infra/kube-cascade
3
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

coredns now uses kustomize

Browse Source
This commit is contained in:
James Andariese 2023-12-24 19:55:01 -06:00
parent 64dd45f370
commit cd2b6c4857
4 changed files with 89 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
coredns/deploy.sh
View File

@ -1,2 +1 @@
helm repo add coredns https://coredns.github.io/helm
helm upgrade -i -n coredns --create-namespace coredns coredns/coredns -f values.yaml
kustomize build --enable-helm | kubectl apply -f -

1
coredns/diff.sh Normal file
View File

@ -0,0 +1 @@
kustomize build --enable-helm | kubectl diff -f -

87
coredns/kustomization.yaml Normal file
View File

@ -0,0 +1,87 @@
kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
helmCharts:
- name: coredns
repo: https://coredns.github.io/helm
namespace: coredns
version: 1.28.2
releaseName: coredns
includeCRDs: true
valuesInline:
isClusterService: false
replicaCount: 3
servers:
- plugins:
- name: errors
- configBlock: lameduck 5s
name: health
- name: ready
- configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
- configBlock: to *
name: transfer
- configBlock: fallthrough
name: k8s_external
parameters: k
- name: prometheus
parameters: 0.0.0.0:9153
- configBlock: answer "{{ .Name }} 60 IN A 172.16.17.115"
name: template
parameters: IN A harbor.strudelline.net
- configBlock: answer "{{ .Name }} 60 IN A 172.16.17.33"
name: template
parameters: IN A frigate.strudelline.net
- configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80"
name: template
parameters: IN A werts.us
- configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80"
name: template
parameters: IN A minio.strudelline.net
- configBlock: |
match ^cascade[.]strudelline[.]net[.]$
answer "{{ .Name }} 60 IN A 172.16.34.1"
answer "{{ .Name }} 60 IN A 172.16.33.1"
fallthrough
name: template
parameters: IN A cascade.strudelline.net
- configBlock: |
match ^(?P<name>[^.]*)[.]strudelline[.]net[.]$
answer "{{ .Name }} 60 IN A 172.16.17.80"
fallthrough
name: template
parameters: IN A strudelline.net
- name: forward
parameters: myrunningman.com 172.16.1.53:153
- name: forward
parameters: in-addr.arpa 172.16.33.1 172.16.34.1
- name: forward
parameters: cascade.strudelline.net 172.16.33.1 172.16.34.1
- configBlock: |
force_tcp
name: forward
parameters: . 172.16.1.53
- name: loop
- name: reload
- name: nsid
parameters: coredns-ext
- name: cache
parameters: 30
- name: cancel
- name: whoami
- name: loadbalance
- name: log
- name: minimal
port: 53
zones:
- zone: .
service:
annotations:
metallb.universe.tf/allow-shared-ip: 172.16.1.9
metallb.universe.tf/loadBalancerIPs: 172.16.1.9
serviceType: LoadBalancer
resources:
- coredns-address-pool.yaml

107
coredns/values.yaml
View File

@ -1,107 +0,0 @@
replicaCount: 3
servers:
- zones:
- zone: .
port: 53
# If serviceType is nodePort you can specify nodePort here
# nodePort: 30053
# hostPort: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
- name: transfer
configBlock: |-
to *
- name: k8s_external
parameters: k
configBlock: |-
fallthrough
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
#- name: k8s_gateway
# parameters: cluster.gateway
# configBlock: |-
# resources Ingress
# ttl 10
# individual hosts (full domains but still just hosts)
- {"parameters": "IN A harbor.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN A 172.16.17.115\"", "name": "template"}
- {"parameters": "IN A frigate.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN A 172.16.17.33\"", "name": "template"}
#- {"parameters": "IN A email.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN CNAME mailgun.org.\"", "name": "template"}
#- {"parameters": "IN A pbx.strudelline.net", "configBlock": "answer \"{{ .Name }} 60 IN A 172.16.56.1\"", "name": "template"}
# werts.us
- name: template
parameters: IN A werts.us
configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80"
# minio.strudelline.net
- name: template
parameters: IN A minio.strudelline.net
configBlock: answer "{{ .Name }} 60 IN A 172.16.17.80"
# cascade.strudelline.net
- name: template
parameters: IN A cascade.strudelline.net
configBlock: |
match ^cascade[.]strudelline[.]net[.]$
answer "{{ .Name }} 60 IN A 172.16.34.1"
answer "{{ .Name }} 60 IN A 172.16.33.1"
fallthrough
# *.strudelline.net
- name: template
parameters: IN A strudelline.net
configBlock: |
match ^(?P<name>[^.]*)[.]strudelline[.]net[.]$
answer "{{ .Name }} 60 IN A 172.16.17.80"
fallthrough
# BYPASS FAMILY FILTER FOR SOME SITES
- name: forward
parameters: myrunningman.com 172.16.1.53:153
# *.cascade.strudelline.net
- name: forward
parameters: in-addr.arpa 172.16.33.1 172.16.34.1
- name: forward
parameters: cascade.strudelline.net 172.16.33.1 172.16.34.1
- name: forward
parameters: . 172.16.1.53
configBlock: |
force_tcp
- name: loop
- name: reload
- name: nsid
parameters: "coredns-ext"
- name: cache
parameters: 30
- name: cancel
- name: whoami
- name: loadbalance
- name: log
- name: minimal
serviceType: LoadBalancer
service:
annotations:
metallb.universe.tf/allow-shared-ip: 172.16.1.9
metallb.universe.tf/loadBalancerIPs: 172.16.1.9
isClusterService: false
#podAnnotations:
# k8s.v1.cni.cncf.io/networks: |
# [{
# "namespace": "cascade",
# "name": "br0-static",
# "ips": ["172.16.1.9/12"]
# }]