Add local dns

2025-10-29 17:42:47 +00:00 · 2021-12-25 16:48:54 +02:00
parent 60aa6ef237
commit 495aaed683
2 changed files with 156 additions and 2 deletions
--- a/hetzner/deployments/coredns-local.yaml
+++ b/hetzner/deployments/coredns-local.yaml
@@ -0,0 +1,153 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-local
+  namespace: kube-system
+data:
+  empty.db: |
+    @       60      IN      SOA     localnet. root.localnet. (
+                    1       ; serial
+                    60      ; refresh
+                    60      ; retry
+                    60      ; expiry
+                    60 )    ; minimum
+    ;
+    @       IN      NS      localnet.
+
+  hosts: |
+    # static hosts
+    169.254.2.53        dns.local
+    fd00::169:254:2:53  dns.local
+
+  Corefile.local: |
+    (empty) {
+        file /etc/coredns/empty.db
+    }
+
+    .:53 {
+        errors
+        bind 169.254.2.53 fd00::169:254:2:53
+
+        health 127.0.0.1:8091 {
+           lameduck 5s
+        }
+
+        hosts /etc/coredns/hosts {
+            reload 60s
+            fallthrough
+        }
+
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+            endpoint https://172.16.0.10:6443
+            kubeconfig /etc/coredns/kubeconfig.conf coredns
+            pods insecure
+            ttl 60
+        }
+        prometheus :9153
+
+        forward . /etc/resolv.conf {
+            policy sequential
+            expire 30s
+        }
+
+        cache 300
+        loop
+        reload
+        loadbalance
+    }
+  kubeconfig.conf: |-
+    apiVersion: v1
+    kind: Config
+    clusters:
+    - cluster:
+        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        server: https://172.16.0.10:6443
+      name: default
+    contexts:
+    - context:
+        cluster: default
+        namespace: kube-system
+        user: coredns
+      name: coredns
+    current-context: coredns
+    users:
+    - name: coredns
+      user:
+        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: coredns-local
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns-local
+    kubernetes.io/name: CoreDNS
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  minReadySeconds: 15
+  selector:
+    matchLabels:
+      k8s-app: kube-dns-local
+      kubernetes.io/name: CoreDNS
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns-local
+        kubernetes.io/name: CoreDNS
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9153"
+    spec:
+      priorityClassName: system-node-critical
+      serviceAccount: coredns
+      serviceAccountName: coredns
+      enableServiceLinks: false
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+        - key: node.cloudprovider.kubernetes.io/uninitialized
+          effect: NoSchedule
+          value: "true"
+      hostNetwork: true
+      containers:
+      - name: coredns
+        image: coredns/coredns:1.8.6
+        imagePullPolicy: IfNotPresent
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 50m
+            memory: 64Mi
+        args: [ "-conf", "/etc/coredns/Corefile.local" ]
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/coredns
+          readOnly: true
+        livenessProbe:
+          httpGet:
+            host: 127.0.0.1
+            path: /health
+            port: 8091
+            scheme: HTTP
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+      dnsPolicy: Default
+      volumes:
+        - name: config-volume
+          configMap:
+            name: coredns-local
--- a/hetzner/instances-master.tf
+++ b/hetzner/instances-master.tf
@@ -57,7 +57,7 @@ resource "hcloud_load_balancer_target" "api" {
 #   content = templatefile("${path.module}/templates/controlplane.yaml",
 #     merge(var.kubernetes, {
 #       name           = "master-${count.index + 1}"
-#       type           = count.index == 0 ? "init" : "controlplane"
+#       type           = "controlplane"
 #       ipv4_vip       = local.ipv4_vip
 #       ipv4_local     = cidrhost(hcloud_network_subnet.core.ip_range, 11 + count.index)
 #       lbv4_local     = local.lbv4_local
@@ -65,10 +65,11 @@ resource "hcloud_load_balancer_target" "api" {
 #       lbv6           = local.lbv6
 #       hcloud_network = hcloud_network.main.id
 #       hcloud_token   = var.hcloud_token
+#       labels         = "topology.kubernetes.io/region=${hcloud_server.controlplane[count.index].location},topology.kubernetes.io/zone=${hcloud_server.controlplane[count.index].datacenter}"
 #     })
 #   )
 #   filename        = "_cfgs/controlplane-${count.index + 1}.yaml"
-#   file_permission = "0640"
+#   file_permission = "0600"

 #   depends_on = [hcloud_server.controlplane]
 # }