From ce6f253432c714e21f76025368a4db0608dd3c23 Mon Sep 17 00:00:00 2001
From: Matt McEuen <matt.mceuen@att.com>
Date: Thu, 30 May 2019 20:22:52 -0500
Subject: [PATCH] Change CoreDNS from Deployment to DaemonSet

CoreDNS is critical to cluster operations, and is also a very lightweight
service.  This change makes the CoreDNS service deployable as a Deployment
(current behavior), a DaemonSet, or both simultaneously.  This allows
DNS to be easily configured to run on all nodes (or all control
plane nodes if desired) for high availability of the service and
resiliency of the cluster.

The "deplyoment and daemonset" behavior can be used to provide an
uninterrupted migration path from a Deployment-based environment
to a DaemonSet-based one.

Change-Id: I58c3e62ac4892a4d9374d99eefe8055865cebf1e
---
 charts/coredns/templates/deployment.yaml | 41 ++++++++++++++++--------
 charts/coredns/values.yaml               | 16 +++++++++
 examples/basic/armada-resources.yaml     |  3 --
 examples/complete/armada-resources.yaml  |  2 --
 4 files changed, 44 insertions(+), 18 deletions(-)

diff --git a/charts/coredns/templates/deployment.yaml b/charts/coredns/templates/deployment.yaml
index d11b1498..3d182cbe 100644
--- a/charts/coredns/templates/deployment.yaml
+++ b/charts/coredns/templates/deployment.yaml
@@ -16,35 +16,46 @@ limitations under the License.
 
 {{- $envAll := . }}
 {{- $labels := tuple $envAll "kubernetes" "coredns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
+{{- $kinds := list -}}
+{{- if .Values.manifests.deployment -}}{{ $kinds = append $kinds "Deployment" -}}{{- end -}}
+{{- if .Values.manifests.daemonset -}}{{ $kinds = append $kinds "DaemonSet" -}}{{- end -}}
+
+{{- range $kinds -}}
+{{- $kind := . -}}
 ---
 apiVersion: apps/v1
-kind: Deployment
+kind: {{ $kind }}
 metadata:
   name: coredns
   labels:
 {{ $labels | indent 4 }}
-    {{ .Values.service.name }}: enabled
+    {{ $envAll.Values.service.name }}: enabled
     kubernetes.io/name: "CoreDNS"
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
-  replicas: {{ .Values.pod.replicas.coredns }}
+{{- if eq $kind "Deployment" }}
+  replicas: {{ $envAll.Values.pod.replicas.coredns }}
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxUnavailable: 1
+{{- end }}
   selector:
     matchLabels:
 {{ $labels | indent 6 }}
-      {{ .Values.service.name }}: enabled
+      {{ $envAll.Values.service.name }}: enabled
+{{- if eq $kind "DaemonSet" }}
+{{ tuple $envAll "coredns" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
+{{- end }}
   template:
     metadata:
       labels:
 {{ $labels | indent 8 }}
-        {{ .Values.service.name }}: enabled
+        {{ $envAll.Values.service.name }}: enabled
       annotations:
-        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
-        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" $envAll | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" $envAll | include "helm-toolkit.utils.hash" }}
     spec:
       serviceAccountName: coredns
       shareProcessNamespace: true
@@ -52,7 +63,9 @@ spec:
         - key: "CriticalAddonsOnly"
           operator: "Exists"
       nodeSelector:
-        {{ .Values.labels.coredns.node_selector_key }}: {{ .Values.labels.coredns.node_selector_value }}
+        {{ $envAll.Values.labels.coredns.node_selector_key }}: {{ $envAll.Values.labels.coredns.node_selector_value }}
+      terminationGracePeriodSeconds: {{ $envAll.Values.pod.lifecycle.termination_grace_period.coredns.timeout | default "30" }}
+{{- if eq $kind "Deployment" }}
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -60,15 +73,16 @@ spec:
             podAffinityTerm:
               labelSelector:
                 matchExpressions:
-                - key: {{ .Values.service.name }}
+                - key: {{ $envAll.Values.service.name }}
                   operator: In
                   values:
                   - enabled
               topologyKey: kubernetes.io/hostname
+{{- end }}
       containers:
       - name: coredns
-        image: {{ .Values.images.tags.coredns | quote }}
-        imagePullPolicy: {{ .Values.images.pull_policy | quote }}
+        image: {{ $envAll.Values.images.tags.coredns | quote }}
+        imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }}
 {{ tuple $envAll $envAll.Values.pod.resources.coredns | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
         args: [ "-conf", "/etc/coredns/Corefile" ]
         volumeMounts:
@@ -102,11 +116,12 @@ spec:
       volumes:
         - name: config-volume
           configMap:
-            name: {{ .Values.service.name }}-etc
+            name: {{ $envAll.Values.service.name }}-etc
             items:
             - key: Corefile
               path: Corefile
         - name: scripts
           configMap:
-            name: {{ .Values.service.name }}-bin
+            name: {{ $envAll.Values.service.name }}-bin
             defaultMode: 0555
+{{ end }}
diff --git a/charts/coredns/values.yaml b/charts/coredns/values.yaml
index f913a773..d468d7a4 100644
--- a/charts/coredns/values.yaml
+++ b/charts/coredns/values.yaml
@@ -36,6 +36,18 @@ service:
   ip: 10.96.0.10
 
 pod:
+  lifecycle:
+    upgrades:
+      # This is only meaningful when deploying as a DaemonSet
+      daemonsets:
+        pod_replacement_strategy: RollingUpdate
+        coredns:
+          enabled: true
+          min_ready_seconds: 0
+          max_unavailable: 30%
+    termination_grace_period:
+      coredns:
+        timeout: 30
   resources:
     enabled: false
     coredns:
@@ -52,6 +64,7 @@ pod:
       limits:
         memory: "1024Mi"
         cpu: "2000m"
+  # This is only meaningful when deploying as a Deployment
   replicas:
     coredns: 3
 
@@ -63,4 +76,7 @@ monitoring:
       port: 9253
 
 manifests:
+  # This chart can deploy CoreDNS as a Deployment, as a DaemonSet, or both
+  daemonset: false
+  deployment: true
   pod_test: true
diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml
index 150f68d1..dd6e38d9 100644
--- a/examples/basic/armada-resources.yaml
+++ b/examples/basic/armada-resources.yaml
@@ -571,12 +571,9 @@ data:
     conf:
       test:
         names_to_resolve:
-          - att.com
           - calico-etcd.kube-system.svc.cluster.local
-          - google.com
           - kubernetes-etcd.kube-system.svc.cluster.local
           - kubernetes.default.svc.cluster.local
-
     images:
       tags:
         coredns: coredns/coredns:1.1.3
diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml
index fe7d4123..83977757 100644
--- a/examples/complete/armada-resources.yaml
+++ b/examples/complete/armada-resources.yaml
@@ -582,9 +582,7 @@ data:
     conf:
       test:
         names_to_resolve:
-          - att.com
           - calico-etcd.kube-system.svc.cluster.local
-          - google.com
           - kubernetes-etcd.kube-system.svc.cluster.local
           - kubernetes.default.svc.cluster.local