diff --git a/infrastructure_setup/coredns/README.md b/infrastructure_setup/coredns/README.md new file mode 100644 index 0000000..84439c1 --- /dev/null +++ b/infrastructure_setup/coredns/README.md @@ -0,0 +1,18 @@ +# CoreDNS + +- https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +- https://github.com/kubernetes/dns/blob/master/docs/specification.md +- https://coredns.io/ + +CoreDNS has the `kubernetes` plugin, so it returns all k8s service endpoints in well-known format. + +All services and pods are registered in CoreDNS. + +- ..svc.cluster.local +- . +- (if in the same namespace) + +- ..pod.cluster.local +- ...svc.cluster.local + +Anything wuery for a resource in the `internal.$DOMAIN` domain will be given the IP of the Traefik proxy. We expose the CoreDNS server in the LAN via MetalLB just for this capability. diff --git a/infrastructure_setup/coredns/coredns-config.yaml b/infrastructure_setup/coredns/coredns-config.yaml index 0a1be8d..f783877 100644 --- a/infrastructure_setup/coredns/coredns-config.yaml +++ b/infrastructure_setup/coredns/coredns-config.yaml @@ -5,44 +5,39 @@ metadata: namespace: kube-system data: Corefile: | - .:53 { - errors - health - ready - kubernetes cluster.local in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - } - hosts { - 192.168.8.218 box-01 - 192.168.8.222 civil - 192.168.8.240 traefik.${DOMAIN} - 192.168.8.241 dns.internal.${DOMAIN} - - # Test records - 192.168.8.240 test.${DOMAIN} - 192.168.8.240 example-app.${DOMAIN} - 192.168.8.240 civilsociety.${DOMAIN} - 192.168.8.241 test.internal.${DOMAIN} - 192.168.8.240 example-admin.internal.${DOMAIN} - 192.168.8.240 dashboard.internal.${DOMAIN} - 192.168.8.240 kubernetes-dashboard.internal.${DOMAIN} - - ttl 60 - reload 15s - fallthrough - } - prometheus :9153 - forward . 8.8.8.8 8.8.4.4 { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance - import /etc/coredns/custom/*.override + # LAN DNS. All internal domains should resolve to the proxy. + internal.cloud.payne.io:53 { + errors + cache 30 + reload + template IN A { + match (.*)\.internal\.cloud\.payne\.io\. + answer "{{ .Name }} 60 IN A 192.168.8.240" + } } - import /etc/coredns/custom/*.server + + # In-cloud DNS + .:53 { + health + errors + cache 30 + reload + loop + ready + loadbalance + kubernetes cluster.local in-addr.arpa ip6.arpa { + fallthrough in-addr.arpa ip6.arpa + } + hosts /etc/coredns/NodeHosts { + fallthrough + } + forward . 1.1.1.1 8.8.8.8 { + max_concurrent 1000 + } + } + NodeHosts: | - # This field needs to remain for compatibility, even if empty - # Host entries are now in the Corefile hosts section \ No newline at end of file + 192.168.8.218 box-01 + 192.168.8.222 civil + + # 192.168.8.240 dashboard.internal.${DOMAIN} diff --git a/infrastructure_setup/coredns/split-horizon.yaml b/infrastructure_setup/coredns/split-horizon.yaml deleted file mode 100644 index 47c2dac..0000000 --- a/infrastructure_setup/coredns/split-horizon.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Split-horizon DNS configuration for CoreDNS -# This allows different DNS responses for internal vs external domains -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns-custom - namespace: kube-system -data: - internal-zones.server: | - # Internal zone configuration for *.internal.${DOMAIN} - internal.${DOMAIN} { - errors - log - hosts { - 192.168.8.240 example-admin.internal.${DOMAIN} - 192.168.8.240 dashboard.internal.${DOMAIN} - 192.168.8.241 test.internal.${DOMAIN} - fallthrough - } - cache 30 - # Use kubernetes service discovery for internal services - kubernetes cluster.local { - pods insecure - fallthrough in-addr.arpa ip6.arpa - } - # Forward to Google DNS if not found locally - forward . 8.8.8.8 8.8.4.4 - } - - external-zones.server: | - # External zone configuration for *.${DOMAIN} - ${DOMAIN} { - errors - log - cache 30 - # For external services, forward to Cloudflare for correct public resolution - forward . 1.1.1.1 8.8.8.8 { - max_concurrent 1000 - } - } \ No newline at end of file diff --git a/infrastructure_setup/setup-coredns.sh b/infrastructure_setup/setup-coredns.sh index c9b8e75..d8f4288 100755 --- a/infrastructure_setup/setup-coredns.sh +++ b/infrastructure_setup/setup-coredns.sh @@ -16,14 +16,8 @@ echo "Current directory: $(pwd)" # Apply the custom config for the k3s-provided CoreDNS echo "Applying CoreDNS configuration..." -echo "Looking for file: ${SCRIPT_DIR}/coredns/coredns-config.yaml" -# Simply use envsubst for variable expansion and apply cat "${SCRIPT_DIR}/coredns/coredns-config.yaml" | envsubst | kubectl apply -f - -# Apply the split-horizon configuration -echo "Applying split-horizon DNS configuration..." -cat "${SCRIPT_DIR}/coredns/split-horizon.yaml" | envsubst | kubectl apply -f - - # Apply the LoadBalancer service for external access to CoreDNS echo "Applying CoreDNS service configuration..." cat "${SCRIPT_DIR}/coredns/coredns-service.yaml" | envsubst | kubectl apply -f - @@ -32,4 +26,4 @@ cat "${SCRIPT_DIR}/coredns/coredns-service.yaml" | envsubst | kubectl apply -f - echo "Restarting CoreDNS pods to apply changes..." kubectl delete pod -n kube-system -l k8s-app=kube-dns -echo "CoreDNS setup complete!" \ No newline at end of file +echo "CoreDNS setup complete!"