diff --git a/coredns/deploy.sh b/coredns/deploy.sh index a32580b..994a7c1 100644 --- a/coredns/deploy.sh +++ b/coredns/deploy.sh @@ -1,2 +1 @@ -helm repo add coredns https://coredns.github.io/helm -helm upgrade -i -n coredns --create-namespace coredns coredns/coredns -f values.yaml +kustomize build --enable-helm | kubectl apply -f - diff --git a/coredns/diff.sh b/coredns/diff.sh new file mode 100644 index 0000000..0436bae --- /dev/null +++ b/coredns/diff.sh @@ -0,0 +1 @@ +kustomize build --enable-helm | kubectl diff -f - diff --git a/coredns/kustomization.yaml b/coredns/kustomization.yaml new file mode 100644 index 0000000..88ef1b1 --- /dev/null +++ b/coredns/kustomization.yaml @@ -0,0 +1,87 @@ +kind: Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +helmCharts: + - name: coredns + repo: https://coredns.github.io/helm + namespace: coredns + version: 1.28.2 + releaseName: coredns + includeCRDs: true + valuesInline: + isClusterService: false + replicaCount: 3 + servers: + - plugins: + - name: errors + - configBlock: lameduck 5s + name: health + - name: ready + - configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + - configBlock: to * + name: transfer + - configBlock: fallthrough + name: k8s_external + parameters: k + - name: prometheus + parameters: 0.0.0.0:9153 + - configBlock: answer "{{ .Name }} 60 IN A 172.16.17.115" + name: template + parameters: IN A harbor.strudelline.net + - configBlock: answer "{{ .Name }} 60 IN A 172.16.17.33" + name: template + parameters: IN A frigate.strudelline.net + - configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80" + name: template + parameters: IN A werts.us + - configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80" + name: template + parameters: IN A minio.strudelline.net + - configBlock: | + match ^cascade[.]strudelline[.]net[.]$ + answer "{{ .Name }} 60 IN A 172.16.34.1" + answer "{{ .Name }} 60 IN A 172.16.33.1" + fallthrough + name: template + parameters: IN A cascade.strudelline.net + - configBlock: | + match ^(?P[^.]*)[.]strudelline[.]net[.]$ + answer "{{ .Name }} 60 IN A 172.16.17.80" + fallthrough + name: template + parameters: IN A strudelline.net + - name: forward + parameters: myrunningman.com 172.16.1.53:153 + - name: forward + parameters: in-addr.arpa 172.16.33.1 172.16.34.1 + - name: forward + parameters: cascade.strudelline.net 172.16.33.1 172.16.34.1 + - configBlock: | + force_tcp + name: forward + parameters: . 172.16.1.53 + - name: loop + - name: reload + - name: nsid + parameters: coredns-ext + - name: cache + parameters: 30 + - name: cancel + - name: whoami + - name: loadbalance + - name: log + - name: minimal + port: 53 + zones: + - zone: . + service: + annotations: + metallb.universe.tf/allow-shared-ip: 172.16.1.9 + metallb.universe.tf/loadBalancerIPs: 172.16.1.9 + serviceType: LoadBalancer +resources: + - coredns-address-pool.yaml diff --git a/coredns/values.yaml b/coredns/values.yaml deleted file mode 100644 index dedb304..0000000 --- a/coredns/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -replicaCount: 3 - -servers: -- zones: - - zone: . - port: 53 - # If serviceType is nodePort you can specify nodePort here - # nodePort: 30053 - # hostPort: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - - name: transfer - configBlock: |- - to * - - name: k8s_external - parameters: k - configBlock: |- - fallthrough - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - #- name: k8s_gateway - # parameters: cluster.gateway - # configBlock: |- - # resources Ingress - # ttl 10 - - # individual hosts (full domains but still just hosts) - - {"parameters": "IN A harbor.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN A 172.16.17.115\"", "name": "template"} - - {"parameters": "IN A frigate.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN A 172.16.17.33\"", "name": "template"} - #- {"parameters": "IN A email.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN CNAME mailgun.org.\"", "name": "template"} - #- {"parameters": "IN A pbx.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN A 172.16.56.1\"", "name": "template"} - # werts.us - - name: template - parameters: IN A werts.us - configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80" - # minio.strudelline.net - - name: template - parameters: IN A minio.strudelline.net - configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80" - # cascade.strudelline.net - - name: template - parameters: IN A cascade.strudelline.net - configBlock: | - match ^cascade[.]strudelline[.]net[.]$ - answer "{{ .Name }} 60 IN A 172.16.34.1" - answer "{{ .Name }} 60 IN A 172.16.33.1" - fallthrough - # *.strudelline.net - - name: template - parameters: IN A strudelline.net - configBlock: | - match ^(?P[^.]*)[.]strudelline[.]net[.]$ - answer "{{ .Name }} 60 IN A 172.16.17.80" - fallthrough - # BYPASS FAMILY FILTER FOR SOME SITES - - name: forward - parameters: myrunningman.com 172.16.1.53:153 - # *.cascade.strudelline.net - - name: forward - parameters: in-addr.arpa 172.16.33.1 172.16.34.1 - - name: forward - parameters: cascade.strudelline.net 172.16.33.1 172.16.34.1 - - name: forward - parameters: . 172.16.1.53 - configBlock: | - force_tcp - - name: loop - - name: reload - - name: nsid - parameters: "coredns-ext" - - name: cache - parameters: 30 - - name: cancel - - name: whoami - - name: loadbalance - - name: log - - name: minimal - -serviceType: LoadBalancer -service: - annotations: - metallb.universe.tf/allow-shared-ip: 172.16.1.9 - metallb.universe.tf/loadBalancerIPs: 172.16.1.9 - -isClusterService: false - -#podAnnotations: -# k8s.v1.cni.cncf.io/networks: | -# [{ -# "namespace": "cascade", -# "name": "br0-static", -# "ips": ["172.16.1.9/12"] -# }]