Restart CoreDNS conditionally (hitachienergy#2417)

* Restart CoreDNS conditionally

* Update changelog

CHANGELOG-1.2.md

@@ -5,6 +5,7 @@
 ### Added
 
 - [#2127](https://github.com/epiphany-platform/epiphany/issues/2127) - Allow to specify configuration to be used in upgrade mode
+- [#2397](https://github.com/epiphany-platform/epiphany/issues/2397) - Restart CoreDNS pods conditionally
 
 ### Fixed
 

core/src/epicli/data/common/ansible/playbooks/roles/common/tasks/main.yml

@@ -122,3 +122,13 @@
 
 - name: Include logrotate configuration tasks
   include_tasks: configure-logrotate.yml
+
+- name: Create Epiphany directories
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: "{{ item.mode | default('u=rwx,go=rx') }}"
+    owner: root
+    group: root
+  loop:
+    - { path: /var/lib/epiphany }

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/defaults/main.yml

@@ -5,7 +5,7 @@ cni_plugin_vars:
     canal: k8s-app=canal
     flannel: app=flannel
 
-epiphany_manifests_dir: /etc/epiphany/manifests
+epiphany_k8s_manifests_dir: /etc/epiphany/manifests
 
 # The default values below were chosen as a compromise between node stability when available resources are low
 # and utilization (costs) to support even SMALL size VMs and may need to be adjusted depending on your environment.
@@ -24,3 +24,6 @@ kubelet_custom_config:
   systemReserved:
     cpu: 50m
     memory: 768Mi # based on RedHat 7.5 on Standard_DS1_v2 Azure VM with =~ 30 pods
+
+coredns_vars:
+  known_hosts_file_name: coredns-known-hosts

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/deploy-file.yml

@@ -4,15 +4,15 @@
 - name: Ensure that directory for files exists
   become: true
   file:
-    path: "{{ epiphany_manifests_dir }}"
+    path: "{{ epiphany_k8s_manifests_dir }}"
     state: directory
     owner: root
     group: root
     mode: u=rwx,go=rx
 
 - name: Upload and apply file
   vars:
-    dest_path: "{{ epiphany_manifests_dir }}/{{ file_name | basename }}"
+    dest_path: "{{ epiphany_k8s_manifests_dir }}/{{ file_name | basename }}"
   block:
     - name: Upload {{ file_name }} file
       become: true

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/deploy-template.yml

@@ -4,15 +4,15 @@
 - name: Ensure that directory for files exists
   become: true
   file:
-    path: "{{ epiphany_manifests_dir }}"
+    path: "{{ epiphany_k8s_manifests_dir }}"
     state: directory
     owner: root
     group: root
     mode: u=rwx,go=rx
 
 - name: Upload and apply template
   vars:
-    dest_path: "{{ epiphany_manifests_dir }}/{{ file_name | basename | regex_replace('\\.j2$') }}"
+    dest_path: "{{ epiphany_k8s_manifests_dir }}/{{ file_name | basename | regex_replace('\\.j2$') }}"
   block:
     - name: Upload {{ file_name }} file
       become: true

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/master-init.yml

@@ -70,9 +70,8 @@
 - name: Patch CoreDNS
   include_tasks: patch-coredns.yml
 
-# TODO: Restart conditionally (only when /etc/hosts was updated) or check whether newer CoreDNS would solve issue #2345
-- name: Restart CoreDNS pods
-  command: kubectl rollout restart deployment coredns --namespace kube-system
+- name: Restart CoreDNS
+  include_tasks: restart-coredns.yml
 
 - name: Apply Kubernetes Dashboard
   include_tasks: apply-dashboard.yml

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/patch-coredns.yml

@@ -19,3 +19,12 @@
     patch:
       content: "{{ coredns_deployment_patch | to_json }}"
       type: strategic
+
+# When CoreDNS is patched, pods are restarted so there is no need to run 'Restart CoreDNS pods' task
+- name: Copy /etc/hosts to /var/lib/epiphany/{{ coredns_vars.known_hosts_file_name }}
+  copy:
+    src: /etc/hosts
+    dest: /var/lib/epiphany/{{ coredns_vars.known_hosts_file_name }}
+    remote_src: yes
+    mode: preserve
+  when: kubectl_patch.changed

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/restart-coredns.yml

@@ -0,0 +1,42 @@
+---
+- name: Check if CoreDNS known hosts file exists
+  stat:
+    path: /var/lib/epiphany/{{ coredns_vars.known_hosts_file_name }}
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
+  register: stat_coredns_known_hosts
+
+- name: Compare hosts files
+  when: stat_coredns_known_hosts.stat.exists
+  block:
+    - name: Slurp CoreDNS known hosts file
+      slurp:
+        src: /var/lib/epiphany/{{ coredns_vars.known_hosts_file_name }}
+      register: slurp_coredns_known_hosts
+
+    - name: Slurp /etc/hosts
+      slurp:
+        src: /etc/hosts
+      register: slurp_etc_hosts
+
+    - name: Check if hosts files differ
+      set_fact:
+        hosts_files_differ: >-
+          {{ etc_hosts_lines | symmetric_difference(coredns_known_hosts_lines) | count > 0 }}
+      vars:
+        etc_hosts_lines: "{{ (slurp_etc_hosts.content | b64decode).split('\n') }}"
+        coredns_known_hosts_lines: "{{ (slurp_coredns_known_hosts.content | b64decode).split('\n') }}"
+
+- name: Restart CoreDNS pods
+  command: kubectl rollout restart deployment coredns --namespace kube-system
+  register: restart_coredns_deployment
+  when: not stat_coredns_known_hosts.stat.exists or hosts_files_differ
+
+- name: Copy /etc/hosts to /var/lib/epiphany/{{ coredns_vars.known_hosts_file_name }}
+  copy:
+    src: /etc/hosts
+    dest: /var/lib/epiphany/{{ coredns_vars.known_hosts_file_name }}
+    remote_src: yes
+    mode: preserve
+  when: restart_coredns_deployment.changed