openstack/openstack-helm
Code Issues Proposed changes

Update DNS policy for pods in host network namespace

Browse Source 
This PS updates the DNS policy for pods that run in the hosts network
namespace.

Change-Id: I5ff11985459c967e5248d1ce9f62ebfc578e3afb
This commit is contained in:
Pete Birley 2017-08-10 12:29:23 -05:00
parent c4050ba375
commit 0c75f1ab9c
15 changed files with 9 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron/templates/configmap-etc.yaml
View File

@ -241,7 +241,5 @@ data:
{{- if .Values.conf.sriov_agent.append -}} {{- if .Values.conf.sriov_agent.append -}}
{{ .Values.conf.sriov_agent.append | indent 4 }} {{ .Values.conf.sriov_agent.append | indent 4 }}
{{- end }} {{- end }}
resolv.conf: |+
{{ tuple "etc/_resolv.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dnsmasq.conf: "" dnsmasq.conf: ""
{{- end }} {{- end }}

6
neutron/templates/daemonset-dhcp-agent.yaml
View File

@ -38,7 +38,7 @@ spec:
{{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }} {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_dhcp_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_neutron_dhcp_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -76,10 +76,6 @@ spec:
mountPath: /etc/neutron/dnsmasq.conf mountPath: /etc/neutron/dnsmasq.conf
subPath: dnsmasq.conf subPath: dnsmasq.conf
readOnly: true readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: runopenvswitch - name: runopenvswitch
mountPath: /run/openvswitch mountPath: /run/openvswitch
- name: socket - name: socket

6
neutron/templates/daemonset-l3-agent.yaml
View File

@ -38,7 +38,7 @@ spec:
{{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }} {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_l3_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_neutron_l3_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -72,10 +72,6 @@ spec:
mountPath: /etc/neutron/l3_agent.ini mountPath: /etc/neutron/l3_agent.ini
subPath: l3_agent.ini subPath: l3_agent.ini
readOnly: true readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: runopenvswitch - name: runopenvswitch
mountPath: /run/openvswitch mountPath: /run/openvswitch
- name: libmodules - name: libmodules

6
neutron/templates/daemonset-metadata-agent.yaml
View File

@ -38,7 +38,7 @@ spec:
{{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }} {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_neutron_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -74,10 +74,6 @@ spec:
mountPath: /etc/neutron/metadata_agent.ini mountPath: /etc/neutron/metadata_agent.ini
subPath: metadata_agent.ini subPath: metadata_agent.ini
readOnly: true readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: runopenvswitch - name: runopenvswitch
mountPath: /run/openvswitch mountPath: /run/openvswitch
- name: socket - name: socket

8
neutron/templates/daemonset-ovs-agent.yaml
View File

@ -36,7 +36,7 @@ spec:
spec: spec:
nodeSelector: nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@ -73,9 +73,6 @@ spec:
readOnly: true readOnly: true
- name: run - name: run
mountPath: /run mountPath: /run
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
{{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} {{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
containers: containers:
- name: ovs-agent - name: ovs-agent
@ -118,9 +115,6 @@ spec:
readOnly: true readOnly: true
- name: run - name: run
mountPath: /run mountPath: /run
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
{{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} {{- if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
- name: varlibopenvswitch - name: varlibopenvswitch

6
neutron/templates/daemonset-ovs-db.yaml
View File

@ -35,7 +35,7 @@ spec:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
containers: containers:
- name: ovs-db - name: ovs-db
@ -51,10 +51,6 @@ spec:
mountPath: /tmp/openvswitch-db-server.sh mountPath: /tmp/openvswitch-db-server.sh
subPath: openvswitch-db-server.sh subPath: openvswitch-db-server.sh
readOnly: true readOnly: true
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: varlibopenvswitch - name: varlibopenvswitch
mountPath: /var/lib/openvswitch/ mountPath: /var/lib/openvswitch/
- name: run - name: run

2
neutron/templates/daemonset-ovs-vswitchd.yaml
View File

@ -35,7 +35,7 @@ spec:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
containers: containers:
- name: ovs-vswitchd - name: ovs-vswitchd

21
neutron/templates/etc/_resolv.conf.tpl
View File

@ -1,21 +0,0 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }}
{{- range .Values.network.dns.servers }}
nameserver {{ . | title }}
{{- end }}
options ndots:5

7
neutron/values.yaml
View File

@ -60,13 +60,6 @@ labels:
node_selector_value: enabled node_selector_value: enabled
network: network:
dns:
kubernetes_domain: cluster.local
# this must list the skydns server first, and in calico
# this is consistently 10.96.0.10
servers:
- 10.96.0.10
- 8.8.8.8
external_bridge: br-ex external_bridge: br-ex
ip_address: 0.0.0.0 ip_address: 0.0.0.0
interface: interface:

2
nova/templates/configmap-etc.yaml
View File

@ -125,8 +125,6 @@ data:
{{- else -}} {{- else -}}
{{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}
resolv.conf: |+
{{ tuple "etc/_resolv.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
libvirtd.conf: |+ libvirtd.conf: |+
{{ tuple "etc/_libvirtd.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "etc/_libvirtd.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
qemu.conf: |+ qemu.conf: |+

10
nova/templates/daemonset-compute.yaml
View File

@ -40,7 +40,7 @@ spec:
runAsUser: 0 runAsUser: 0
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if .Values.ceph.enabled }} {{- if .Values.ceph.enabled }}
@ -81,10 +81,6 @@ spec:
mountPath: /etc/nova/api-paste.ini mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini subPath: api-paste.ini
readOnly: true readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: nova-etc - name: nova-etc
mountPath: /etc/ceph/ceph.conf mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf subPath: ceph.conf
@ -132,10 +128,6 @@ spec:
mountPath: /etc/nova/policy.yaml mountPath: /etc/nova/policy.yaml
subPath: policy.yaml subPath: policy.yaml
readOnly: true readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
{{- if .Values.ceph.enabled }} {{- if .Values.ceph.enabled }}
- name: etcceph - name: etcceph
mountPath: /etc/ceph mountPath: /etc/ceph

6
nova/templates/daemonset-libvirt.yaml
View File

@ -40,7 +40,7 @@ spec:
runAsUser: 0 runAsUser: 0
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_nova_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_nova_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if .Values.ceph.enabled }} {{- if .Values.ceph.enabled }}
@ -98,10 +98,6 @@ spec:
mountPath: /etc/nova/api-paste.ini mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini subPath: api-paste.ini
readOnly: true readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- mountPath: /lib/modules - mountPath: /lib/modules
name: libmodules name: libmodules
readOnly: true readOnly: true

6
nova/templates/deployment-novncproxy.yaml
View File

@ -41,7 +41,7 @@ spec:
nodeSelector: nodeSelector:
{{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }} {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }}
hostNetwork: true hostNetwork: true
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: nova-novncproxy-init - name: nova-novncproxy-init
@ -77,10 +77,6 @@ spec:
mountPath: /etc/nova/nova.conf mountPath: /etc/nova/nova.conf
subPath: nova.conf subPath: nova.conf
readOnly: true readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: pod-shared - name: pod-shared
mountPath: /tmp/pod-shared mountPath: /tmp/pod-shared
{{- if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }} {{- if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}

21
nova/templates/etc/_resolv.conf.tpl
View File

@ -1,21 +0,0 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }}
{{- range .Values.network.dns.servers }}
nameserver {{ . | title }}
{{- end }}
options ndots:5

6
nova/values.yaml
View File

@ -105,12 +105,6 @@ bootstrap:
vcpus: 8 vcpus: 8
network: network:
dns:
servers:
- "10.96.0.10"
- "8.8.8.8"
kubernetes_domain: "cluster.local"
other_domains: ""
osapi: osapi:
port: 8774 port: 8774
ingress: ingress: