Support running a nodelocal dns cache #70555
Conversation
k8s-ci-robot
added
release-note
prameshj
force-pushed
the
nodelocaldnscache
branch
from
c634ed5
to
eac47d0
Compare
k8s-ci-robot
removed
the
needs-rebase
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
prameshj
force-pushed
the
nodelocaldnscache
branch
from
eac47d0
to
98069af
Compare
|
/retest |
|
/kind feature |
k8s-ci-robot
added
priority/important-longterm
prameshj
force-pushed
the
nodelocaldnscache
branch
from
98069af
to
356aa68
Compare
|
/assign @bowei |
|
/hold @roberthbailey - google needs to make certain that these changes are more broadly disseminated and outlined as a default for every deployment. @prameshj - is there a proposal on this? |
k8s-ci-robot
added
the
do-not-merge/hold
k8s-ci-robot
added
the
approved
mikedanese
removed
the
lgtm
|
My biggest concern is this #70555 (comment) |
k8s-ci-robot
added
size/L
prameshj
force-pushed
the
nodelocaldnscache
branch
from
481e979
to
2675fd5
Compare
cluster/gce/gci/configure-helper.sh
Outdated
| local -r localdns_file="${dst_dir}/dns/nodelocaldns/nodelocaldns.yaml" | ||
| mv "${dst_dir}/dns/nodelocaldns/nodelocaldns.yaml.sed" "${localdns_file}" | ||
| # Replace the sed configurations with variable values. | ||
| sed -i -e "s/\\\$DNS_DOMAIN/${DNS_DOMAIN}/g" "${localdns_file}" |
There was a problem hiding this comment.
Just a suggestion, I'd recommend sticking with the DNS_DOMAIN format so you don't have to worry about escaping.
| @@ -704,7 +706,11 @@ function start_kubelet { | |||
| mkdir -p "/var/lib/kubelet" &>/dev/null || sudo mkdir -p "/var/lib/kubelet" | |||
| # Enable dns | |||
| if [[ "${ENABLE_CLUSTER_DNS}" = true ]]; then | |||
There was a problem hiding this comment.
The usage of == vs = in this file is confusing but I see we do this elsewhere in this file.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bowei, madhusudancs, mikedanese, prameshj, roberthbailey The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
Removed default config options from yaml. Removed unused yaml files
prameshj
force-pushed
the
nodelocaldnscache
branch
from
2675fd5
to
6d7c5e9
Compare
|
@mikedanese Verified that gce cluster comes up with cache enabled. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/retest |
|
does this work on GKE as well ? How are we solving the issue of connecting to local dnsmasq from the kubernetes pods ? |
Yes, this will be available on GKE once version 1.13 is released. Not sure i understand the second question - The pods will connect to the dns cache instance because that will be the configured server in /etc/resolv.conf. This is the same way it works in OpenSource. |
|
@krmayankk It works on GKE because it redirects requests for the well-known DNS service IP (x.x.x.10) to the coredns process running locally as a daemonset using iptables. You can see the code for how it works here: kubernetes/dns#270 |
This change includes the yaml files and gce startup script changes
to run this addon. It is disabled by default, can be enabled by setting
KUBE_ENABLE_NODELOCAL_DNS=true
An ip address is required for the cache instance to listen for
requests on, default is a link local ip address of value 169.254.25.10
Cluster with nodelocaldns running can be created using:
KUBE_ENABLE_NODELOCAL_DNS=true go run hack/e2e.go -v --up
What type of PR is this?
What this PR does / why we need it:
Implementation of https://github.com/kubernetes/community/blob/master/keps/sig-network/0030-nodelocal-dns-cache.md
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: