add EnableExternalDNS feature flag

docs/experimental.md

@@ -0,0 +1,11 @@
+# Experimental features
+
+Enable experimental features with:
+
+`export KOPS_FEATURE_FLAGS=`
+
+The following experimental features are currently available:
+
+* `+VSphereCloudProvider` - Enable vSphere cloud provider.
+* `+DrainAndValidateRollingUpdate` - Enable drain and validate for rolling updates.
+* `+EnableExternalDNS` - Enable external-dns with default settings (ingress sources only).

pkg/featureflag/featureflag.go

@@ -25,10 +25,11 @@ limitations under the License.
 package featureflag
 
 import (
-	"github.com/golang/glog"
 	"os"
 	"strings"
 	"sync"
+
+	"github.com/golang/glog"
 )
 
 func Bool(b bool) *bool {
@@ -49,6 +50,8 @@ var SkipTerraformFormat = New("SkipTerraformFormat", Bool(false))
 
 var VSphereCloudProvider = New("VSphereCloudProvider", Bool(false))
 
+var EnableExternalDNS = New("EnableExternalDNS", Bool(false))
+
 var flags = make(map[string]*FeatureFlag)
 var flagsMutex sync.Mutex
 

upup/models/cloudup/resources/addons/external-dns.addons.k8s.io/k8s-1.6.yaml.template

@@ -0,0 +1,92 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: kube-system
+  labels:
+    k8s-addon: external-dns.addons.k8s.io
+    k8s-app: external-dns
+    version: v0.3.0
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: external-dns
+  template:
+    metadata:
+      labels:
+        k8s-addon: external-dns.addons.k8s.io
+        k8s-app: external-dns
+        version: v0.3.0
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+        # For 1.6, we keep the old tolerations in case of a downgrade to 1.5
+        scheduler.alpha.kubernetes.io/tolerations: '[{"key": "dedicated", "value": "master"}]'
+    spec:
+      serviceAccount: external-dns
+      tolerations:
+      - key: "node-role.kubernetes.io/master"
+        effect: NoSchedule
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      dnsPolicy: Default  # Don't use cluster DNS (we are likely running before kube-dns)
+      hostNetwork: true
+      containers:
+      - name: external-dns
+        image: registry.opensource.zalan.do/teapot/external-dns:v0.3.0
+        args:
+{{ range $arg := ExternalDnsArgv }}
+        - "{{ $arg }}"
+{{ end }}
+        resources:
+          requests:
+            cpu: 50m
+            memory: 50Mi
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: kube-system
+  labels:
+    k8s-addon: external-dns.addons.k8s.io
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    k8s-addon: external-dns.addons.k8s.io
+  name: kops:external-dns
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - list
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - list
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    k8s-addon: external-dns.addons.k8s.io
+  name: kops:external-dns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kops:external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: kube-system

upup/models/cloudup/resources/addons/external-dns.addons.k8s.io/pre-k8s-1.6.yaml.template

@@ -0,0 +1,39 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: kube-system
+  labels:
+    k8s-addon: external-dns.addons.k8s.io
+    k8s-app: external-dns
+    version: v0.3.0
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: external-dns
+  template:
+    metadata:
+      labels:
+        k8s-addon: external-dns.addons.k8s.io
+        k8s-app: external-dns
+        version: v0.3.0
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+        scheduler.alpha.kubernetes.io/tolerations: '[{"key": "dedicated", "value": "master"}]'
+    spec:
+      nodeSelector:
+        kubernetes.io/role: master
+      dnsPolicy: Default  # Don't use cluster DNS (we are likely running before kube-dns)
+      hostNetwork: true
+      containers:
+      - name: external-dns
+        image: registry.opensource.zalan.do/teapot/external-dns:v0.3.0
+        args:
+{{ range $arg := ExternalDnsArgv }}
+        - "{{ $arg }}"
+{{ end }}
+        resources:
+          requests:
+            cpu: 50m
+            memory: 50Mi

upup/pkg/fi/cloudup/bootstrapchannelbuilder.go

@@ -21,6 +21,7 @@ import (
 
 	channelsapi "k8s.io/kops/channels/pkg/api"
 	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/featureflag"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/fitasks"
 	"k8s.io/kops/upup/pkg/fi/utils"
@@ -172,6 +173,43 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
 		}
 	}
 
+	if featureflag.EnableExternalDNS.Enabled() {
+		{
+			key := "external-dns.addons.k8s.io"
+			version := "0.3.0"
+
+			{
+				location := key + "/pre-k8s-1.6.yaml"
+				id := "pre-k8s-1.6"
+
+				addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
+					Name:              fi.String(key),
+					Version:           fi.String(version),
+					Selector:          map[string]string{"k8s-addon": key},
+					Manifest:          fi.String(location),
+					KubernetesVersion: "<1.6.0",
+					Id:                id,
+				})
+				manifests[key+"-"+id] = "addons/" + location
+			}
+
+			{
+				location := key + "/k8s-1.6.yaml"
+				id := "k8s-1.6"
+
+				addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
+					Name:              fi.String(key),
+					Version:           fi.String(version),
+					Selector:          map[string]string{"k8s-addon": key},
+					Manifest:          fi.String(location),
+					KubernetesVersion: ">=1.6.0",
+					Id:                id,
+				})
+				manifests[key+"-"+id] = "addons/" + location
+			}
+		}
+	}
+
 	{
 		key := "storage-aws.addons.k8s.io"
 		version := "1.6.0"

upup/pkg/fi/cloudup/template_functions.go

@@ -30,6 +30,10 @@ package cloudup
 import (
 	"encoding/base64"
 	"fmt"
+	"os"
+	"strings"
+	"text/template"
+
 	"k8s.io/apimachinery/pkg/util/sets"
 	api "k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/dns"
@@ -37,9 +41,6 @@ import (
 	"k8s.io/kops/pkg/model/components"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/gce"
-	"os"
-	"strings"
-	"text/template"
 )
 
 type TemplateFunctions struct {
@@ -94,6 +95,8 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap) {
 
 	dest["DnsControllerArgv"] = tf.DnsControllerArgv
 
+	dest["ExternalDnsArgv"] = tf.ExternalDnsArgv
+
 	// TODO: Only for GCE?
 	dest["EncodeGCELabel"] = gce.EncodeGCELabel
 
@@ -181,3 +184,24 @@ func (tf *TemplateFunctions) DnsControllerImage() (string, error) {
 		return image, nil
 	}
 }
+
+func (tf *TemplateFunctions) ExternalDnsArgv() ([]string, error) {
+	var argv []string
+
+	cloudProvider := tf.cluster.Spec.CloudProvider
+
+	switch fi.CloudProviderID(cloudProvider) {
+	case fi.CloudProviderAWS:
+		argv = append(argv, "--provider=aws")
+	case fi.CloudProviderGCE:
+		project := tf.cluster.Spec.Project
+		argv = append(argv, "--provider=google")
+		argv = append(argv, "--google-project="+project)
+	default:
+		return nil, fmt.Errorf("unhandled cloudprovider %q", tf.cluster.Spec.CloudProvider)
+	}
+
+	argv = append(argv, "--source=ingress")
+
+	return argv, nil
+}