Add CoreDNS Readiness check and Update Traefik Version

integration/coredns_test.go

@@ -21,7 +21,6 @@ func (s *CoreDNSSuite) SetUpSuite(c *check.C) {
 		"giantswarm/tiny-tools:3.9",
 	}
 	s.startk3s(c, requiredImages)
-	s.startAndWaitForCoreDNS(c)
 	s.startWhoami(c)
 	s.installTinyToolsMaesh(c)
 	s.createResources(c, "resources/tcp-state-table/")
@@ -31,7 +30,7 @@ func (s *CoreDNSSuite) TearDownSuite(c *check.C) {
 	s.stopK3s()
 }
 
-func (s *CoreDNSSuite) TestCoreDNSVersion(c *check.C) {
+func (s *CoreDNSSuite) TestCoreDNSVersionSafe(c *check.C) {
 	testCases := []struct {
 		desc          string
 		version       string
@@ -52,13 +51,11 @@ func (s *CoreDNSSuite) TestCoreDNSVersion(c *check.C) {
 			version:       "1.4.0",
 			expectedError: false,
 		},
-		{
-			desc:          "CoreDNS 1.6.3",
-			version:       "1.6.3",
-			expectedError: false,
-		},
 	}
 
+	s.createResources(c, "resources/coredns/corednssafe.yaml")
+	defer s.deleteResources(c, "resources/coredns/corednssafe.yaml", true)
+
 	for _, test := range testCases {
 		s.WaitForCoreDNS(c)
 		c.Log("Testing compatibility with " + test.desc)
@@ -78,9 +75,42 @@ func (s *CoreDNSSuite) TestCoreDNSVersion(c *check.C) {
 	}
 }
 
-func (s *CoreDNSSuite) TestCoreDNS(c *check.C) {
+func (s *CoreDNSSuite) TestCoreDNSVersion(c *check.C) {
+	testCases := []struct {
+		desc    string
+		version string
+	}{
+		{
+			desc:    "CoreDNS 1.5.2",
+			version: "1.5.2",
+		},
+		{
+			desc:    "CoreDNS 1.6.3",
+			version: "1.6.3",
+		},
+	}
+
+	s.createResources(c, "resources/coredns/coredns.yaml")
+	defer s.deleteResources(c, "resources/coredns/coredns.yaml", true)
+
+	for _, test := range testCases {
+		s.WaitForCoreDNS(c)
+		c.Log("Testing compatibility with " + test.desc)
+		s.setCoreDNSVersion(c, test.version)
+
+		cmd := s.maeshPrepareWithArgs()
+		cmd.Env = os.Environ()
+		output, err := cmd.CombinedOutput()
+
+		c.Log(string(output))
+		c.Assert(err, checker.IsNil)
+	}
+}
+
+func (s *CoreDNSSuite) TestCoreDNSDig(c *check.C) {
+	s.createResources(c, "resources/coredns/coredns.yaml")
+	defer s.deleteResources(c, "resources/coredns/coredns.yaml", true)
 	s.WaitForCoreDNS(c)
-	s.setCoreDNSVersion(c, "1.3.1")
 
 	cmd := s.startMaeshBinaryCmd(c, false)
 	err := cmd.Start()

integration/helm_test.go

@@ -11,8 +11,8 @@ type HelmSuite struct{ BaseSuite }
 func (s *HelmSuite) SetUpSuite(c *check.C) {
 	requiredImages := []string{
 		"containous/maesh:latest",
-		"coredns/coredns:1.3.1",
-		"traefik:v2.1.1",
+		"coredns/coredns:1.6.3",
+		"traefik:v2.1.6",
 	}
 	s.startk3s(c, requiredImages)
 	s.startAndWaitForCoreDNS(c)

integration/integration_test.go

@@ -69,7 +69,7 @@ func Test(t *testing.T) {
 	images = append(images, image{"gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.7", true})
 	images = append(images, image{"gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7", true})
 	images = append(images, image{"gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.7", true})
-	images = append(images, image{"traefik:v2.1.1", true})
+	images = append(images, image{"traefik:v2.1.6", true})
 
 	for _, image := range images {
 		if image.pull {
@@ -268,7 +268,7 @@ func (s *BaseSuite) deleteResources(c *check.C, dirPath string, force bool) {
 }
 
 func (s *BaseSuite) startAndWaitForCoreDNS(c *check.C) {
-	s.createResources(c, "resources/coredns")
+	s.createResources(c, "resources/coredns/coredns.yaml")
 	s.WaitForCoreDNS(c)
 }
 

integration/kubedns_test.go

@@ -12,8 +12,8 @@ func (s *KubeDNSSuite) SetUpSuite(c *check.C) {
 	requiredImages := []string{
 		"containous/maesh:latest",
 		"containous/whoami:v1.0.1",
-		"coredns/coredns:1.3.1",
-		"traefik:v2.1.1",
+		"coredns/coredns:1.6.3",
+		"traefik:v2.1.6",
 		"gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.7",
 		"gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7",
 		"gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.7",

integration/kubernetes_test.go

@@ -12,8 +12,8 @@ func (s *KubernetesSuite) SetUpSuite(c *check.C) {
 	requiredImages := []string{
 		"containous/maesh:latest",
 		"containous/whoami:v1.0.1",
-		"coredns/coredns:1.3.1",
-		"traefik:v2.1.1",
+		"coredns/coredns:1.6.3",
+		"traefik:v2.1.6",
 	}
 	s.startk3s(c, requiredImages)
 	s.startAndWaitForCoreDNS(c)

integration/resources/coredns/coredns.yaml

@@ -55,6 +55,7 @@ data:
     .:53 {
         errors
         health
+        ready
         kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
@@ -71,7 +72,6 @@ data:
         reload
         loadbalance
     }
-
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -103,7 +103,7 @@ spec:
         beta.kubernetes.io/os: linux
       containers:
         - name: coredns
-          image: coredns/coredns:1.3.1
+          image: coredns/coredns:1.6.3
           imagePullPolicy: IfNotPresent
           resources:
             limits:
@@ -143,6 +143,15 @@ spec:
             timeoutSeconds: 5
             successThreshold: 1
             failureThreshold: 5
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 8181
+              scheme: HTTP
+            initialDelaySeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
       dnsPolicy: Default
       volumes:
         - name: config-volume
@@ -153,7 +162,6 @@ spec:
                 path: Corefile
               - key: NodeHosts
                 path: NodeHosts
-
 ---
 apiVersion: v1
 kind: Service

integration/resources/coredns/corednssafe.yaml

@@ -0,0 +1,181 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+      - services
+      - pods
+      - namespaces
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:coredns
+subjects:
+  - kind: ServiceAccount
+    name: coredns
+    namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          upstream
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        hosts /etc/coredns/NodeHosts {
+          reload 1s
+          fallthrough
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coredns
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/name: "CoreDNS"
+spec:
+  #replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      k8s-app: kube-dns
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns
+    spec:
+      serviceAccountName: coredns
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+      containers:
+        - name: coredns
+          image: coredns/coredns:1.6.3
+          imagePullPolicy: IfNotPresent
+          resources:
+            limits:
+              memory: 170Mi
+            requests:
+              cpu: 100m
+              memory: 70Mi
+          args: [ "-conf", "/etc/coredns/Corefile" ]
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/coredns
+              readOnly: true
+          ports:
+            - containerPort: 53
+              name: dns
+              protocol: UDP
+            - containerPort: 53
+              name: dns-tcp
+              protocol: TCP
+            - containerPort: 9153
+              name: metrics
+              protocol: TCP
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - all
+            readOnlyRootFilesystem: true
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+              scheme: HTTP
+            initialDelaySeconds: 60
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
+      dnsPolicy: Default
+      volumes:
+        - name: config-volume
+          configMap:
+            name: coredns
+            items:
+              - key: Corefile
+                path: Corefile
+              - key: NodeHosts
+                path: NodeHosts
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-dns
+  namespace: kube-system
+  annotations:
+    prometheus.io/port: "9153"
+    prometheus.io/scrape: "true"
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    kubernetes.io/name: "CoreDNS"
+spec:
+  selector:
+    k8s-app: kube-dns
+  clusterIP: 10.43.0.10
+  ports:
+    - name: dns
+      port: 53
+      protocol: UDP
+    - name: dns-tcp
+      port: 53
+      protocol: TCP
+    - name: metrics
+      port: 9153
+      protocol: TCP

integration/resources/values.yaml

@@ -25,7 +25,7 @@ mesh:
     # (Optional)
     # pullPolicy: IfNotPresent
     # (Optional)
-    tag: v2.0.2
+    tag: v2.1.6
     # (Optional)
     # pullSecret: xxx
   resources:

integration/smi_test.go

@@ -18,8 +18,8 @@ func (s *SMISuite) SetUpSuite(c *check.C) {
 	requiredImages := []string{
 		"containous/maesh:latest",
 		"containous/whoami:v1.0.1",
-		"coredns/coredns:1.3.1",
-		"traefik:v2.1.1",
+		"coredns/coredns:1.6.3",
+		"traefik:v2.1.6",
 	}
 	s.startk3s(c, requiredImages)
 	s.startAndWaitForCoreDNS(c)