From 83a62ec6a7fc785ccebed145c7c327f0edeb273d Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Fri, 13 Mar 2020 14:08:13 -0500 Subject: [PATCH] baremetal: Remove DNS VIP Now that etcd does not need DNS for clustering, we no longer need to have a VIP to allow the masters to use the bootstrap coredns until their own coredns instances start. Instead, we can just point them at the local coredns directly and skip the extra complexity. We already do this on the workers because they never had a dependency on the bootstrap coredns so the same method is now used for masters. --- manifests/baremetal/coredns.yaml | 2 -- manifests/baremetal/keepalived.conf.tmpl | 15 ------------ manifests/baremetal/keepalived.yaml | 2 -- pkg/operator/assets/bindata.go | 19 --------------- .../baremetal/files/baremetal-coredns.yaml | 4 ---- .../baremetal/files/baremetal-keepalived.yaml | 2 -- .../files/baremetal-mdns-publisher.yaml | 2 -- .../NetworkManager-resolv-prepender.yaml | 4 +++- .../baremetal-keepalived-keepalived.yaml | 24 ------------------- .../NetworkManager-resolv-prepender.yaml | 1 - 10 files changed, 3 insertions(+), 72 deletions(-) diff --git a/manifests/baremetal/coredns.yaml b/manifests/baremetal/coredns.yaml index 0e79cb4f47..c2ea26431e 100644 --- a/manifests/baremetal/coredns.yaml +++ b/manifests/baremetal/coredns.yaml @@ -30,8 +30,6 @@ spec: - "/etc/kubernetes/kubeconfig" - "--api-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - "/config" diff --git a/manifests/baremetal/keepalived.conf.tmpl b/manifests/baremetal/keepalived.conf.tmpl index 7ae696c17d..5d2ec43b42 100644 --- a/manifests/baremetal/keepalived.conf.tmpl +++ b/manifests/baremetal/keepalived.conf.tmpl @@ -18,18 +18,3 @@ vrrp_instance {{`{{.Cluster.Name}}`}}_API { {{`{{ .Cluster.APIVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} } } - -vrrp_instance {{`{{.Cluster.Name}}`}}_DNS { - state MASTER - interface {{`{{.VRRPInterface}}`}} - virtual_router_id {{`{{.Cluster.DNSVirtualRouterID }}`}} - priority 140 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{.Cluster.Name}}`}}_dns_vip - } - virtual_ipaddress { - {{`{{ .Cluster.DNSVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } -} diff --git a/manifests/baremetal/keepalived.yaml b/manifests/baremetal/keepalived.yaml index df7253e53e..cbc92ba8d7 100644 --- a/manifests/baremetal/keepalived.yaml +++ b/manifests/baremetal/keepalived.yaml @@ -30,8 +30,6 @@ spec: - "/etc/kubernetes/kubeconfig" - "--api-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - "/config" diff --git a/pkg/operator/assets/bindata.go b/pkg/operator/assets/bindata.go index aa1c495131..5a13656b86 100644 --- a/pkg/operator/assets/bindata.go +++ b/pkg/operator/assets/bindata.go @@ -165,8 +165,6 @@ spec: - "/etc/kubernetes/kubeconfig" - "--api-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - "/config" @@ -262,21 +260,6 @@ vrrp_instance {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_API { {{`+"`"+`{{ .Cluster.APIVIP }}`+"`"+`}}/{{`+"`"+`{{ .Cluster.VIPNetmask }}`+"`"+`}} } } - -vrrp_instance {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_DNS { - state MASTER - interface {{`+"`"+`{{.VRRPInterface}}`+"`"+`}} - virtual_router_id {{`+"`"+`{{.Cluster.DNSVirtualRouterID }}`+"`"+`}} - priority 140 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_dns_vip - } - virtual_ipaddress { - {{`+"`"+`{{ .Cluster.DNSVIP }}`+"`"+`}}/{{`+"`"+`{{ .Cluster.VIPNetmask }}`+"`"+`}} - } -} `) func manifestsBaremetalKeepalivedConfTmplBytes() ([]byte, error) { @@ -326,8 +309,6 @@ spec: - "/etc/kubernetes/kubeconfig" - "--api-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - "/config" diff --git a/templates/common/baremetal/files/baremetal-coredns.yaml b/templates/common/baremetal/files/baremetal-coredns.yaml index a506d18794..e2c5cc4e74 100644 --- a/templates/common/baremetal/files/baremetal-coredns.yaml +++ b/templates/common/baremetal/files/baremetal-coredns.yaml @@ -35,8 +35,6 @@ contents: - "/etc/kubernetes/kubeconfig" - "--api-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - "/config" @@ -98,8 +96,6 @@ contents: - "/etc/coredns/Corefile" - "--api-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" resources: diff --git a/templates/common/baremetal/files/baremetal-keepalived.yaml b/templates/common/baremetal/files/baremetal-keepalived.yaml index c8f2ed48c3..21e5994386 100644 --- a/templates/common/baremetal/files/baremetal-keepalived.yaml +++ b/templates/common/baremetal/files/baremetal-keepalived.yaml @@ -96,8 +96,6 @@ contents: - "/etc/keepalived/keepalived.conf" - "--api-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" resources: diff --git a/templates/common/baremetal/files/baremetal-mdns-publisher.yaml b/templates/common/baremetal/files/baremetal-mdns-publisher.yaml index 09752570a5..c529b7f060 100644 --- a/templates/common/baremetal/files/baremetal-mdns-publisher.yaml +++ b/templates/common/baremetal/files/baremetal-mdns-publisher.yaml @@ -62,8 +62,6 @@ contents: - "/etc/kubernetes/kubeconfig" - "--api-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--dns-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}" - "--ingress-vip" - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - "/config" diff --git a/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml b/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml index 94b05e623d..f1ad1bb9dc 100644 --- a/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml +++ b/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml @@ -11,7 +11,9 @@ contents: case "$STATUS" in up|down|dhcp4-change|dhcp6-change) logger -s "NM resolv-prepender triggered by ${1} ${2}." - NAMESERVER_IP="{{.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP}}" + NAMESERVER_IP=$(/usr/local/bin/non_virtual_ip \ + "{{.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP}}" \ + "{{.Infra.Status.PlatformStatus.BareMetal.IngressIP}}") DOMAIN="{{.EtcdDiscoveryDomain}}" set +e if [[ -n "$NAMESERVER_IP" ]]; then diff --git a/templates/master/00-master/baremetal/files/baremetal-keepalived-keepalived.yaml b/templates/master/00-master/baremetal/files/baremetal-keepalived-keepalived.yaml index 0356f9ed44..d34779f30f 100644 --- a/templates/master/00-master/baremetal/files/baremetal-keepalived-keepalived.yaml +++ b/templates/master/00-master/baremetal/files/baremetal-keepalived-keepalived.yaml @@ -9,12 +9,6 @@ contents: weight 50 } - vrrp_script chk_dns { - script "/usr/bin/host -t SRV _etcd-server-ssl._tcp.{{ .EtcdDiscoveryDomain }} localhost" - interval 1 - weight 50 - } - # TODO: Improve this check. The port is assumed to be alive. # Need to assess what is the ramification if the port is not there. vrrp_script chk_ingress { @@ -41,24 +35,6 @@ contents: } } - vrrp_instance {{`{{ .Cluster.Name }}`}}_DNS { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.DNSVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_dns_vip - } - virtual_ipaddress { - {{`{{ .Cluster.DNSVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_dns - } - } - vrrp_instance {{`{{ .Cluster.Name }}`}}_INGRESS { state BACKUP interface {{`{{ .VRRPInterface }}`}} diff --git a/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml b/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml index 7f90dcdf4c..105283af01 100644 --- a/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml +++ b/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml @@ -13,7 +13,6 @@ contents: logger -s "NM resolv-prepender triggered by ${1} ${2}." NAMESERVER_IP=$(/usr/local/bin/non_virtual_ip \ "{{.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP}}" \ - "{{.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP}}" \ "{{.Infra.Status.PlatformStatus.BareMetal.IngressIP}}") DOMAIN="{{.EtcdDiscoveryDomain}}" set +e