This is uplift for CoreDNS to version 1.6.2
Upstream CoreDNS image has no tools inside like wget/dig and can't
be used as is because pod probes will fail. Coredns pod has
Liveness/Readiness probes which are just a shell script to run
wget/dig to determine that CoreDNS is functional. So, decided
to add tools for probes in promenade image and do refactoring.
New endpoints for health check are running in side-car:
/externalhealth - to do the same check like previous shell script,
/selfcheck - to do check of the health of side-car itself.
Main container should be pointed to check endpoint provided by
side-car container.
Change-Id: Ib7fcf309b6cc34a86eeeec6e2109988cfa862955
This updates coredns chart to include the podsecurity context
on the pod template
This also adds the container security context to set
readOnlyRootFilesystem to true
Change-Id: Ib44e7b9e5d0ccc642ee095062f3aefcfef2a98f8
CoreDNS is critical to cluster operations, and is also a very lightweight
service. This change makes the CoreDNS service deployable as a Deployment
(current behavior), a DaemonSet, or both simultaneously. This allows
DNS to be easily configured to run on all nodes (or all control
plane nodes if desired) for high availability of the service and
resiliency of the cluster.
The "deplyoment and daemonset" behavior can be used to provide an
uninterrupted migration path from a Deployment-based environment
to a DaemonSet-based one.
Change-Id: I58c3e62ac4892a4d9374d99eefe8055865cebf1e
Daemonset update strategy defaults to OnDelete in v1beta1, whereas
it defaults to RollingUpdate in v1, which seems prefereable.
This also adds helm-toolkit based labels at the controller level
to match standard usage such as for example by armada as wait labels.
This change has been tested using the promenade resiliency gate.
Change-Id: I9fd1bc4caedc0a6717b779e5333640ca8dc78b7e
This avoids leaving zombies in cases where the processes don't reap
children.
Also fixes a certificate issue with the resiliency gate.
Change-Id: I8a795557b0d60338c40b360c947b81a20fd48877
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I8d0ffac306258f940c63799e86e7e26b5c2c5add
This patchset makes possible to set/update the quantity of replicas
for CoreDNS through the variable in values.yaml.
Change-Id: I9a6ad0f7f2fe95b7d8cfd2ac5f4c6e235e8bb1a4
This adds direct name resolution as part of these checks. We have
experienced an issue with older versions of the proxy plugin that
resulted in coredns pods unable to resolve upstream names, but passing
health checks.
Change-Id: I9241b78490b4ae1640fb028c8c32bb179bf4e8ec
* Updates version references
* Increase memory of test VMs due to higher usage with bump
* Move etcd chart scripts from /tmp to /tmp/bin
* Remove certificate signing options for controller manager
* Remove -a from `kubectl get pods`, since that is deprecated in 1.10
* Shorten liveness/readiness probe times for CoreDNS
Change-Id: I16db0370f1c619e16002dd58e29025eb1538691f
- Update Makefile to more closely match UCP standards
- Add resource limits to any Pods missing them
Change-Id: Ia791a6b207c2baca7dd3141be71aef513c916661
This removes the reliance on coredns for APIserver discovery, allowing
a simpler configuration that is compatible with corednx 1.0.x
Change-Id: Ia3b7b5627c16ec47af6b0d6d5e8dee2674e9b1ee