Migrate DNS manifests to kubernetes.core.k8s

.gitattributes

@@ -0,0 +1 @@
+roles/kubernetes/preinstall/files/host_virtualenvs/*/requirements.txt linguist-generated=true

.pre-commit-config.yaml

@@ -2,7 +2,7 @@
 repos:
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+    rev: v4.5.0
     hooks:
       - id: check-added-large-files
       - id: check-case-conflict

roles/kubernetes-apps/ansible/tasks/coredns.yml

@@ -17,34 +17,10 @@
     - { name: coredns, file: coredns-poddisruptionbudget.yml, type: poddisruptionbudget, condition: coredns_pod_disruption_budget }
     - { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa }
   register: coredns_manifests
-  vars:
-    clusterIP: "{{ skydns_server }}"
   when:
     - dns_mode in ['coredns', 'coredns_dual']
     - inventory_hostname == groups['kube_control_plane'][0]
     - enable_dns_autoscaler or item.name != 'dns-autoscaler'
     - item.condition | default(True)
   tags:
     - coredns
-
-- name: Kubernetes Apps | Lay Down Secondary CoreDNS Template
-  template:
-    src: "{{ item.src }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: 0644
-  with_items:
-    - { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
-    - { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }
-    - { name: dns-autoscaler, src: dns-autoscaler.yml, file: coredns-autoscaler-secondary.yml, type: deployment }
-    - { name: coredns, src: coredns-poddisruptionbudget.yml, file: coredns-poddisruptionbudget-secondary.yml, type: poddisruptionbudget, condition: coredns_pod_disruption_budget }
-  register: coredns_secondary_manifests
-  vars:
-    clusterIP: "{{ skydns_server_secondary }}"
-    coredns_ordinal_suffix: "-secondary"
-  when:
-    - dns_mode == 'coredns_dual'
-    - inventory_hostname == groups['kube_control_plane'][0]
-    - enable_dns_autoscaler or item.name != 'dns-autoscaler'
-    - item.condition | default(True)
-  tags:
-    - coredns

roles/kubernetes-apps/ansible/tasks/main.yml

@@ -11,48 +11,23 @@
   delay: 1
   when: inventory_hostname == groups['kube_control_plane'][0]
 
-- name: Kubernetes Apps | CoreDNS
-  import_tasks: "coredns.yml"
-  when:
-    - dns_mode in ['coredns', 'coredns_dual']
-    - inventory_hostname == groups['kube_control_plane'][0]
-  tags:
-    - coredns
-
-- name: Kubernetes Apps | nodelocalDNS
-  import_tasks: "nodelocaldns.yml"
-  when:
-    - enable_nodelocaldns
-    - inventory_hostname == groups['kube_control_plane'] | first
-  tags:
-    - nodelocaldns
-
-- name: Kubernetes Apps | Start Resources
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "kube-system"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items:
-    - "{{ coredns_manifests.results | default({}) }}"
-    - "{{ coredns_secondary_manifests.results | default({}) }}"
-    - "{{ nodelocaldns_manifests.results | default({}) }}"
-    - "{{ nodelocaldns_second_manifests.results | default({}) }}"
-  when:
-    - dns_mode != 'none'
-    - inventory_hostname == groups['kube_control_plane'][0]
-    - not item is skipped
-  register: resource_result
-  until: resource_result is succeeded
-  retries: 4
+- name: Kubernetes Apps | DNS
+  vars:
+    ansible_python_interpreter: "{{ kubespray_virtualenvs_base }}/kubernetes.core/bin/python"
+  kubernetes.core.k8s:
+    state: present
+    apply: true
+    server_side_apply:
+      field_manager: kubespray
+      force_conflicts: true
+    template: "{{ all_manifests_lists | flatten }}"
+  register: result
+  until: result is succeeded
+  retries: 10
   delay: 5
   tags:
     - coredns
     - nodelocaldns
-  loop_control:
-    label: "{{ item.item.file }}"
 
 - name: Kubernetes Apps | Etcd metrics endpoints
   import_tasks: etcd_metrics.yml

roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2

@@ -1,3 +1,4 @@
+{% for coredns_ordinal_suffix in coredns_ordinal_suffixes %}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -121,3 +122,4 @@ spec:
             - key: hosts
               path: hosts
 {% endif %}
+{% endfor %}

roles/kubernetes-apps/ansible/templates/coredns-poddisruptionbudget.yml.j2

@@ -1,3 +1,5 @@
+{% for coredns_ordinal_suffix in coredns_ordinal_suffixes %}
+---
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
@@ -7,3 +9,4 @@ spec:
   selector:
     matchLabels:
       k8s-app: kube-dns{{ coredns_ordinal_suffix }}
+{% endfor %}

roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2

@@ -1,3 +1,4 @@
+{% for coredns_ordinal_suffix in coredns_ordinal_suffixes %}
 ---
 apiVersion: v1
 kind: Service
@@ -15,7 +16,7 @@ metadata:
 spec:
   selector:
     k8s-app: kube-dns{{ coredns_ordinal_suffix }}
-  clusterIP: {{ clusterIP }}
+  clusterIP: {{ lookup('vars', 'skydns_server' + (coredns_ordinal_suffix | replace('-', '_'))) }}
   ports:
     - name: dns
       port: 53
@@ -28,3 +29,4 @@ spec:
     - name: metrics
       port: 9153
       protocol: TCP
+{% endfor %}

roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2

@@ -1,4 +1,3 @@
----
 # Copyright 2016 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+{% for coredns_ordinal_suffix in coredns_ordinal_suffixes %}
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -84,3 +85,4 @@ spec:
         - --configmap=dns-autoscaler{{ coredns_ordinal_suffix }}
         - --target=Deployment/coredns{{ coredns_ordinal_suffix }}
       serviceAccountName: dns-autoscaler
+{% endfor %}

roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2

@@ -41,7 +41,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ forwardTarget }} {
+        forward . {{ nodelocaldns_forward_target }} {
             force_tcp
         }
         prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_prometheus_port }}
@@ -58,7 +58,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ forwardTarget }} {
+        forward . {{ nodelocaldns_forward_target }} {
             force_tcp
         }
         prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_prometheus_port }}
@@ -69,7 +69,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ forwardTarget }} {
+        forward . {{ nodelocaldns_forward_target }} {
             force_tcp
         }
         prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_prometheus_port }}
@@ -80,7 +80,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} {
+        forward . {{ nodelocaldns_upstream_forward_target }}{% if dns_upstream_forward_extra_opts is defined %} {
 {% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
           {{ optname }} {{ optvalue }}
 {% endfor %}
@@ -123,7 +123,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ forwardTarget }} {
+        forward . {{ nodelocaldns_forward_target }} {
             force_tcp
         }
         prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_secondary_prometheus_port }}
@@ -140,7 +140,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ forwardTarget }} {
+        forward . {{ nodelocaldns_forward_target }} {
             force_tcp
         }
         prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_secondary_prometheus_port }}
@@ -151,7 +151,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ forwardTarget }} {
+        forward . {{ nodelocaldns_forward_target }} {
             force_tcp
         }
         prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_secondary_prometheus_port }}
@@ -162,7 +162,7 @@ data:
         reload
         loop
         bind {{ nodelocaldns_ip }}
-        forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} {
+        forward . {{ nodelocaldns_upstream_forward_target }}{% if dns_upstream_forward_extra_opts is defined %} {
 {% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
           {{ optname }} {{ optvalue }}
 {% endfor %}

roles/kubernetes-apps/ansible/vars/main.yml

@@ -0,0 +1,38 @@
+---
+# CoreDNS vars
+coredns_ordinal_suffixes: "{{ [''] + (dns_mode == 'coredns_dual') | ternary(['-secondary'], []) }}"
+
+# Nodelocal DNS vars
+
+primary_dns_by_mode:
+  coredns: "{{ skydns_server }}"
+  coredns_dual: "{{ skydns_server }}"
+  manual: "{{ manual_dns_server }}"
+  none: ""
+
+nodelocaldns_forward_target: "{{ ([primary_dns_by_mode[dns_mode]] + (dns_mode == 'coredns_dual') | ternary([skydns_server_secondary], [])) | join(' ') }}"
+nodelocaldns_upstream_forward_target: "{{ upstream_dns_servers | d([]) | join(' ') | d('/etc/resolv.conf', true) }}"
+
+coredns_manifests:
+- coredns-clusterrole.yml.j2
+- coredns-clusterrolebinding.yml.j2
+- coredns-config.yml.j2
+- coredns-deployment.yml.j2
+- coredns-sa.yml.j2
+- coredns-svc.yml.j2
+- dns-autoscaler.yml.j2
+- dns-autoscaler-clusterrole.yml.j2
+- dns-autoscaler-clusterrolebinding.yml.j2
+- dns-autoscaler-sa.yml.j2
+- "{{ coredns_pod_disruption_budget | ternary('coredns-poddisruptionbudget.yml.j2', '') }}"
+
+nodelocaldns_manifests:
+- nodelocaldns-config.yml.j2
+- nodelocaldns-sa.yml.j2
+- nodelocaldns-daemonset.yml.j2
+
+all_apps:
+- coredns
+all_manifests_lists:
+- "{{ (dns_mode in ['coredns', 'coredns_dual'] and ansible_run_tags | intersect(['all', 'coredns']) | length > 0 and 'coredns' not in ansible_skip_tags) | ternary(coredns_manifests | select, []) }}"
+- "{{ (enable_nodelocaldns and ansible_run_tags | intersect(['all', 'coredns', 'nodelocaldns']) | length > 0 and ansible_skip_tags | intersect(['coredns', 'nodelocaldns']) | length == 0) | ternary(nodelocaldns_manifests, []) }}"

roles/kubernetes/preinstall/files/host_virtualenvs/kubernetes.core/requirements.in

@@ -0,0 +1 @@
+kubernetes==29.*