kind: DaemonSet apiVersion: apps/v1 metadata: annotations: deprecated.daemonset.template.generation: '2' openshift.io/scc: node-exporter name: docker-registry-dns-fixer namespace: {{ .Release.Namespace }} labels: app: docker-registry-dns-fixer spec: selector: matchLabels: app: docker-registry-dns-fixer template: metadata: creationTimestamp: null labels: app: docker-registry-dns-fixer annotations: sheduler.alpha.kubernetes.io/critical-pod: '' spec: nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler terminationGracePeriodSeconds: 30 securityContext: {} containers: - resources: {} terminationMessagePath: /dev/termination-log name: docker-registry-dns command: - /bin/sh - '-c' - | sleep 15 && while true; do SVC_IP=$(oc get -n {{ .Release.Namespace }} svc/docker-registry | tail -1 | awk {'print $3'}) DOCKER_HOST="docker-registry.{{ .Release.Namespace }}.svc docker-registry.{{ .Release.Namespace }}.svc.cluster.local" if grep -q "${DOCKER_HOST}" "/host/etc/hosts"; then sed -i -r "s#.*(${DOCKER_HOST})#${SVC_IP} \1#g" /host/etc/hosts echo "Docker-registry (${DOCKER_HOST}) has IP: ${SVC_IP} " else echo "can't find docker-registry record in /host/etc/hosts, docker-registry record will be added" echo "$SVC_IP ${DOCKER_HOST}" >> /host/etc/hosts echo "Docker-registry service (${DOCKER_HOST}) added with IP: ${SVC_IP}" fi sleep 30; done securityContext: privileged: true runAsUser: 0 imagePullPolicy: IfNotPresent volumeMounts: - name: etc mountPath: /host/etc terminationMessagePolicy: File image: 'quay.io/openshift/origin-cli' serviceAccountName: dns-fixer volumes: - name: etc hostPath: path: /etc type: Directory dnsPolicy: ClusterFirst tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/disk-pressure operator: Exists effect: NoSchedule - operator: Exists updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 revisionHistoryLimit: 10 --- apiVersion: v1 kind: ServiceAccount metadata: name: dns-fixer namespace: {{ .Release.Namespace }} --- apiVersion: authorization.openshift.io/v1 kind: ClusterRole metadata: annotations: openshift.io/description: Role for dns-fixer service account openshift.io/reconcile-protect: "false" name: dns-fixer-clusterrole rules: - apiGroups: - '*' attributeRestrictions: null resources: - services verbs: - get - list --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dns-fixer namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount name: dns-fixer namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: dns-fixer-clusterrole