Enable DNS for services #2224
Enable DNS for services #2224
Conversation
|
LGTM |
| @@ -35,4 +35,16 @@ kube-up | |||
|
|
|||
| "${KUBE_ROOT}/cluster/validate-cluster.sh" | |||
|
|
|||
| if [[ "${ENABLE_DNS}" == "y" ]]; then | |||
There was a problem hiding this comment.
I think this looks workable. As we get more of these we should think about (a) using namespaces and (b) having a directory that is 'services-enabled' similar to how apache/nginx work. We'd rip through those and do a 'kubectl create' for each of those.
|
We probably want an e2e test that makes sure this continues to work? Do you want to get that in with this PR or should we get it in in a future one? |
|
I will have an e2e test when all the plumbing is done. As it is, this is a Agree 100% that we need a plugin-like system for turning these one. Just DNS has: "run a pod", "configure node resolv.conf", and "configure docker On Fri, Nov 7, 2014 at 9:59 AM, Joe Beda notifications@github.com wrote:
|
|
I'll hold off util more of it is there. |
|
I can haz rebase? Then you can haz mergez ;) |
|
No point merging this until a few other pieces fall into place. I'll be On Mon, Nov 10, 2014 at 9:19 PM, Brendan Burns notifications@github.com
|
thockin
force-pushed
the
dns
branch
2 times, most recently
from
a3d1787 to
e39eca0
Compare
thockin
changed the title
|
I have re-titled this and added some comments about work in progress. This is far enough along to warrant some review. It may even be good enough to go in soon. |
| helper container called `kube2sky` also runs in the pod and acts a bridge | ||
| between Kubernetes and SkyDNS. It finds the Kubernetes master through the | ||
| `kubernetes-ro` service, pulls service info from it, and write that to etcd for | ||
| SkyDNS to find. |
There was a problem hiding this comment.
If it finds.., it pulls..., and writes that
thockin
force-pushed
the
dns
branch
2 times, most recently
from
85039c4 to
332f976
Compare
| @@ -739,6 +739,8 @@ type ContainerManifest struct { | |||
| Volumes []Volume `yaml:"volumes" json:"volumes"` | |||
| Containers []Container `yaml:"containers" json:"containers"` | |||
| RestartPolicy RestartPolicy `json:"restartPolicy,omitempty" yaml:"restartPolicy,omitempty"` | |||
| // Optional: Disable cluster-local DNS. Defaults to false. | |||
| DisableClusterDNS bool `json:"disableClusterDNS" yaml:"disableClusterDNS"` | |||
There was a problem hiding this comment.
Can we not name options in the negative?
There was a problem hiding this comment.
What is the use case for this option, anyway?
Should the option be about publishing in general, instead of about DNS specifically?
There was a problem hiding this comment.
Oh. I see from the kubelet code that this option is about giving the pod access to cluster DNS, not about not publishing the pod. Maybe the name can be improved. Doubly unsure about the use case now, though.
There was a problem hiding this comment.
I would much rather name this "EnableClusterDNS" and default to true, but the way we do defaulting, I can not tell if the user set it to False or expected the default.
This exists primarily so that SkyDNS does not try to use itself for DNS lookups. Maybe we don't NEED it (would have to try), but it feels scary to have this self-loop.
There was a problem hiding this comment.
Then make it an enum, DNS, with the values "clusterProvided" and "defaultExternal". That's better than a bool in any case, gives us more flexibility later.
Use case sounds... surprisingly valid, OK.
|
LGTM with api change from bool->enum. |
thockin
force-pushed
the
dns
branch
2 times, most recently
from
dd723b0 to
aecf766
Compare
|
New push is up. I have not properly tested it by spinning up a whole cluster - will do that ASAP. |
|
@thockin - I will look to spin up a vagrant cluster and report back. |
|
@thockin - can you rebase this? right now, i cant bring up the cluster in this branch because of bug fixes that have since been fixed. |
|
LGTM will merge on green |
|
I think all comments are addressed. Re-running e2e. |
|
Did e2e pass? |
lavalamp
added
the
lgtm
|
e2e passed several times, but I saw it flake once. Will retry and see if I can figure it out. |
This adds --cluster_dns and --cluster_domain flags to kubelet. If non-empty, kubelet will set docker --dns and --dns-search flags based on these. It uses the cluster DNS and appends the hosts's DNS servers. Likewise for DNS search domains. This also adds API support to bypass cluster DNS entirely, needed to bootstrap DNS.
Rather than have to keep SkyDNS up to date with Kubernetes, use a buddy-container "kube2sky" to watch kubernetes and sync Service records into etcd for SkyDNS ot find. This also adds namespace support.
After this DNS is resolvable from the host, if the DNS server is targetted explicitly. This does NOT add the cluster DNS to the host's resolv.conf. That is a larger problem, with distro-specific tie-ins and circular deps.
|
I re-ran e2e dozens of times (including setup and teardown) and could not get it to flake. I think we should commit this. @jbeda (oncall) |
|
w00t!! On Mon, Dec 29, 2014 at 10:28 AM, Joe Beda notifications@github.com wrote:
|
|
Yay! |
|
Awesome! |
|
Cool!
|
SIG Cloud Provider KEP: Reporting Conformance Test Results to Testgrid
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Elno5, thockin The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Open issues as of 11/15
Needs e2e testing
Question: Can services exist above "default"? I.e. do we need to search (domain) and (ns).(domain) or just (ns).(domain) ?
Should default.(domain) be in everyone's search list?
TODO: plumb DNS to minion's resolv.conf for use from host
TODO: fix portals for UDP from host (works from a container)
OUTPUT -> -A KUBE-PROXY-LOCAL -d 10.0.0.10/32 -p udp -m comment --comment skydns -m udp --dport 53 -j DNAT --to-destination 10.240.239.33:41504
TODO: Need a specific version tag on the skydns, kube2sky, and etcd containers.
Addresses #1261.