From ef68bb5e67c60d038622989ba410486357e4d86c Mon Sep 17 00:00:00 2001 From: Chao Dai Date: Thu, 18 Feb 2021 15:29:40 -0800 Subject: [PATCH 1/2] Enable nodelocal dnscache on prow build clusters --- .../gcp/clusters/modules/gke-cluster/main.tf | 3 +++ .../clusters/modules/gke-cluster/variables.tf | 6 ++++++ .../prow-build-trusted/main.tf | 19 +++++++++++-------- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/infra/gcp/clusters/modules/gke-cluster/main.tf b/infra/gcp/clusters/modules/gke-cluster/main.tf index d00de321b59..fef0f6185c3 100644 --- a/infra/gcp/clusters/modules/gke-cluster/main.tf +++ b/infra/gcp/clusters/modules/gke-cluster/main.tf @@ -177,6 +177,9 @@ resource "google_container_cluster" "prod_cluster" { network_policy_config { disabled = false } + dns_cache_config { + enabled = var.enable_node_local_dns_cache + } } release_channel { diff --git a/infra/gcp/clusters/modules/gke-cluster/variables.tf b/infra/gcp/clusters/modules/gke-cluster/variables.tf index db70ad2525f..b1b4846a97a 100644 --- a/infra/gcp/clusters/modules/gke-cluster/variables.tf +++ b/infra/gcp/clusters/modules/gke-cluster/variables.tf @@ -51,3 +51,9 @@ variable "release_channel" { More information about release channels can be found here : https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels. EOF } + +variable "enable_node_local_dns_cache" { + description = "If this cluster want to have NodeLocal DNSCache enabled" + type = string + default = "false" +} diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf index abd2b8202ba..11e8fdfcb4a 100644 --- a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf +++ b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf @@ -23,14 +23,15 @@ This file defines: */ locals { - project_id = "k8s-infra-prow-build-trusted" - cluster_name = "prow-build-trusted" // The name of the cluster defined in this file - cluster_location = "us-central1" // The GCP location (region or zone) where the cluster should be created - bigquery_location = "US" // The bigquery specific location where the dataset should be created - pod_namespace = "test-pods" // MUST match whatever prow is configured to use when it schedules to this cluster - cluster_sa_name = "prow-build-trusted" // Name of the GSA and KSA that pods use by default - gcb_builder_sa_name = "gcb-builder" // Name of the GSA and KSA that pods use to be allowed to run GCB builds and push to GCS buckets - prow_deployer_sa_name = "prow-deployer" // Name of the GSA and KSA that pods use to be allowed to deploy to prow build clusters + project_id = "k8s-infra-prow-build-trusted" + cluster_name = "prow-build-trusted" // The name of the cluster defined in this file + cluster_location = "us-central1" // The GCP location (region or zone) where the cluster should be created + bigquery_location = "US" // The bigquery specific location where the dataset should be created + pod_namespace = "test-pods" // MUST match whatever prow is configured to use when it schedules to this cluster + cluster_sa_name = "prow-build-trusted" // Name of the GSA and KSA that pods use by default + gcb_builder_sa_name = "gcb-builder" // Name of the GSA and KSA that pods use to be allowed to run GCB builds and push to GCS buckets + prow_deployer_sa_name = "prow-deployer" // Name of the GSA and KSA that pods use to be allowed to deploy to prow build clusters + enable_node_local_dns_cache = "true" // Enable NodeLocal DNSCache } module "project" { @@ -131,6 +132,7 @@ module "prow_build_cluster" { bigquery_location = local.bigquery_location is_prod_cluster = "true" release_channel = "STABLE" + enable_node_local_dns_cache = var.enable_node_local_dns_cache } module "prow_build_nodepool" { @@ -146,5 +148,6 @@ module "prow_build_nodepool" { disk_size_gb = 200 disk_type = "pd-standard" service_account = module.prow_build_cluster.cluster_node_sa.email + enable_node_local_dns_cache = var.enable_node_local_dns_cache } From 5c33af546dc1eba4cf4819f602f1a3f69f16ae87 Mon Sep 17 00:00:00 2001 From: Chao Dai Date: Thu, 18 Feb 2021 16:06:04 -0800 Subject: [PATCH 2/2] Fix typo, also add k8s-infra-prow-build cluster --- .../clusters/modules/gke-cluster/variables.tf | 2 +- .../prow-build-trusted/main.tf | 3 +-- .../k8s-infra-prow-build/prow-build/main.tf | 16 +++++++++------- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/infra/gcp/clusters/modules/gke-cluster/variables.tf b/infra/gcp/clusters/modules/gke-cluster/variables.tf index b1b4846a97a..c9a504fa4db 100644 --- a/infra/gcp/clusters/modules/gke-cluster/variables.tf +++ b/infra/gcp/clusters/modules/gke-cluster/variables.tf @@ -53,7 +53,7 @@ EOF } variable "enable_node_local_dns_cache" { - description = "If this cluster want to have NodeLocal DNSCache enabled" + description = "If this cluster should have NodeLocal DNSCache enabled" type = string default = "false" } diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf index 11e8fdfcb4a..b655268d6e1 100644 --- a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf +++ b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/main.tf @@ -132,7 +132,7 @@ module "prow_build_cluster" { bigquery_location = local.bigquery_location is_prod_cluster = "true" release_channel = "STABLE" - enable_node_local_dns_cache = var.enable_node_local_dns_cache + enable_node_local_dns_cache = local.enable_node_local_dns_cache } module "prow_build_nodepool" { @@ -148,6 +148,5 @@ module "prow_build_nodepool" { disk_size_gb = 200 disk_type = "pd-standard" service_account = module.prow_build_cluster.cluster_node_sa.email - enable_node_local_dns_cache = var.enable_node_local_dns_cache } diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf index 48e351e9ccf..aa1ff627b18 100644 --- a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf +++ b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf @@ -24,13 +24,14 @@ This file defines: */ locals { - project_id = "k8s-infra-prow-build" - cluster_name = "prow-build" // The name of the cluster defined in this file - cluster_location = "us-central1" // The GCP location (region or zone) where the cluster should be created - bigquery_location = "US" // The bigquery specific location where the dataset should be created - pod_namespace = "test-pods" // MUST match whatever prow is configured to use when it schedules to this cluster - cluster_sa_name = "prow-build" // Name of the GSA and KSA that pods use by default - boskos_janitor_sa_name = "boskos-janitor" // Name of the GSA and KSA used by boskos-janitor + project_id = "k8s-infra-prow-build" + cluster_name = "prow-build" // The name of the cluster defined in this file + cluster_location = "us-central1" // The GCP location (region or zone) where the cluster should be created + bigquery_location = "US" // The bigquery specific location where the dataset should be created + pod_namespace = "test-pods" // MUST match whatever prow is configured to use when it schedules to this cluster + cluster_sa_name = "prow-build" // Name of the GSA and KSA that pods use by default + boskos_janitor_sa_name = "boskos-janitor" // Name of the GSA and KSA used by boskos-janitor + enable_node_local_dns_cache = "true" // Enable NodeLocal DNSCache } module "project" { @@ -106,6 +107,7 @@ module "prow_build_cluster" { bigquery_location = local.bigquery_location is_prod_cluster = "true" release_channel = "STABLE" + enable_node_local_dns_cache = local.enable_node_local_dns_cache } module "prow_build_nodepool_n1_highmem_8_maxiops" {