Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity

Separate dns deployment for world-facing dns

Browse Source
This commit is contained in:
Lumpiasty
2025-02-04 04:41:59 +01:00
parent e3c908743f
commit 4e6a0b3105
3 changed files with 161 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/dns/Makefile
View File

@@ -1,2 +1,2 @@
install:
kubectl apply -f svc.yml
kubectl apply -f proxy.yml -f svc.yml

158
infra/dns/proxy.yml Normal file
View File

@@ -0,0 +1,158 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-external
namespace: kube-system
data:
Corefile: |-
.:53 {
# Filter out anything IPv4 related
view external {
expr type() in ['AAAA', 'SRV', 'PTR']
expr not hasSuffix(name(), '.in-addr.arpa.')
}
errors
health {
lameduck 5s
}
ready
log . {
class error
}
# Exposes kubernetes domain names under homelab.lumpiasty.xyz
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
kubernetes homelab.lumpiasty.xyz ip6.arpa {
pods insecure
endpoint_pod_names
ttl 30
}
# Exposes loadbalancer domain names under lb.homelab.lumpiasty.xyz
k8s_external lb.homelab.lumpiasty.xyz {
ttl 30
}
# Cache results to reduce stress on apiserver
cache 30 {
disable success homelab.lumpiasty.xyz
disable denial homelab.lumpiasty.xyz
}
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: kube-dns-external
kubernetes.io/name: CoreDNS
name: coredns-external
namespace: kube-system
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kube-dns-external
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
k8s-app: kube-dns-external
spec:
subdomain: kube-dns-external
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values:
- kube-dns
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- args:
- -conf
- /etc/coredns/Corefile
env:
- name: GOMEMLIMIT
value: 161MiB
image: registry.k8s.io/coredns/coredns:v1.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8181
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /etc/coredns
name: config-volume
readOnly: true
dnsPolicy: Default
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
serviceAccount: coredns
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
operator: Exists
volumes:
- configMap:
defaultMode: 420
items:
- key: Corefile
path: Corefile
name: coredns-external
name: config-volume

6
infra/dns/svc.yml
View File

@@ -6,11 +6,9 @@ metadata:
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ipFamilyPolicy: SingleStack
ipFamilies:
- IPv6
ipFamilyPolicy: RequireDualStack
selector:
k8s-app: kube-dns
k8s-app: kube-dns-external
ports:
- name: dns
port: 53