Add CoreDNS configuration and update setup script; remove split-horizon config

infrastructure_setup/coredns/README.md

@@ -0,0 +1,18 @@
+# CoreDNS
+
+- https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
+- https://github.com/kubernetes/dns/blob/master/docs/specification.md
+- https://coredns.io/
+
+CoreDNS has the `kubernetes` plugin, so it returns all k8s service endpoints in well-known format.
+
+All services and pods are registered in CoreDNS.
+
+- <service-name>.<namespace>.svc.cluster.local
+- <service-name>.<namespace>
+- <service-name> (if in the same namespace)
+
+- <pod-ipv4-address>.<namespace>.pod.cluster.local
+- <pod-ipv4-address>.<service-name>.<namespace>.svc.cluster.local
+
+Anything wuery for a resource in the `internal.$DOMAIN` domain will be given the IP of the Traefik proxy. We expose the CoreDNS server in the LAN via MetalLB just for this capability.

infrastructure_setup/coredns/coredns-config.yaml

@@ -5,44 +5,39 @@ metadata:
   namespace: kube-system
 data:
   Corefile: |
-    .:53 {
+    # LAN DNS. All internal domains should resolve to the proxy.
-        errors
+    internal.cloud.payne.io:53 {
-        health
+      errors
-        ready
+      cache 30
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
+      reload
-          pods insecure
+      template IN A {
-          fallthrough in-addr.arpa ip6.arpa
+        match (.*)\.internal\.cloud\.payne\.io\.
-        }
+        answer "{{ .Name }} 60 IN A 192.168.8.240"
-        hosts {
+      }
-          192.168.8.218 box-01
-          192.168.8.222 civil
-          192.168.8.240 traefik.${DOMAIN}
-          192.168.8.241 dns.internal.${DOMAIN}
-          
-          # Test records
-          192.168.8.240 test.${DOMAIN}
-          192.168.8.240 example-app.${DOMAIN}
-          192.168.8.240 civilsociety.${DOMAIN}
-          192.168.8.241 test.internal.${DOMAIN}
-          192.168.8.240 example-admin.internal.${DOMAIN}
-          192.168.8.240 dashboard.internal.${DOMAIN}
-          192.168.8.240 kubernetes-dashboard.internal.${DOMAIN}
-          
-          ttl 60
-          reload 15s
-          fallthrough
-        }
-        prometheus :9153
-        forward . 8.8.8.8 8.8.4.4 {
-          max_concurrent 1000
-        }
-        cache 30
-        loop
-        reload
-        loadbalance
-        import /etc/coredns/custom/*.override
     }
-    import /etc/coredns/custom/*.server
+
+    # In-cloud DNS
+    .:53 {
+      health
+      errors
+      cache 30
+      reload
+      loop
+      ready
+      loadbalance
+      kubernetes cluster.local in-addr.arpa ip6.arpa {
+          fallthrough in-addr.arpa ip6.arpa
+      }
+      hosts /etc/coredns/NodeHosts {
+          fallthrough
+      }
+      forward . 1.1.1.1 8.8.8.8 {
+        max_concurrent 1000
+      }
+    }
+
   NodeHosts: |
-    # This field needs to remain for compatibility, even if empty
+    192.168.8.218 box-01
-    # Host entries are now in the Corefile hosts section
+    192.168.8.222 civil
+
+    # 192.168.8.240 dashboard.internal.${DOMAIN}

infrastructure_setup/coredns/split-horizon.yaml

@@ -1,41 +0,0 @@
----
-# Split-horizon DNS configuration for CoreDNS
-# This allows different DNS responses for internal vs external domains
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: coredns-custom
-  namespace: kube-system
-data:
-  internal-zones.server: |
-    # Internal zone configuration for *.internal.${DOMAIN}
-    internal.${DOMAIN} {
-      errors
-      log
-      hosts {
-        192.168.8.240 example-admin.internal.${DOMAIN}
-        192.168.8.240 dashboard.internal.${DOMAIN}
-        192.168.8.241 test.internal.${DOMAIN}
-        fallthrough
-      }
-      cache 30
-      # Use kubernetes service discovery for internal services
-      kubernetes cluster.local {
-        pods insecure
-        fallthrough in-addr.arpa ip6.arpa
-      }
-      # Forward to Google DNS if not found locally
-      forward . 8.8.8.8 8.8.4.4
-    }
-  
-  external-zones.server: |
-    # External zone configuration for *.${DOMAIN}
-    ${DOMAIN} {
-      errors
-      log
-      cache 30
-      # For external services, forward to Cloudflare for correct public resolution
-      forward . 1.1.1.1 8.8.8.8 {
-        max_concurrent 1000
-      }
-    }

infrastructure_setup/setup-coredns.sh

@@ -16,14 +16,8 @@ echo "Current directory: $(pwd)"
 
 # Apply the custom config for the k3s-provided CoreDNS
 echo "Applying CoreDNS configuration..."
-echo "Looking for file: ${SCRIPT_DIR}/coredns/coredns-config.yaml"
-# Simply use envsubst for variable expansion and apply
 cat "${SCRIPT_DIR}/coredns/coredns-config.yaml" | envsubst | kubectl apply -f -
 
-# Apply the split-horizon configuration
-echo "Applying split-horizon DNS configuration..."
-cat "${SCRIPT_DIR}/coredns/split-horizon.yaml" | envsubst | kubectl apply -f -
-
 # Apply the LoadBalancer service for external access to CoreDNS
 echo "Applying CoreDNS service configuration..."
 cat "${SCRIPT_DIR}/coredns/coredns-service.yaml" | envsubst | kubectl apply -f -