Why bake image
Closed this issue · 1 comments
olivernadj commented
Hi @Tristan971 I love your solution.
Although I had to symlink /etc/resolv.conf > /run/systemd/resolve/resolv.conf as a last step on my managed cluster in DigitalOcean.
Also I prefer to add a scrip to a well known image instead of using random images - especially for privileged pods.
Here is my final manifest, 99% based on your solution.
apiVersion: v1
kind: ConfigMap
metadata:
namespace: kube-system
name: node-coredns-enable-script
data:
run.sh: |
#!/bin/env sh
DNS_SOURCE=/etc/systemd/resolved.conf
DNS_GENERATED=/etc/resolv.conf
DNS_SYSTEMD=/run/systemd/resolve/resolv.conf
COREDNS_IP=$(grep nameserver $DNS_GENERATED | head -n1 | cut -d' ' -f2)
echo "Using this IP for CoreDNS: $COREDNS_IP"
echo ""
# escape from container
run_on_host() {
if [ -n "$2" ]; then
echo "Executing blobs, pass them as string! Received: [$*]"
exit 1
fi
nsenter -m -u -n -i -p -t 1 -- sh -c "set -x; $1"
}
idle() {
tail -f /dev/null
}
HOST_ORIGINAL_SRC="$(run_on_host "cat $DNS_SOURCE")"
echo "Original host's $DNS_SOURCE:"
echo "---"
echo ""
echo "$HOST_ORIGINAL_SRC"
echo ""
echo "---"
echo ""
echo "Checking if the host doesn't already have CoreDNS ($COREDNS_IP) set..."
if echo "$HOST_ORIGINAL_SRC" | grep -o "$COREDNS_IP"; then
echo "Already had $COREDNS_IP in host sources! Skipping straight to idling mode."
idle
else
echo "It does not. Proceeding."
fi
echo ""
echo "---"
echo ""
echo "Will set $COREDNS_IP as DNS=... value on host"
PRE="^#?DNS=.*$" # note that we don't just prepend but
POST="DNS=$COREDNS_IP" # replace every existing DNS with coredns
if [ "${DRY_RUN:-true}" == "false" ]; then
BACKUP_SUFFIX="-$(date +%s)-bak"
echo "Not a dry run. Will apply, and write backup to ${DNS_SOURCE}${BACKUP_SUFFIX}"
SED_COMMAND="sed --in-place=$BACKUP_SUFFIX -E s/$PRE/$POST/g $DNS_SOURCE"
else
echo "Dry run. Only showing what output would have resulted."
echo ""
SED_COMMAND="sed -E s/$PRE/$POST/g $DNS_SOURCE"
fi
run_on_host "$SED_COMMAND"
echo ""
echo "---"
echo ""
echo "Reloading systemd daemon"
run_on_host "systemctl daemon-reload"
echo "Restarting systemd-resolved"
run_on_host "systemctl restart systemd-resolved"
echo ""
echo "---"
echo ""
if [ "${SYMLINK:-false}" == "true" -a "${DRY_RUN:-true}" == "false" ]; then
BACKUP_SUFFIX="-$(date +%s)-bak"
echo "Forced symlink will apply, and write backup to ${DNS_GENERATED}${BACKUP_SUFFIX}"
run_on_host "cp ${DNS_GENERATED} ${DNS_GENERATED}${BACKUP_SUFFIX}"
run_on_host "test -f ${DNS_SYSTEMD} && ln -sf ${DNS_SYSTEMD} ${DNS_GENERATED}"
else
echo "No symlink will apply."
echo ""
fi
echo "Done applying DNS change. Now idling."
idle
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: node-coredns-enable
spec:
selector:
matchLabels:
name: node-coredns-enable-ds
template:
metadata:
labels:
name: node-coredns-enable-ds
spec:
hostPID: true
containers:
- name: enable-coredns-on-node
image: busybox
command: ['sh', "/run.sh"]
securityContext:
privileged: true
env:
# please try true first, see if it doesn't seem to blow up your cluster,
# then use false if it seems to make sense with its output
- name: 'DRY_RUN'
value: 'false'
# for Debian 4.19.194-2 needed to symlink the resolve conf.
# only works if DRY_RUN is false
- name: 'SYMLINK'
value: 'true'
volumeMounts:
- name: run-script
mountPath: /run.sh
subPath: run.sh
volumes:
- name: run-script
configMap:
name: node-coredns-enable-script
items:
- key: run.sh
path: run.sh
Tristan971 commented
Also I prefer to add a scrip to a well known image instead of using random images - especially for privileged pods.
Oh I agree - I merely published an image for my own use originally 🙂
I feel I should mention that I personally don't use this method anymore myself however. I needed it to access an NFS service and just made that one use a static ClusterIP instead
Anyway, glad it helped 👍