aenix-io · kvaps · Jun 15, 2021 · Jun 3, 2021 · Jun 4, 2021 · Jun 11, 2021
diff --git a/deploy/helm/kubernetes/manifests/coredns-1.8.yaml b/deploy/helm/kubernetes/manifests/coredns-1.8.yaml
@@ -0,0 +1,189 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - services
+  - pods
+  - namespaces
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:coredns
+subjects:
+- kind: ServiceAccount
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        prometheus :9153
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coredns
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/name: "CoreDNS"
+spec:
+  replicas: {{ .Values.coredns.replicaCount }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      k8s-app: kube-dns
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns
+    spec:
+      priorityClassName: system-cluster-critical
+      serviceAccountName: coredns
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+      {{- with .Values.coredns.image.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 10 }}
+      {{- end }}
+      containers:
+      - name: coredns
+        {{- with .Values.coredns.image }}
+        image: "{{ .repository }}{{ if .digest }}@{{ .digest }}{{ else }}:{{ .tag }}{{ end }}"
+        imagePullPolicy: {{ .pullPolicy }}
+        {{- end }}
+        resources:
+          {{- toYaml .Values.coredns.resources | nindent 10 }}
+        args: [ "-conf", "/etc/coredns/Corefile" ]
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/coredns
+          readOnly: true
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        - containerPort: 9153
+          name: metrics
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 5
+        readinessProbe:
+          httpGet:
+            path: /ready
+            port: 8181
+            scheme: HTTP
+      dnsPolicy: Default
+      volumes:
+        - name: config-volume
+          configMap:
+            name: coredns
+            items:
+            - key: Corefile
+              path: Corefile
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-dns
+  namespace: kube-system
+  annotations:
+    prometheus.io/port: "9153"
+    prometheus.io/scrape: "true"
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    kubernetes.io/name: "CoreDNS"
+spec:
+  selector:
+    k8s-app: kube-dns
+  clusterIP: {{ template "getCoreDNS" . }}
+  ports:
+  - name: dns
+    port: 53
+    protocol: UDP
+  - name: dns-tcp
+    port: 53
+    protocol: TCP
+  - name: metrics
+    port: 9153
+    protocol: TCP
diff --git a/deploy/helm/kubernetes/scripts/configure-cluster.sh b/deploy/helm/kubernetes/scripts/configure-cluster.sh
@@ -62,24 +62,23 @@ EOT
 # install konnectivity server
 kubectl apply -f /manifests/konnectivity-server-rbac.yaml
 {{- else }}{{"\n"}}
-kubectl delete clusterrolebinding/system:konnectivity-server 2>/dev/null || true
+kubectl delete -f /manifests/konnectivity-server-rbac.yaml 2>/dev/null || true
 {{- end }}
 
 {{- if .Values.konnectivityAgent.enabled }}{{"\n"}}
 # install konnectivity agent
 kubectl apply -f /manifests/konnectivity-agent-deployment.yaml -f /manifests/konnectivity-agent-rbac.yaml
 {{- else }}{{"\n"}}
 # uninstall konnectivity agent
-kubectl -n kube-system delete deployment/konnectivity-agent serviceaccount/konnectivity-agent 2>/dev/null || true
+kubectl delete -f /manifests/konnectivity-agent-deployment.yaml -f /manifests/konnectivity-agent-rbac.yaml 2>/dev/null || true
 {{- end }}
 
 {{- if .Values.coredns.enabled }}{{"\n"}}
 # install coredns addon
-# TODO: https://github.com/kvaps/kubernetes-in-kubernetes/issues/3
-kubeadm init phase addon coredns --config /config/kubeadmcfg.yaml
+kubectl apply -f /manifests/coredns.yaml
 {{- else }}{{"\n"}}
 # uninstall coredns addon
-kubectl -n kube-system delete configmap/coredns deployment/coredns 2>/dev/null || true
+kubectl delete -f /manifests/coredns.yaml 2>/dev/null || true
 {{- end }}
 
 {{- if .Values.kubeProxy.enabled }}{{"\n"}}

diff --git a/deploy/helm/kubernetes/templates/_helpers.tpl b/deploy/helm/kubernetes/templates/_helpers.tpl
@@ -61,3 +61,16 @@ Generate etcd servers list.
     {{- end -}}
   {{- end -}}
 {{- end -}}
+
+{{/*
+Take the first IP address from the serviceClusterIPRange for the kube-dns service.
+*/}}
+{{- define "getCoreDNS" -}}
+  {{- $octetsList := splitList "." .Values.apiServer.serviceClusterIPRange -}}
+  {{- printf "%d.%d.%d.%d" (index $octetsList 0 | int) (index $octetsList 1 | int) (index $octetsList 2 | int) 10 -}}
+{{- end -}}
+
+{{- define "getAPIAddress" -}}
+  {{- $octetsList := splitList "." .Values.apiServer.serviceClusterIPRange -}}
+  {{- printf "%d.%d.%d.%d" (index $octetsList 0 | int) (index $octetsList 1 | int) (index $octetsList 2 | int) 1 -}}
+{{- end -}}
diff --git a/deploy/helm/kubernetes/templates/kubeadm-job.yaml b/deploy/helm/kubernetes/templates/kubeadm-job.yaml
@@ -70,7 +70,7 @@ spec:
           name: pki-admin-client
         - mountPath: /scripts
           name: scripts
-        {{- if or .Values.extraManifests .Values.konnectivityServer.enabled .Values.konnectivityAgent.enabled }}
+        {{- if or .Values.extraManifests .Values.konnectivityServer.enabled .Values.konnectivityAgent.enabled .Values.coredns.enabled }}
         - mountPath: /manifests
           name: manifests
         {{- end }}
@@ -93,7 +93,7 @@ spec:
         configMap:
           name: "{{ $fullName }}-kubeadm-scripts"
           defaultMode: 0777
-      {{- if or .Values.extraManifests .Values.konnectivityServer.enabled .Values.konnectivityAgent.enabled }}
+      {{- if or .Values.extraManifests .Values.konnectivityServer.enabled .Values.konnectivityAgent.enabled .Values.coredns.enabled }}
       - name: manifests
         projected:
           sources:
@@ -105,6 +105,10 @@ spec:
           - configMap:
               name: "{{ $fullName }}-konnectivity-manifests"
           {{- end }}
+          {{- if .Values.coredns.enabled }}
+          - configMap:
+              name: "{{ $fullName }}-coredns-manifests"
+          {{- end }}
       {{- end }}
       - name: config
         configMap:

diff --git a/deploy/helm/kubernetes/templates/kubedns-manifests.yaml b/deploy/helm/kubernetes/templates/kubedns-manifests.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.coredns.enabled }}
+{{- $fullName := include "kubernetes.fullname" . -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $fullName }}-coredns-manifests
+data:
+  {{- if .Values.coredns.enabled }}
+  coredns.yaml: |
+    {{- tpl (.Files.Get "manifests/coredns-1.8.yaml") . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/helm/kubernetes/templates/kubernetes-certs.yaml b/deploy/helm/kubernetes/templates/kubernetes-certs.yaml
@@ -80,7 +80,7 @@ spec:
   {{- end }}
   ipAddresses:
   - "127.0.0.1"
-  - "10.96.0.1"
+  - "{{- template "getAPIAddress" . }}"
   {{- with .Values.apiServer.service.loadBalancerIP }}
   {{- if not (has . $.Values.apiServer.certSANs.ipAddresses) }}
   - {{ . | quote }}
@@ -122,7 +122,7 @@ spec:
   {{- end }}
   ipAddresses:
   - "127.0.0.1"
-  - "10.96.0.1"
+  - "{{- template "getAPIAddress" . }}"
   {{- with .Values.apiServer.service.loadBalancerIP }}
   {{- if not (has . $.Values.apiServer.certSANs.ipAddresses) }}
   - {{ . | quote }}
@@ -164,7 +164,7 @@ spec:
   {{- end }}
   ipAddresses:
   - "127.0.0.1"
-  - "10.96.0.1"
+  - "{{- template "getAPIAddress" . }}"
   {{- with .Values.apiServer.service.loadBalancerIP }}
   {{- if not (has . $.Values.apiServer.certSANs.ipAddresses) }}
   - {{ . | quote }}

diff --git a/deploy/helm/kubernetes/values.yaml b/deploy/helm/kubernetes/values.yaml
@@ -272,6 +272,18 @@ kubeProxy:
 
 coredns:
   enabled: true
+  image:
+    repository: coredns/coredns
+    tag: 1.8.3
+    pullPolicy: IfNotPresent
+    pullSecrets: []
+  replicaCount: 2
+  resources:
+    limits:
+      memory: 170Mi
+    requests:
+      cpu: 100m
+      memory: 70Mi
 
 konnectivityServer:
   enabled: false