4e9712e8a8a41e59104e7232db41d55f2b Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Fri, 16 Oct 2020 11:30:19 +0200 Subject: [PATCH] Don't let node-local-dns add iptables rules Since we use the local IP we don't need the iptables rule for the cluster dns IP --- upup/models/bindata.go | 20 +++++++++---------- .../k8s-1.12.yaml.template | 20 +++++++++---------- upup/pkg/fi/cloudup/template_functions.go | 6 ------ 3 files changed, 20 insertions(+), 26 deletions(-) diff --git a/upup/models/bindata.go b/upup/models/bindata.go index b6fe8632e6..d8a896c293 100644 --- a/upup/models/bindata.go +++ b/upup/models/bindata.go @@ -19029,7 +19029,7 @@ data: } reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . {{ NodeLocalDNSClusterIP }} { force_tcp } @@ -19041,7 +19041,7 @@ data: cache 30 reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . {{ NodeLocalDNSClusterIP }} { force_tcp } @@ -19052,7 +19052,7 @@ data: cache 30 reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . {{ NodeLocalDNSClusterIP }} { force_tcp } @@ -19063,7 +19063,7 @@ data: cache 30 reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . __PILLAR__UPSTREAM__SERVERS__ prometheus :9253 } @@ -19105,16 +19105,16 @@ spec: operator: "Exists" containers: - name: node-cache - image: k8s.gcr.io/k8s-dns-node-cache:1.15.10 + image: k8s.gcr.io/dns/k8s-dns-node-cache:1.15.14 resources: requests: cpu: {{ KubeDNS.NodeLocalDNS.CPURequest }} memory: {{ KubeDNS.NodeLocalDNS.MemoryRequest }} - {{ if NodeLocalDNSServerIP }} - args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }},{{ NodeLocalDNSServerIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ] - {{ else }} - args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ] - {{ end }} + args: + - -localip={{ .KubeDNS.NodeLocalDNS.LocalIP }} + - -conf=/etc/Corefile + - -upstreamsvc=kube-dns-upstream + - -setupiptables=false securityContext: privileged: true ports: diff --git a/upup/models/cloudup/resources/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml.template index 0878055a0d..5f804ee4bf 100644 --- a/upup/models/cloudup/resources/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml.template @@ -50,7 +50,7 @@ data: } reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . {{ NodeLocalDNSClusterIP }} { force_tcp } @@ -62,7 +62,7 @@ data: cache 30 reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . {{ NodeLocalDNSClusterIP }} { force_tcp } @@ -73,7 +73,7 @@ data: cache 30 reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . {{ NodeLocalDNSClusterIP }} { force_tcp } @@ -84,7 +84,7 @@ data: cache 30 reload loop - bind {{ KubeDNS.NodeLocalDNS.LocalIP }}{{ if NodeLocalDNSServerIP }} {{ NodeLocalDNSServerIP }}{{ end }} + bind {{ KubeDNS.NodeLocalDNS.LocalIP }} forward . __PILLAR__UPSTREAM__SERVERS__ prometheus :9253 } @@ -126,16 +126,16 @@ spec: operator: "Exists" containers: - name: node-cache - image: k8s.gcr.io/k8s-dns-node-cache:1.15.10 + image: k8s.gcr.io/dns/k8s-dns-node-cache:1.15.14 resources: requests: cpu: {{ KubeDNS.NodeLocalDNS.CPURequest }} memory: {{ KubeDNS.NodeLocalDNS.MemoryRequest }} - {{ if NodeLocalDNSServerIP }} - args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }},{{ NodeLocalDNSServerIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ] - {{ else }} - args: [ "-localip", "{{ .KubeDNS.NodeLocalDNS.LocalIP }}", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ] - {{ end }} + args: + - -localip={{ .KubeDNS.NodeLocalDNS.LocalIP }} + - -conf=/etc/Corefile + - -upstreamsvc=kube-dns-upstream + - -setupiptables=false securityContext: privileged: true ports: diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index a4daf98519..068e1254ab 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -105,12 +105,6 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS } return "__PILLAR__CLUSTER__DNS__" } - dest["NodeLocalDNSServerIP"] = func() string { - if cluster.Spec.KubeProxy.ProxyMode == "ipvs" { - return "" - } - return cluster.Spec.KubeDNS.ServerIP - } dest["NodeLocalDNSHealthCheck"] = func() string { return fmt.Sprintf("%d", wellknownports.NodeLocalDNSHealthCheck) }