diff --git a/Makefile b/Makefile index 3d062f4126..cb655c0d9b 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ CLUSTER_GSLB_GATEWAY = docker network inspect ${CLUSTER_GSLB_NETWORK} -f '{{ (in GSLB_DOMAIN ?= cloud.example.com REPO := absaoss/k8gb SHELL := bash -VALUES_YAML ?= "" +VALUES_YAML ?= deploy/k8gb/values.yaml PODINFO_IMAGE_REPO ?= ghcr.io/stefanprodan/podinfo HELM_ARGS ?= K8GB_COREDNS_IP ?= kubectl get svc k8gb-coredns -n k8gb -o custom-columns='IP:spec.clusterIP' --no-headers @@ -157,7 +157,6 @@ deploy-test-version: ## Upgrade k8gb to the test version on existing clusters @for c in $(CLUSTER_IDS); do \ $(MAKE) deploy-local-cluster CLUSTER_ID=$$c VERSION=$(SEMVER)-$(ARCH) CHART='./chart/k8gb' ;\ - kubectl apply -n k8gb -f ./deploy/test/coredns-tcp-svc.yaml ;\ done .PHONY: list-running-pods @@ -178,7 +177,7 @@ deploy-local-cluster: kubectl config use-context k3d-$(CLUSTER_NAME)$(CLUSTER_ID) @echo -e "\n$(YELLOW)Create namespace $(NC)" - kubectl apply -f deploy/namespace.yaml + kubectl apply -f deploy/k8gb-namespace.yaml @echo -e "\n$(YELLOW)Deploy GSLB operator from $(VERSION) $(NC)" $(MAKE) deploy-k8gb-with-helm @@ -190,18 +189,18 @@ deploy-local-cluster: --version 4.0.15 -f $(NGINX_INGRESS_VALUES_PATH) @echo -e "\n$(YELLOW)Install Istio CRDs $(NC)" - kubectl create namespace istio-system + kubectl apply -f deploy/istio-system-namespace.yaml helm repo add --force-update istio https://istio-release.storage.googleapis.com/charts helm repo update - helm upgrade -i istio-base istio/base -n istio-system + helm upgrade -i istio-base istio/base -n istio-system --version 1.23.2 @echo -e "\n$(YELLOW)Install Istiod $(NC)" - helm upgrade -i istiod istio/istiod -n istio-system --wait + helm upgrade -i istiod istio/istiod -n istio-system --version 1.23.2 --wait @echo -e "\n$(YELLOW)Install Istio Ingress Gateway $(NC)" - kubectl create namespace istio-ingress + kubectl apply -f deploy/istio-ingress-namespace.yaml helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress \ - -f $(ISTIO_INGRESS_VALUES_PATH) + --version 1.23.2 -f $(ISTIO_INGRESS_VALUES_PATH) @if [ "$(DEPLOY_APPS)" = true ]; then $(MAKE) deploy-test-apps ; fi @@ -254,7 +253,6 @@ deploy-k8gb-with-helm: helm -n k8gb upgrade -i k8gb $(CHART) -f $(VALUES_YAML) \ --set $(call get-helm-args,$(CLUSTER_ID)) \ --set k8gb.reconcileRequeueSeconds=10 \ - --set k8gb.dnsZoneNegTTL=10 \ --set k8gb.imageTag=${VERSION:"stable"=""} \ --set k8gb.log.format=$(LOG_FORMAT) \ --set k8gb.log.level=$(LOG_LEVEL) \ @@ -264,7 +262,7 @@ deploy-k8gb-with-helm: .PHONY: deploy-gslb-operator deploy-gslb-operator: ## Deploy k8gb operator - kubectl apply -f deploy/namespace.yaml + kubectl apply -f deploy/k8gb-namespace.yaml cd chart/k8gb && helm dependency update helm -n k8gb upgrade -i k8gb chart/k8gb -f $(VALUES_YAML) $(HELM_ARGS) \ --set k8gb.log.format=$(LOG_FORMAT) diff --git a/chart/k8gb/Chart.lock b/chart/k8gb/Chart.lock index 01fab4ed9c..8924b709c2 100644 --- a/chart/k8gb/Chart.lock +++ b/chart/k8gb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: coredns - repository: https://k8gb-io.github.io/coredns-helm - version: 1.15.3 -digest: sha256:6e8906f6d2e0772826658468a0ff436fe0b1f6b7e2daeb4a03b27edfedcba41c -generated: "2024-09-06T11:25:39.309536+02:00" + repository: https://coredns.github.io/helm + version: 1.36.0 +digest: sha256:bcd2228fb16d5088ee38600dc4ec332e4ea84bfa159f3a9c33df112b201f5c29 +generated: "2024-10-15T23:29:44.394986+02:00" diff --git a/chart/k8gb/Chart.yaml b/chart/k8gb/Chart.yaml index a4465fcc9a..0bc6a77fa8 100644 --- a/chart/k8gb/Chart.yaml +++ b/chart/k8gb/Chart.yaml @@ -9,8 +9,8 @@ kubeVersion: ">= 1.19.0-0" dependencies: - name: coredns - repository: https://k8gb-io.github.io/coredns-helm - version: 1.15.3 + repository: https://coredns.github.io/helm + version: 1.36.0 home: https://www.k8gb.io/ sources: diff --git a/chart/k8gb/templates/coredns-cm.yaml b/chart/k8gb/templates/coredns/cm.yaml similarity index 95% rename from chart/k8gb/templates/coredns-cm.yaml rename to chart/k8gb/templates/coredns/cm.yaml index b1ffcc6caa..846ebb928e 100644 --- a/chart/k8gb/templates/coredns-cm.yaml +++ b/chart/k8gb/templates/coredns/cm.yaml @@ -1,10 +1,11 @@ {{- if .Values.coredns.deployment.enabled }} +apiVersion: v1 kind: ConfigMap metadata: + name: {{ .Release.Name }}-coredns + namespace: {{ .Release.Namespace }} labels: {{ include "chart.labels" . | indent 4 }} - name: {{ .Release.Name }}-coredns -apiVersion: v1 data: Corefile: |- {{ .Values.k8gb.dnsZone }}:5353 { diff --git a/chart/k8gb/values.yaml b/chart/k8gb/values.yaml index df7cdb4704..ffbcfed4e8 100644 --- a/chart/k8gb/values.yaml +++ b/chart/k8gb/values.yaml @@ -98,6 +98,16 @@ coredns: serviceAccount: create: true name: coredns + securityContext: + capabilities: + add: [] + # -- Only meant to open the correct service and container ports, has no other impact on the coredns configuration + servers: + - port: 5353 + servicePort: 53 + plugins: + - name: prometheus + parameters: 0.0.0.0:9153 infoblox: # -- infoblox provider enabled diff --git a/deploy/ingress/nginx-ingress-values.yaml b/deploy/ingress/nginx-ingress-values.yaml index 384bde502d..65908c0439 100644 --- a/deploy/ingress/nginx-ingress-values.yaml +++ b/deploy/ingress/nginx-ingress-values.yaml @@ -21,9 +21,3 @@ controller: service: enabled: false - -# UDP service key:value pairs -# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp -## -udp: - 53: "k8gb/k8gb-coredns:53" diff --git a/deploy/istio-ingress-namespace.yaml b/deploy/istio-ingress-namespace.yaml new file mode 100644 index 0000000000..5175627138 --- /dev/null +++ b/deploy/istio-ingress-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-ingress diff --git a/deploy/istio-system-namespace.yaml b/deploy/istio-system-namespace.yaml new file mode 100644 index 0000000000..f394e916f9 --- /dev/null +++ b/deploy/istio-system-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-system diff --git a/deploy/namespace.yaml b/deploy/k8gb-namespace.yaml similarity index 100% rename from deploy/namespace.yaml rename to deploy/k8gb-namespace.yaml diff --git a/deploy/k8gb/values.yaml b/deploy/k8gb/values.yaml new file mode 100644 index 0000000000..34711b6005 --- /dev/null +++ b/deploy/k8gb/values.yaml @@ -0,0 +1,21 @@ +coredns: + serviceType: LoadBalancer + + servers: + - zones: + - zone: cloud.example.com + port: 5353 + servicePort: 53 + plugins: + - name: errors + - name: health + - name: ready + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . /etc/resolv.conf + - name: k8s_crd + configBlock: |- + filter k8gb.absa.oss/dnstype=local + negttl 10 + loadbalance weight diff --git a/deploy/test/coredns-tcp-svc.yaml b/deploy/test/coredns-tcp-svc.yaml deleted file mode 100644 index 1511b7ebf0..0000000000 --- a/deploy/test/coredns-tcp-svc.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: k8gb-coredns-tcp -spec: - type: NodePort - selector: - app.kubernetes.io/instance: k8gb - app.kubernetes.io/name: coredns - ports: - - name: tcp-5353 - port: 53 - protocol: TCP - targetPort: 5353 - nodePort: 30053 diff --git a/docs/examples/azure/k8gb/aks1-helm-values.yaml b/docs/examples/azure/k8gb/aks1-helm-values.yaml index 852a2e1d0f..ce7808a6bf 100644 --- a/docs/examples/azure/k8gb/aks1-helm-values.yaml +++ b/docs/examples/azure/k8gb/aks1-helm-values.yaml @@ -1,8 +1,6 @@ k8gb: # -- dnsZone controlled by gslb - dnsZone: "demo.k8gb-kubeconeu2023.com" - # -- Negative TTL for SOA record - dnsZoneNegTTL: 300 + dnsZone: &dnsZone "demo.k8gb-kubeconeu2023.com" # -- main zone which would contain gslb zone to delegate edgeDNSZone: "k8gb-kubeconeu2023.com" # main zone which would contain gslb zone to delegate # -- host/ip[:port] format is supported here where port defaults to 53 @@ -33,3 +31,23 @@ azuredns: resourceGroup: k8gb-kubeconeu2023 aadClientId: myAADClientID aadClientSecret: myAADClientSecret + +coredns: + servers: + - zones: + - zone: *dnsZone + port: 5353 + servicePort: 53 + plugins: + - name: errors + - name: health + - name: ready + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . /etc/resolv.conf + - name: k8s_crd + configBlock: |- + filter k8gb.absa.oss/dnstype=local + negttl 300 + loadbalance weight diff --git a/docs/examples/azure/k8gb/aks2-helm-values.yaml b/docs/examples/azure/k8gb/aks2-helm-values.yaml index 8caba904f6..61a8dfa356 100644 --- a/docs/examples/azure/k8gb/aks2-helm-values.yaml +++ b/docs/examples/azure/k8gb/aks2-helm-values.yaml @@ -1,8 +1,6 @@ k8gb: # -- dnsZone controlled by gslb - dnsZone: "demo.k8gb-kubeconeu2023.com" - # -- Negative TTL for SOA record - dnsZoneNegTTL: 300 + dnsZone: &dnsZone "demo.k8gb-kubeconeu2023.com" # -- main zone which would contain gslb zone to delegate edgeDNSZone: "k8gb-kubeconeu2023.com" # main zone which would contain gslb zone to delegate # -- host/ip[:port] format is supported here where port defaults to 53 @@ -32,3 +30,23 @@ azuredns: resourceGroup: k8gb-kubeconeu2023 aadClientId: myAADClientID aadClientSecret: myAADClientSecret + +coredns: + servers: + - zones: + - zone: *dnsZone + port: 5353 + servicePort: 53 + plugins: + - name: errors + - name: health + - name: ready + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . /etc/resolv.conf + - name: k8s_crd + configBlock: |- + filter k8gb.absa.oss/dnstype=local + negttl 300 + loadbalance weight diff --git a/docs/examples/windowsdns/k8gb/aks1-helm-values.yaml b/docs/examples/windowsdns/k8gb/aks1-helm-values.yaml index 898c2052ae..4a335ad53f 100644 --- a/docs/examples/windowsdns/k8gb/aks1-helm-values.yaml +++ b/docs/examples/windowsdns/k8gb/aks1-helm-values.yaml @@ -3,9 +3,7 @@ k8gb: deployCrds: true deployRbac: true # -- dns zone that will be managed by CoreDNS - dnsZone: "global.k8gb.local" - # -- Negative TTL for SOA record - dnsZoneNegTTL: 300 + dnsZone: &dnsZone "global.k8gb.local" # -- main zone which would contain gslb zone to delegate edgeDNSZone: "k8gb.local" # -- host/ip[:port] format is supported here where port defaults to 53 @@ -60,6 +58,24 @@ coredns: rbac: create: true name: coredns + servers: + - zones: + - zone: *dnsZone + port: 5353 + servicePort: 53 + plugins: + - name: errors + - name: health + - name: ready + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . /etc/resolv.conf + - name: k8s_crd + configBlock: |- + filter k8gb.absa.oss/dnstype=local + negttl 300 + loadbalance weight rfc2136: enabled: true @@ -80,4 +96,4 @@ rfc2136: gssTsigCreds: - kerberos-username: k8gb - kerberos-password: asdfkuj#f8guh1 - - kerberos-realm: k8gb.local \ No newline at end of file + - kerberos-realm: k8gb.local diff --git a/docs/examples/windowsdns/k8gb/aks2-helm-values.yaml b/docs/examples/windowsdns/k8gb/aks2-helm-values.yaml index 1f8a1176c4..0b2b7a406a 100644 --- a/docs/examples/windowsdns/k8gb/aks2-helm-values.yaml +++ b/docs/examples/windowsdns/k8gb/aks2-helm-values.yaml @@ -3,9 +3,7 @@ k8gb: deployCrds: true deployRbac: true # -- dns zone that will be managed by CoreDNS - dnsZone: "global.k8gb.local" - # -- Negative TTL for SOA record - dnsZoneNegTTL: 300 + dnsZone: &dnsZone "global.k8gb.local" # -- main zone which would contain gslb zone to delegate edgeDNSZone: "k8gb.local" # -- host/ip[:port] format is supported here where port defaults to 53 @@ -60,6 +58,24 @@ coredns: rbac: create: true name: coredns + servers: + - zones: + - zone: *dnsZone + port: 5353 + servicePort: 53 + plugins: + - name: errors + - name: health + - name: ready + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . /etc/resolv.conf + - name: k8s_crd + configBlock: |- + filter k8gb.absa.oss/dnstype=local + negttl 300 + loadbalance weight rfc2136: enabled: true @@ -80,4 +96,4 @@ rfc2136: gssTsigCreds: - kerberos-username: k8gb - kerberos-password: asdfkuj#f8guh1 - - kerberos-realm: K8GB.LOCAL \ No newline at end of file + - kerberos-realm: K8GB.LOCAL diff --git a/k3d/test-gslb1.yaml b/k3d/test-gslb1.yaml index 3fc48deccd..a29aaf552a 100644 --- a/k3d/test-gslb1.yaml +++ b/k3d/test-gslb1.yaml @@ -23,15 +23,13 @@ ports: - port: 9080:30090 nodeFilters: - agent:0:direct - - port: 5053:30053/tcp + - port: 5053:53/tcp nodeFilters: - - agent:0:direct + - loadbalancer - port: 5053:53/udp nodeFilters: - - agent:0:direct + - loadbalancer options: - k3d: - disableLoadbalancer: true k3s: extraArgs: - arg: --disable=traefik,metrics-server,local-storage diff --git a/k3d/test-gslb2.yaml b/k3d/test-gslb2.yaml index 8292a9c4a8..39f5f96b50 100644 --- a/k3d/test-gslb2.yaml +++ b/k3d/test-gslb2.yaml @@ -20,15 +20,13 @@ ports: - port: 9081:30090 nodeFilters: - agent:0:direct - - port: 5054:30053/tcp + - port: 5054:53/tcp nodeFilters: - - agent:0:direct + - loadbalancer - port: 5054:53/udp nodeFilters: - - agent:0:direct + - loadbalancer options: - k3d: - disableLoadbalancer: true k3s: extraArgs: - arg: --disable=traefik,metrics-server,local-storage diff --git a/k3d/test-gslb3.yaml b/k3d/test-gslb3.yaml index 8e0308ab5d..d17ffa2783 100644 --- a/k3d/test-gslb3.yaml +++ b/k3d/test-gslb3.yaml @@ -20,15 +20,13 @@ ports: - port: 9082:30090 nodeFilters: - agent:0:direct - - port: 5055:30053/tcp + - port: 5055:53/tcp nodeFilters: - - agent:0:direct + - loadbalancer - port: 5055:53/udp nodeFilters: - - agent:0:direct + - loadbalancer options: - k3d: - disableLoadbalancer: true k3s: extraArgs: - arg: --disable=traefik,metrics-server,local-storage