shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: coredns-nodecache

Browse Source
This commit is contained in:
auricom
2021-08-08 20:49:45 +02:00
parent 6aed39b41a
commit bc8aa60472
8 changed files with 308 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
cluster/core/kube-system/coredns-nodecache/configmap.yaml Normal file
View File

@@ -0,0 +1,121 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-nodecache-primary
namespace: kube-system
data:
Corefile: |
cluster.local:53 {
errors
cache {
success 9984 30
denial 9984 5
prefetch 3 60s 15%
}
reload
loop
bind 169.254.20.10 # Set your cluster dns to this
nodecache skipteardown
template IN AAAA {
rcode NOERROR
}
forward . 10.96.0.10 { # Kube-DNS IP
force_tcp
}
prometheus :9253
health 169.254.20.10:8080
}
in-addr.arpa:53 {
errors
cache 120
reload
loop
bind 169.254.20.10
nodecache skipteardown
template IN AAAA {
rcode NOERROR
}
forward . /etc/resolv.conf {
force_tcp
}
prometheus :9253
}
.:53 {
errors
cache {
success 9984 86400
denial 9984 300
prefetch 3 60s 15%
}
reload
loop
bind 169.254.20.10
nodecache skipteardown
template IN AAAA {
rcode NOERROR
}
forward . /etc/resolv.conf {
force_tcp
}
prometheus :9253
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-nodecache-secondary
namespace: kube-system
data:
Corefile: |
cluster.local:53 {
errors
cache {
success 9984 30
denial 9984 5
prefetch 3 60s 15%
}
reload
loop
bind 169.254.20.10 # Set your cluster dns to this
template IN AAAA {
rcode NOERROR
}
forward . 10.96.0.10 { # Kube-DNS IP
force_tcp
}
prometheus :9254
health 169.254.20.10:8082
}
in-addr.arpa:53 {
errors
cache 120
reload
loop
bind 169.254.20.10
template IN AAAA {
rcode NOERROR
}
forward . /etc/resolv.conf {
force_tcp
}
prometheus :9254
}
.:53 {
errors
cache {
success 9984 86400
denial 9984 300
prefetch 3 60s 15%
}
reload
loop
bind 169.254.20.10
template IN AAAA {
rcode NOERROR
}
forward . /etc/resolv.conf {
force_tcp
}
prometheus :9254
}

147
cluster/core/kube-system/coredns-nodecache/daemonset.yaml Normal file
View File

@@ -0,0 +1,147 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: coredns-nodecache-primary
namespace: kube-system
labels:
k8s-app: coredns-nodecache
kubernetes.io/cluster-service: "true"
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 10%
selector:
matchLabels:
k8s-app: coredns-nodecache
template:
metadata:
labels:
k8s-app: coredns-nodecache
spec:
priorityClassName: system-node-critical
serviceAccountName: coredns-nodecache
hostNetwork: true
dnsPolicy: Default
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
operator: Exists
containers:
- name: coredns-nodecache
image: contentful/coredns-nodecache:latest
resources:
limits:
memory: 50Mi
requests:
cpu: 25m
memory: 5Mi
args:
- -conf
- /etc/coredns/Corefile
securityContext:
privileged: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9253
name: metrics
protocol: TCP
livenessProbe:
httpGet:
host: 169.254.20.10
path: /health
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
volumeMounts:
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- name: config-volume
mountPath: /etc/coredns
volumes:
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- name: config-volume
configMap:
name: coredns-nodecache-primary
items:
- key: Corefile
path: Corefile
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: coredns-nodecache-secondary
namespace: kube-system
labels:
k8s-app: coredns-nodecache
kubernetes.io/cluster-service: "true"
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 10%
selector:
matchLabels:
k8s-app: coredns-nodecache
template:
metadata:
labels:
k8s-app: coredns-nodecache
spec:
priorityClassName: system-node-critical
serviceAccountName: coredns-nodecache
hostNetwork: true
dnsPolicy: Default
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
containers:
- name: coredns-nodecache
image: contentful/coredns-nodecache:latest
resources:
limits:
memory: 50Mi
requests:
cpu: 25m
memory: 5Mi
args:
- -conf
- /etc/coredns/Corefile
securityContext:
privileged: true
ports:
- containerPort: 9254
name: metrics
protocol: TCP
livenessProbe:
httpGet:
host: 169.254.20.10
path: /health
port: 8082
initialDelaySeconds: 60
timeoutSeconds: 5
volumeMounts:
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- name: config-volume
mountPath: /etc/coredns
volumes:
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- name: config-volume
configMap:
name: coredns-nodecache-secondary
items:
- key: Corefile
path: Corefile

7
cluster/core/kube-system/coredns-nodecache/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- service-account.yaml
- configmap.yaml
- daemonset.yaml

8
cluster/core/kube-system/coredns-nodecache/service-account.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns-nodecache
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"

1
cluster/core/kube-system/kustomization.yaml
View File

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- namespace.yaml - namespace.yaml
- coredns-nodecache
- descheduler - descheduler
- intel-gpu-plugin - intel-gpu-plugin
- kubernetes-replicator - kubernetes-replicator

1
server/ansible/inventory/group_vars/all/ubuntu-settings.yml
View File

@@ -1,4 +1,5 @@
--- ---
dns_server: 192.168.8.1
# Enable to skip apt upgrade # Enable to skip apt upgrade
skip_upgrade_packages: false skip_upgrade_packages: false
# Enable to skip removing crufty packages # Enable to skip removing crufty packages

22
server/ansible/roles/ubuntu/tasks/network.yml
View File

@@ -21,3 +21,25 @@
when: when:
- sysctl_network.changed - sysctl_network.changed
- bridge_nf_call_iptables_result.stat.exists - bridge_nf_call_iptables_result.stat.exists
- name: network | systemd-resolved | disable
ansible.builtin.systemd:
name: systemd-resolved
state: stopped
enabled: no
- name: network | resolv.conf | check symlink
ansible.builtin.stat:
path: "/etc/resolv.conf"
register: resolv
- name: network | resolv.conf | remove symlink
ansible.builtin.file:
path: "/etc/resolv.conf"
state: absent
when: resolv.stat.islnk is defined and resolv.stat.islnk
- name: network | resolv.conf | static files
ansible.builtin.template:
src: resolv.conf
dest: /etc/resolv.conf

1
server/ansible/roles/ubuntu/templates/resolv.conf Normal file
View File

@@ -0,0 +1 @@
nameserver {{ dns_server }}