From 9589bee626c656aee61d14dfeec7c579326743bc Mon Sep 17 00:00:00 2001
From: Timo Reimann <treimann@digitalocean.com>
Date: Tue, 2 Apr 2019 18:14:29 +0200
Subject: [PATCH] Add deployment guide

Includes YAML patch and CoreFile.
---
 README.md                       |  4 ++++
 deploy/README.md                | 16 +++++++++++++++
 deploy/coredns-deploy-patch.yml | 35 +++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 deploy/README.md
 create mode 100644 deploy/coredns-deploy-patch.yml

diff --git a/README.md b/README.md
index 5cac705..cbd0ac4 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,10 @@ To increase the amount of logging, add `-v=3` as parameter.
 - `make container`: create a Docker image (set the `VERSION` environment variable to choose a custom image tag)
 - `make push`: push the Docker image
 
+## Deploying
+
+See [the deployment guide](/deploy/README.md).
+
 ## Releasing
 
 1. Update the `VERSION` variable in the Makefile.
diff --git a/deploy/README.md b/deploy/README.md
new file mode 100644
index 0000000..64e9424
--- /dev/null
+++ b/deploy/README.md
@@ -0,0 +1,16 @@
+# Deployment
+
+Deploying coredns-sidecar requires the following modifications to an existing CoreDNS installation:
+
+1. add the sidecar to the CoreDNS deployment (see [this patch](coredns-deploy-patch.yml) that can be applied running `kubectl patch --namespace kube-system deploy coredns --patch "$(cat coredns-deploy-patch.yml)"`)
+1. expand existing RBAC rules for CoreDNS to permit listing and watching nodes
+1. amend the CoreDNS Corefile by a piece of configuration for the hosts plugin:
+
+```
+hosts /shared/hosts {
+    ttl 5
+    fallthrough
+}
+```
+
+`fallthrough` is needed so that lookups which cannot be fulfilled by the hosts file get relayed to other resolution mechanisms provided by CoreDNS. `tls` can be adjusted per your own discretion.
diff --git a/deploy/coredns-deploy-patch.yml b/deploy/coredns-deploy-patch.yml
new file mode 100644
index 0000000..ae25075
--- /dev/null
+++ b/deploy/coredns-deploy-patch.yml
@@ -0,0 +1,35 @@
+spec:
+  template:
+    spec:
+      containers:
+      - name: coredns
+        volumeMounts:
+        - mountPath: /shared
+          name: hostsfile
+      - args:
+        - -hostsfile
+        - /shared/hosts
+        image: timoreimann/coredns-sidecar:0.0.1
+        name: hostsfile-updater
+        resources:
+          limits:
+            memory: 100Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        volumeMounts:
+        - mountPath: /shared
+          name: hostsfile
+      initContainers:
+      # Use an init container to create an empty hosts file with proper file permissions. We need this because
+      # the sidecar implementation copies over the permissions from an existing file.
+      - name: hostsfile-creator
+        image: busybox:1.30.1
+        command: ['sh', '-c', 'touch /shared/hosts && chmod 755 /shared/hosts']
+        volumeMounts:
+        - mountPath: /shared
+          name: hostsfile
+      volumes:
+      - emptyDir: {}
+        name: hostsfile
+