-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from timoreimann/add-deployment-guide
Add deployment guide
- Loading branch information
Showing
3 changed files
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # Deployment | ||
|
|
||
| Deploying coredns-sidecar requires the following modifications to an existing CoreDNS installation: | ||
|
|
||
| 1. add the sidecar to the CoreDNS deployment (see [this patch](coredns-deploy-patch.yml) that can be applied running `kubectl patch --namespace kube-system deploy coredns --patch "$(cat coredns-deploy-patch.yml)"`) | ||
| 1. expand existing RBAC rules for CoreDNS to permit listing and watching nodes | ||
| 1. amend the CoreDNS Corefile by a piece of configuration for the hosts plugin: | ||
|
|
||
| ``` | ||
| hosts /shared/hosts { | ||
| ttl 5 | ||
| fallthrough | ||
| } | ||
| ``` | ||
|
|
||
| `fallthrough` is needed so that lookups which cannot be fulfilled by the hosts file get relayed to other resolution mechanisms provided by CoreDNS. `tls` can be adjusted per your own discretion. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: coredns | ||
| volumeMounts: | ||
| - mountPath: /shared | ||
| name: hostsfile | ||
| - args: | ||
| - -hostsfile | ||
| - /shared/hosts | ||
| image: timoreimann/coredns-sidecar:0.0.1 | ||
| name: hostsfile-updater | ||
| resources: | ||
| limits: | ||
| memory: 100Mi | ||
| requests: | ||
| cpu: 100m | ||
| memory: 100Mi | ||
| volumeMounts: | ||
| - mountPath: /shared | ||
| name: hostsfile | ||
| initContainers: | ||
| # Use an init container to create an empty hosts file with proper file permissions. We need this because | ||
| # the sidecar implementation copies over the permissions from an existing file. | ||
| - name: hostsfile-creator | ||
| image: busybox:1.30.1 | ||
| command: ['sh', '-c', 'touch /shared/hosts && chmod 755 /shared/hosts'] | ||
| volumeMounts: | ||
| - mountPath: /shared | ||
| name: hostsfile | ||
| volumes: | ||
| - emptyDir: {} | ||
| name: hostsfile | ||
|
|