Coder Social home page Coder Social logo

Comments (5)

johnbelamaric avatar johnbelamaric commented on September 25, 2024

Thanks for your thorough review. You are right this is not really up-to-date, and we will get on that ASAP (PRs are welcome too!).

You may also be interested in kubernetes/kubernetes#52501 and kubernetes/minikube#1995.

@rajansandeep PTAL

from deployment.

chrisohaver avatar chrisohaver commented on September 25, 2024

Thanks again for the review. Summarizing what we have fixed so far...

  • Removed the pre 1.6 version, leaving only one manifest.
  • Corrected the deprecated "cidrs" in the ConfigMap.
  • Moved tolerations to spec element
  • Added master NoSchedule taint toleration
  • Use current release, not "latest".
  • main repo README updated

not addressed yet:

  • CoreDNS master affinity - kube-dns does not have master node affinity. Actually we may want to use antiAffinity to make sure replicas don't land all on one node.
  • Exposed metrics port - kube-dns appears to also expose the metrics port in its default configuration... I found this issue kubernetes/kubernetes#52184 scroll to "7. Exposed /metrics APIs Allow for Pod/Svc Enumeration" ... the risk seems low enough to be an OK default. As they are now, CoreDNS metrics are aggregations (e.g. you cant enumerate services or pods based on them).
  • RollingUpdate strategy - I think 2 replicas + maxUnavailable: 1 is a sensible minimal default. @johnbelamaric, what do you think?

from deployment.

ae6rt avatar ae6rt commented on September 25, 2024

Nice work.

I'd be somewhat sorry to see the non-RBAC manifests removed. Not every cluster uses RBAC yet, and if not, experimenting with CoreDNS with the RBAC manifest would be challenging.

from deployment.

johnbelamaric avatar johnbelamaric commented on September 25, 2024

@chrisohaver yes on the RollingUpdate strategy. Also update to 0.9.10 and get rid of the "CIDR needs to be on a /8 boundary" comment. What about kubernetes.io/cluster-service? Should we remove it here?

from deployment.

chrisohaver avatar chrisohaver commented on September 25, 2024

For stability and security purposes ... CoreDNS should only run on master nodes ...

Most every thing here is in the deployment now, except for the above. In fact, we have recently merged a change that does the exact opposite of this, never allowing coredns to be scheduled on the master node. See discussion #50.

from deployment.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.