15308555518/ kubekey
1
0
Fork 0
mirror of https://github.com/kubesphere/kubekey.git synced 2025-12-25 17:12:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: make the nodelocaldns bind IP configurable. (#2665) 

Signed-off-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
liujian 2025-07-21 15:23:37 +08:00 committed by GitHub
parent 71c1b2e08f
commit 86c99122fa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 30 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
builtin/core/playbooks/vars/create_cluster_kubernetes.yaml
View File

@ -34,6 +34,8 @@ kubernetes:
tag: 1.22.20
dns_service_ip: >-
{{ index (.kubernetes.networking.service_cidr | ipInCIDR) 2 }}
# nodelocaldns bind ip
clusterDNS: 169.254.25.10
apiserver:
port: 6443
certSANs: []

18
builtin/core/roles/kubernetes/init-kubernetes/templates/dns/nodelocaldns.yaml
View File

@ -50,7 +50,7 @@ spec:
requests:
cpu: 100m
memory: 70Mi
args: [ "-localip", "169.254.25.10", "-conf", "/etc/coredns/Corefile", "-upstreamsvc", "coredns" ]
args: [ "-localip", "{{ .kubernetes.networking.clusterDNS }}", "-conf", "/etc/coredns/Corefile", "-upstreamsvc", "coredns" ]
securityContext:
privileged: true
ports:
@ -65,7 +65,7 @@ spec:
protocol: TCP
livenessProbe:
httpGet:
host: 169.254.25.10
host: {{ .kubernetes.networking.clusterDNS }}
path: /health
port: 9254
scheme: HTTP
@ -74,7 +74,7 @@ spec:
failureThreshold: 10
readinessProbe:
httpGet:
host: 169.254.25.10
host: {{ .kubernetes.networking.clusterDNS }}
path: /health
port: 9254
scheme: HTTP
@ -120,7 +120,7 @@ data:
cache {{ .cache }}
reload
loop
bind 169.254.25.10
bind {{ .kubernetes.networking.clusterDNS }}
prometheus :9253
{{- range .rewrite }}
@ -177,19 +177,19 @@ data:
}
reload
loop
bind 169.254.25.10
bind {{ .kubernetes.networking.clusterDNS }}
forward . {{ .kubernetes.networking.dns_service_ip }} {
force_tcp
}
prometheus :9253
health 169.254.25.10:9254
health {{ .kubernetes.networking.clusterDNS }}:9254
}
in-addr.arpa:53 {
errors
cache 30
reload
loop
bind 169.254.25.10
bind {{ .kubernetes.networking.clusterDNS }}
forward . {{ .kubernetes.networking.dns_service_ip }} {
force_tcp
}
@ -200,7 +200,7 @@ data:
cache 30
reload
loop
bind 169.254.25.10
bind {{ .kubernetes.networking.clusterDNS }}
forward . {{ .kubernetes.networking.dns_service_ip }} {
force_tcp
}
@ -211,7 +211,7 @@ data:
cache 30
reload
loop
bind 169.254.25.10
bind {{ .kubernetes.networking.clusterDNS }}
forward . /etc/resolv.conf
prometheus :9253
{{- if .kubernetes.coredns.dns_etc_hosts | empty | not }}

2
builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta2
View File

@ -175,7 +175,7 @@ apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
clusterDomain: {{ .kubernetes.networking.dns_domain }}
clusterDNS:
- {{ .kubernetes.networking.dns_service_ip }}
- {{ .kubernetes.networking.clusterDNS }}
maxPods: {{ .kubernetes.max_pods }}
podPidsLimit: {{ .kubernetes.kubelet.pod_pids_limit }}
rotateCertificates: true

2
builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta3
View File

@ -174,7 +174,7 @@ apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
clusterDomain: {{ .kubernetes.networking.dns_domain }}
clusterDNS:
- {{ .kubernetes.networking.dns_service_ip }}
- {{ .kubernetes.networking.clusterDNS }}
maxPods: {{ .kubernetes.max_pods }}
podPidsLimit: {{ .kubernetes.kubelet.pod_pids_limit }}
rotateCertificates: true

24
pkg/executor/block_executor.go
View File

@ -106,12 +106,16 @@ func (e blockExecutor) dealWhen(when kkprojectv1.When) []string {
return w
}
// dealBlock "block" argument has defined in block. execute order is: block -> rescue -> always
// If rescue is defined, execute it when block execute error.
// If always id defined, execute it.
// dealBlock handles the execution of a block, including its "block", "rescue", and "always" sections.
// The execution order is: block -> rescue (if block fails) -> always (always runs after block/rescue).
// - If the main block fails and a rescue block is defined, the rescue block is executed.
// - If the main block fails and no rescue block is defined, the error is collected and returned.
// - The always block is executed after the main block (and rescue, if run), regardless of errors.
// All errors encountered are joined and returned.
func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErrors *bool, when []string, tags kkprojectv1.Taggable, block kkprojectv1.Block) error {
var errs error
// exec block
// Execute the main block section
if err := (blockExecutor{
option: e.option,
hosts: hosts,
@ -121,7 +125,7 @@ func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErro
when: when,
tags: tags,
}.Exec(ctx)); err != nil {
// if block exec failed exec rescue
// If the main block fails and a rescue block is defined, execute the rescue block
if len(block.Rescue) != 0 {
if err := (blockExecutor{
option: e.option,
@ -132,12 +136,16 @@ func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErro
when: when,
tags: tags,
}.Exec(ctx)); err != nil {
// Collect errors from rescue block
errs = errors.Join(errs, err)
}
} else {
// If no rescue block, collect the error from the main block
errs = errors.Join(errs, err)
}
}
// exec always after block
// Execute the always block after the main/rescue block(s)
if len(block.Always) != 0 {
if err := (blockExecutor{
option: e.option,
@ -148,10 +156,12 @@ func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErro
when: when,
tags: tags,
}.Exec(ctx)); err != nil {
// Collect errors from always block
errs = errors.Join(errs, err)
}
}
// when execute error. return
// Return any collected errors (nil if none)
return errs
}