This repository was archived by the owner on Sep 30, 2020. It is now read-only.
[v0.14.x] Allow dnsmasq to be backed by a local copy of CoreDNS #1891
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
do-not-merge/invalid-commit-message
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
size/L
kfr2
changed the title
kfr2
force-pushed
the
coredns-local-v0.14.x
branch
from
1adcbea to
ad76f04
Compare
k8s-ci-robot
removed
the
do-not-merge/invalid-commit-message
dominicgunn
suggested changes
Jul 30, 2020
builtin/files/cluster.yaml.tmpl
Outdated
| @@ -1405,6 +1410,13 @@ kubeProxy: | |||
| # It is enabled by default. | |||
| #cloudFormationStreaming: true | |||
|
|
|||
| <<<<<<< Updated upstream | |||
There was a problem hiding this comment.
Can we fix this merge conflict?
| application: coredns | ||
| data: | ||
| Corefile: | | ||
| cluster.local:9254 {{ .PodCIDR }}:9254 {{ .ServiceCIDR }}:9254 { |
| labels: | ||
| application: coredns | ||
| data: | ||
| Corefile: | |
There was a problem hiding this comment.
Re-reviewing this Corefile against Zalandos, I see that they actually have their custom (additional) DNS configuration above the cluster.local... block. I wonder if that performs better?
kfr2
force-pushed
the
coredns-local-v0.14.x
branch
from
ad76f04 to
1ea50d8
Compare
dominicgunn
approved these changes
Jul 30, 2020
kfr2
force-pushed
the
coredns-local-v0.14.x
branch
3 times, most recently
from
2406955 to
a9e301c
Compare
This commit introduces a new configuration option for cluster.yaml, `kubeDns.coreDNSLocal`. If this option and `kubeDns.nodeLocalResolver` are set to true, the dnsmasq-node DaemonSet will be configured to use a local copy of CoreDNS for its resolution while setting the global CoreDNS service as a fallback. This is handy in situations where the number of DNS requests within a cluster grows large and causes resolution issues as dnsmasq reaches out to the global CoreDNS service. See [0] for an investigation into this situation which was instrumental in understanding issues we were facing. Many thanks to dominicgunn for providing the manifests which I codified into this commit. 0: https://github.com/zalando-incubator/kubernetes-on-aws/blob/dev/docs/postmortems/jan-2019-dns-outage.md
kfr2
force-pushed
the
coredns-local-v0.14.x
branch
from
a9e301c to
7145636
Compare
With this commit, the user can override the following dnsmasq defaults: * --cache-size (50000) * --dns-forward-max (500) * --neg-ttl (60)
kfr2
force-pushed
the
coredns-local-v0.14.x
branch
from
7145636 to
e4a412b
Compare
The dnsmasq-node's coredns-local's container limits can now be
configured (or removed) by specifying the following:
```
dnsmasq:
coreDNSLocal:
limits:
cpu: 100m
memory: "" # disabled
```
dominicgunn
reviewed
Jul 31, 2020
| @@ -1058,6 +1058,9 @@ write_files: | |||
| "${mfdir}/kube-dns-de.yaml" | |||
| {{- end }} | |||
| {{ if .KubeDns.NodeLocalResolver -}} | |||
| {{ if .KubeDns.dnsmasq.CoreDNSLocal.Enabled -}} | |||
| deploy "${mfdir}/dnsmasq-node-coredns-local.yaml" | |||
There was a problem hiding this comment.
I know that kube-aws doesn't do a fantastic job of clean up, but seems like this one would be easy. Could we throw in a
{{- else }}
remove "${mfdir}/canal.yaml"
{{- end }}}
There was a problem hiding this comment.
Sorry, remove "${mfdir}/dnsmasq-node-coredns-local.yaml"
pkg/api/types.go
Outdated
| @@ -209,6 +209,23 @@ type IPVSMode struct { | |||
| MinSyncPeriod string `yaml:"minSyncPeriod"` | |||
| } | |||
|
|
|||
| type CoreDNSLocalLimits struct { | |||
There was a problem hiding this comment.
Could we use ComputeResources instead?
coredns-local's resources can now be configured using:
```
kubeDns:
dnsmasq:
coreDNSLocal:
resources:
requests:
cpu: "200m"
memory: "1000Mi"
limits:
cpu: "400m"
memory: "2000Mi"
```
k8s-ci-robot
added
size/XL
dominicgunn
approved these changes
Jul 31, 2020
|
/lgtm |
dominicgunn
approved these changes
Aug 1, 2020
This was referenced Aug 4, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit allows the user to specify that dnsmasq should be backed by a pod-local copy of CoreDNS rather than relying on the global CoreDNS service. If enabled, the dnsmasq-node DaemonSet will be configured to use a local copy of CoreDNS for its resolution while setting the global CoreDNS service as a fallback. This is handy in situations where the number of DNS requests within a cluster grows large and causes resolution issues as dnsmasq reaches out to the global CoreDNS service.
Additionally, several values passed to dnsmasq are now configurable, including its
--cache-sizeand--dns-forward-max.See this postmortem for an investigation into this situation which was instrumental in understanding issues we were facing. Many thanks to @dominicgunn for providing the manifests which I codified into this commit.
These features can be enabled and tuned by setting the following values within cluster.yaml: