From 86c99122fa861239ff336a2732ad7e1d878c2469 Mon Sep 17 00:00:00 2001 From: liujian Date: Mon, 21 Jul 2025 15:23:37 +0800 Subject: [PATCH] feat: make the nodelocaldns bind IP configurable. (#2665) Signed-off-by: joyceliu --- .../vars/create_cluster_kubernetes.yaml | 2 ++ .../templates/dns/nodelocaldns.yaml | 18 +++++++------- .../templates/kubeadm/kubeadm-init.v1beta2 | 2 +- .../templates/kubeadm/kubeadm-init.v1beta3 | 2 +- pkg/executor/block_executor.go | 24 +++++++++++++------ 5 files changed, 30 insertions(+), 18 deletions(-) diff --git a/builtin/core/playbooks/vars/create_cluster_kubernetes.yaml b/builtin/core/playbooks/vars/create_cluster_kubernetes.yaml index 4ef0a9a4..5627dea4 100644 --- a/builtin/core/playbooks/vars/create_cluster_kubernetes.yaml +++ b/builtin/core/playbooks/vars/create_cluster_kubernetes.yaml @@ -34,6 +34,8 @@ kubernetes: tag: 1.22.20 dns_service_ip: >- {{ index (.kubernetes.networking.service_cidr | ipInCIDR) 2 }} + # nodelocaldns bind ip + clusterDNS: 169.254.25.10 apiserver: port: 6443 certSANs: [] diff --git a/builtin/core/roles/kubernetes/init-kubernetes/templates/dns/nodelocaldns.yaml b/builtin/core/roles/kubernetes/init-kubernetes/templates/dns/nodelocaldns.yaml index 92136d55..fcc1b564 100644 --- a/builtin/core/roles/kubernetes/init-kubernetes/templates/dns/nodelocaldns.yaml +++ b/builtin/core/roles/kubernetes/init-kubernetes/templates/dns/nodelocaldns.yaml @@ -50,7 +50,7 @@ spec: requests: cpu: 100m memory: 70Mi - args: [ "-localip", "169.254.25.10", "-conf", "/etc/coredns/Corefile", "-upstreamsvc", "coredns" ] + args: [ "-localip", "{{ .kubernetes.networking.clusterDNS }}", "-conf", "/etc/coredns/Corefile", "-upstreamsvc", "coredns" ] securityContext: privileged: true ports: @@ -65,7 +65,7 @@ spec: protocol: TCP livenessProbe: httpGet: - host: 169.254.25.10 + host: {{ .kubernetes.networking.clusterDNS }} path: /health port: 9254 scheme: HTTP @@ -74,7 +74,7 @@ spec: failureThreshold: 10 readinessProbe: httpGet: - host: 169.254.25.10 + host: {{ .kubernetes.networking.clusterDNS }} path: /health port: 9254 scheme: HTTP @@ -120,7 +120,7 @@ data: cache {{ .cache }} reload loop - bind 169.254.25.10 + bind {{ .kubernetes.networking.clusterDNS }} prometheus :9253 {{- range .rewrite }} @@ -177,19 +177,19 @@ data: } reload loop - bind 169.254.25.10 + bind {{ .kubernetes.networking.clusterDNS }} forward . {{ .kubernetes.networking.dns_service_ip }} { force_tcp } prometheus :9253 - health 169.254.25.10:9254 + health {{ .kubernetes.networking.clusterDNS }}:9254 } in-addr.arpa:53 { errors cache 30 reload loop - bind 169.254.25.10 + bind {{ .kubernetes.networking.clusterDNS }} forward . {{ .kubernetes.networking.dns_service_ip }} { force_tcp } @@ -200,7 +200,7 @@ data: cache 30 reload loop - bind 169.254.25.10 + bind {{ .kubernetes.networking.clusterDNS }} forward . {{ .kubernetes.networking.dns_service_ip }} { force_tcp } @@ -211,7 +211,7 @@ data: cache 30 reload loop - bind 169.254.25.10 + bind {{ .kubernetes.networking.clusterDNS }} forward . /etc/resolv.conf prometheus :9253 {{- if .kubernetes.coredns.dns_etc_hosts | empty | not }} diff --git a/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta2 b/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta2 index d23ae337..39735737 100644 --- a/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta2 +++ b/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta2 @@ -175,7 +175,7 @@ apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration clusterDomain: {{ .kubernetes.networking.dns_domain }} clusterDNS: - - {{ .kubernetes.networking.dns_service_ip }} + - {{ .kubernetes.networking.clusterDNS }} maxPods: {{ .kubernetes.max_pods }} podPidsLimit: {{ .kubernetes.kubelet.pod_pids_limit }} rotateCertificates: true diff --git a/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta3 b/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta3 index 2352dcf3..d65fb282 100644 --- a/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta3 +++ b/builtin/core/roles/kubernetes/init-kubernetes/templates/kubeadm/kubeadm-init.v1beta3 @@ -174,7 +174,7 @@ apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration clusterDomain: {{ .kubernetes.networking.dns_domain }} clusterDNS: - - {{ .kubernetes.networking.dns_service_ip }} + - {{ .kubernetes.networking.clusterDNS }} maxPods: {{ .kubernetes.max_pods }} podPidsLimit: {{ .kubernetes.kubelet.pod_pids_limit }} rotateCertificates: true diff --git a/pkg/executor/block_executor.go b/pkg/executor/block_executor.go index 3550227b..36573060 100644 --- a/pkg/executor/block_executor.go +++ b/pkg/executor/block_executor.go @@ -106,12 +106,16 @@ func (e blockExecutor) dealWhen(when kkprojectv1.When) []string { return w } -// dealBlock "block" argument has defined in block. execute order is: block -> rescue -> always -// If rescue is defined, execute it when block execute error. -// If always id defined, execute it. +// dealBlock handles the execution of a block, including its "block", "rescue", and "always" sections. +// The execution order is: block -> rescue (if block fails) -> always (always runs after block/rescue). +// - If the main block fails and a rescue block is defined, the rescue block is executed. +// - If the main block fails and no rescue block is defined, the error is collected and returned. +// - The always block is executed after the main block (and rescue, if run), regardless of errors. +// All errors encountered are joined and returned. func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErrors *bool, when []string, tags kkprojectv1.Taggable, block kkprojectv1.Block) error { var errs error - // exec block + + // Execute the main block section if err := (blockExecutor{ option: e.option, hosts: hosts, @@ -121,7 +125,7 @@ func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErro when: when, tags: tags, }.Exec(ctx)); err != nil { - // if block exec failed exec rescue + // If the main block fails and a rescue block is defined, execute the rescue block if len(block.Rescue) != 0 { if err := (blockExecutor{ option: e.option, @@ -132,12 +136,16 @@ func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErro when: when, tags: tags, }.Exec(ctx)); err != nil { + // Collect errors from rescue block errs = errors.Join(errs, err) } + } else { + // If no rescue block, collect the error from the main block + errs = errors.Join(errs, err) } } - // exec always after block + // Execute the always block after the main/rescue block(s) if len(block.Always) != 0 { if err := (blockExecutor{ option: e.option, @@ -148,10 +156,12 @@ func (e blockExecutor) dealBlock(ctx context.Context, hosts []string, ignoreErro when: when, tags: tags, }.Exec(ctx)); err != nil { + // Collect errors from always block errs = errors.Join(errs, err) } } - // when execute error. return + + // Return any collected errors (nil if none) return errs }