Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406)

Both kubedns and dnsmasq modes are long not maintained.
We should run dns_late steps at the end because sshd
makes DNS lookups during Ansible run and has 2s timeouts
for each failed lookup trying to connect to coredns before
it is ready.

docs/ansible.md

@@ -110,7 +110,6 @@ The following tags are defined in playbooks:
 |                   calico | Network plugin Calico
 |                    canal | Network plugin Canal
 |           cloud-provider | Cloud-provider related tasks
-|                  dnsmasq | Configuring DNS stack for hosts and K8s apps
 |                   docker | Configuring docker for hosts
 |                 download | Fetching container images to a delegate host
 |                     etcd | Configuring etcd cluster
@@ -152,11 +151,11 @@ Example command to filter and apply only DNS configuration tasks and skip
 everything else related to host OS configuration and downloading images of containers:
 
 ```
-ansible-playbook -i inventory/sample/hosts.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
+ansible-playbook -i inventory/sample/hosts.ini cluster.yml --tags preinstall,facts --skip-tags=download,bootstrap-os
 ```
 And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
 ```
-ansible-playbook -i inventory/sample/hosts.ini -e dnsmasq_dns_server='' cluster.yml --tags resolvconf
+ansible-playbook -i inventory/sample/hosts.ini -e dns_mode='none' cluster.yml --tags resolvconf
 ```
 And this prepares all container images locally (at the ansible runner node) without installing
 or upgrading related stuff or trying to upload container to K8s cluster nodes:

docs/dns-stack.md

@@ -20,10 +20,6 @@ ndots value to be used in ``/etc/resolv.conf``
 
 It is important to note that multiple search domains combined with high ``ndots``
 values lead to poor performance of DNS stack, so please choose it wisely.
-The dnsmasq DaemonSet can accept lower ``ndots`` values and return NXDOMAIN
-replies for [bogus internal FQDNS](https://github.com/kubernetes/kubernetes/issues/19634#issuecomment-253948954)
-before it even hits the kubedns app. This enables dnsmasq to serve as a
-protective, but still recursive resolver in front of kubedns.
 
 #### searchdomains
 Custom search domains to be added in addition to the cluster search domains (``default.svc.{{ dns_domain }}, svc.{{ dns_domain }}``).
@@ -41,8 +37,7 @@ is not set, a default resolver is chosen (depending on cloud provider or 8.8.8.8
 
 #### upstream_dns_servers
 DNS servers to be added *after* the cluster DNS. Used by all ``resolvconf_mode`` modes. These serve as backup
-DNS servers in early cluster deployment when no cluster DNS is available yet. These are also added as upstream
-DNS servers used by ``dnsmasq`` (when deployed with ``dns_mode: dnsmasq_kubedns``).
+DNS servers in early cluster deployment when no cluster DNS is available yet.
 
 DNS modes supported by Kubespray
 ============================
@@ -52,32 +47,20 @@ You can modify how Kubespray sets up DNS for your cluster with the variables ``d
 ## dns_mode
 ``dns_mode`` configures how Kubespray will setup cluster DNS. There are four modes available:
 
-#### dnsmasq_kubedns
-This installs an additional dnsmasq DaemonSet which gives more flexibility and lifts some
-limitations (e.g. number of nameservers). Kubelet is instructed to use dnsmasq instead of kubedns/skydns.
-It is configured to forward all DNS queries belonging to cluster services to kubedns/skydns. All
-other queries are forwardet to the nameservers found in ``upstream_dns_servers`` or ``default_resolver``
-
-#### kubedns
-This does not install the dnsmasq DaemonSet and instructs kubelet to directly use kubedns/skydns for
-all queries.
-
 #### coredns (default)
-This does not install the dnsmasq DaemonSet and instructs kubelet to directly use CoreDNS for
-all queries.
+This installs CoreDNS as the default cluster DNS for all queries.
 
 #### coredns_dual
-This does not install the dnsmasq DaemonSet and instructs kubelet to directly use CoreDNS for
-all queries. It will also deploy a secondary CoreDNS stack
+This installs CoreDNS as the default cluster DNS for all queries, plus a secondary CoreDNS stack.
 
 #### manual
-This does not install dnsmasq or kubedns, but allows you to specify
+This does not install coredns, but allows you to specify
 `manual_dns_server`, which will be configured on nodes for handling Pod DNS.
 Use this method if you plan to install your own DNS server in the cluster after
 initial deployment.
 
 #### none
-This does not install any of dnsmasq and kubedns/skydns. This basically disables cluster DNS completely and
+This does not install any of DNS solution at all. This basically disables cluster DNS completely and
 leaves you with a non functional cluster.
 
 ## resolvconf_mode
@@ -103,7 +86,7 @@ The following dns options are added to the docker daemon
 * attempts:2
 
 For normal PODs, k8s will ignore these options and setup its own DNS settings for the PODs, taking
-the --cluster_dns (either dnsmasq or kubedns, depending on dns_mode) kubelet option into account.
+the --cluster_dns (either coredns or coredns_dual, depending on dns_mode) kubelet option into account.
 For ``hostNetwork: true`` PODs however, k8s will let docker setup DNS settings. Docker containers which
 are not started/managed by k8s will also use these docker options.
 
@@ -115,7 +98,7 @@ servers, which in turn will forward queries to the system nameserver if required
 
 #### host_resolvconf
 This activates the classic Kubespray behaviour that modifies the hosts ``/etc/resolv.conf`` file and dhclient
-configuration to point to the cluster dns server (either dnsmasq or kubedns, depending on dns_mode).
+configuration to point to the cluster dns server (either coredns or coredns_dual, depending on dns_mode).
 
 As cluster DNS is not available on early deployment stage, this mode is split into 2 stages. In the first
 stage (``dns_early: true``), ``/etc/resolv.conf`` is configured to use the DNS servers found in ``upstream_dns_servers``

docs/large-deployments.md

@@ -15,8 +15,8 @@ For a large scaled deployments, consider the following configuration changes:
   load on a delegate (the first K8s master node) then retrying failed
   push or download operations.
 
-* Tune parameters for DNS related applications (dnsmasq daemon set, kubedns
-  replication controller). Those are ``dns_replicas``, ``dns_cpu_limit``,
+* Tune parameters for DNS related applications 
+  Those are ``dns_replicas``, ``dns_cpu_limit``,
   ``dns_cpu_requests``, ``dns_memory_limit``, ``dns_memory_requests``.
   Please note that limits must always be greater than or equal to requests.
 

docs/vars.md

@@ -59,8 +59,6 @@ following default cluster parameters:
   overlap with kube_service_addresses.
 * *kube_network_node_prefix* - Subnet allocated per-node for pod IPs. Remainin
   bits in kube_pods_subnet dictates how many kube-nodes can be in cluster.
-* *dns_setup* - Enables dnsmasq
-* *dnsmasq_dns_server* - Cluster IP for dnsmasq (default is 10.233.0.2)
 * *skydns_server* - Cluster IP for DNS (default is 10.233.0.3)
 * *skydns_server_secondary* - Secondary Cluster IP for CoreDNS used with coredns_dual deployment (default is 10.233.0.4)
 * *cloud_provider* - Enable extra Kubelet option if operating inside GCE or
@@ -84,15 +82,14 @@ and ``kube_pods_subnet``, for example from the ``172.18.0.0/16``.
 
 #### DNS variables
 
-By default, dnsmasq gets set up with 8.8.8.8 as an upstream DNS server and all
+By default, hosts are set up with 8.8.8.8 as an upstream DNS server and all
 other settings from your existing /etc/resolv.conf are lost. Set the following
 variables to match your requirements.
 
 * *upstream_dns_servers* - Array of upstream DNS servers configured on host in
   addition to Kubespray deployed DNS
-* *nameservers* - Array of DNS servers configured for use in dnsmasq
+* *nameservers* - Array of DNS servers configured for use by hosts
 * *searchdomains* - Array of up to 4 search domains
-* *skip_dnsmasq* - Don't set up dnsmasq (use only KubeDNS)
 
 For more information, see [DNS
 Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.md).