dowerx/cluster-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

split dns

Browse Source
This commit is contained in:
BENEDEK László 2025-05-03 21:18:22 +02:00
parent b51b01702f
commit 7555e214a5
3 changed files with 243 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
k8s/coredns/coredns.yml
View File

@ -4,58 +4,67 @@ metadata:
name: dns name: dns
--- ---
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: config name: config
namespace: dns namespace: dns
data: data:
Corefile: |- private-Corefile: |-
.:53 { .:53 {
log log . "private: {remote}:{port} - {>id} {>opcode} {>name} {>type} {>proto}"
errors debug
file /config/db.cluster file /config/db.cluster
} }
public.cluster. {
forward . 192.168.123.240
}
public-Corefile: |-
.:54 { .:54 {
log log . "public: {remote}:{port} - {>id} {>opcode} {>name} {>type} {>proto}"
errors debug
file /config/db.public.cluster file /config/db.public.cluster
} }
db.cluster: |- db.cluster: |-
$TTL 1m $TTL 1m
$ORIGIN cluster. $ORIGIN cluster.
@ IN SOA cluster. lacbenedek.gmail.com. ( @ IN SOA ns1.cluster. admin.cluster. (
2025050202 ; serial 2025050302 ; serial
1m ; period 1m ; period
1m ; retry 1m ; retry
1m ; exp 1m ; exp
1m ; ttl 1m ; ttl
) )
cluster. IN A 192.168.123.241 control.cluster. IN A 192.168.123.1
control.cluster. IN A 192.168.123.1
private.cluster. IN A 192.168.123.241 ns1.cluster. IN A 192.168.123.241
IN TXT "private dns" ns2.cluster. IN A 192.168.123.240
public.cluster. IN NS public.cluster.
IN A 192.168.123.240 public.cluster. IN NS ns2.cluster.
private.cluster. IN A 192.168.123.241
whoami.private.cluster. IN CNAME private.cluster.
db.public.cluster: |- db.public.cluster: |-
$TTL 1m $TTL 1m
$ORIGIN public.cluster. $ORIGIN public.cluster.
@ IN SOA public.cluster. lacbenedek.gmail.com. ( @ IN SOA ns2.cluster. admin.cluster. (
2025050202 ; serial 2025050302 ; serial
1m ; period 1m ; period
1m ; retry 1m ; retry
1m ; exp 1m ; exp
1m ; ttl 1m ; ttl
) )
public.cluster. IN A 192.168.123.240 ns2.cluster. IN A 192.168.123.240
IN TXT "public dns"
public.cluster. IN A 192.168.123.240
whoami.public.cluster. IN CNAME public.cluster.
--- ---
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
metadata: metadata:
@ -72,37 +81,52 @@ spec:
app: coredns app: coredns
spec: spec:
containers: containers:
- name: coredns - name: coredns-private
image: coredns/coredns image: coredns/coredns
ports: ports:
- containerPort: 53 - containerPort: 53
protocol: UDP protocol: UDP
- containerPort: 53 - containerPort: 53
protocol: TCP protocol: TCP
- containerPort: 54
protocol: UDP
- containerPort: 54
protocol: TCP
args: args:
- -conf=/config/Corefile - -conf=/config/private-Corefile
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: config name: config
readOnly: true readOnly: true
resources: resources:
limits: limits:
cpu: '1000m' cpu: "1000m"
memory: '500Mi' memory: "500Mi"
requests: requests:
cpu: '10m' cpu: "10m"
memory: '10Mi' memory: "10Mi"
- name: coredns-public
image: coredns/coredns
ports:
- containerPort: 54
protocol: UDP
- containerPort: 54
protocol: TCP
args:
- -conf=/config/public-Corefile
volumeMounts:
- mountPath: /config
name: config
readOnly: true
resources:
limits:
cpu: "1000m"
memory: "500Mi"
requests:
cpu: "10m"
memory: "10Mi"
volumes: volumes:
- name: config - name: config
configMap: configMap:
name: config name: config
--- ---
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
@ -130,7 +154,6 @@ spec:
app: coredns app: coredns
--- ---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP kind: IngressRouteUDP
metadata: metadata:
@ -138,14 +161,13 @@ metadata:
namespace: dns namespace: dns
spec: spec:
entryPoints: entryPoints:
- dns-udp-private - dns-udp-private
routes: routes:
- services: - services:
- name: dns - name: dns
port: 53 port: 53
--- ---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP kind: IngressRouteTCP
metadata: metadata:
@ -153,14 +175,13 @@ metadata:
namespace: dns namespace: dns
spec: spec:
entryPoints: entryPoints:
- dns-tcp-private - dns-tcp-private
routes: routes:
- match: HostSNI('*') - match: HostSNI('*')
services: services:
- name: dns - name: dns
port: 53 port: 53
--- ---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP kind: IngressRouteUDP
metadata: metadata:
@ -168,14 +189,13 @@ metadata:
namespace: dns namespace: dns
spec: spec:
entryPoints: entryPoints:
- dns-udp-public - dns-udp-public
routes: routes:
- services: - services:
- name: dns - name: dns
port: 54 port: 54
--- ---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP kind: IngressRouteTCP
metadata: metadata:
@ -183,9 +203,9 @@ metadata:
namespace: dns namespace: dns
spec: spec:
entryPoints: entryPoints:
- dns-tcp-public - dns-tcp-public
routes: routes:
- match: HostSNI('*') - match: HostSNI('*')
services: services:
- name: dns - name: dns
port: 54 port: 54

27
k8s/traefik/values.yml
View File

@ -17,10 +17,35 @@ ports:
web: web:
expose: expose:
default: true default: true
private: true private: false
websecure: websecure:
expose: expose:
default: true default: true
private: false
web-priv:
port: 31080
exposedPort: 80
expose:
default: false
private: true
websecure-priv:
port: 31443
exposedPort: 443
protocol: TCP
allowACMEByPass: false
http3:
enabled: false
forwardedHeaders:
insecure: false
proxyProtocol:
insecure: false
tls:
enabled: true
options: ""
certResolver: ""
domains: []
expose:
default: false
private: true private: true
dns-udp-private: dns-udp-private:
port: 30053 port: 30053

145
k8s/whoami/whoami.yml Normal file
View File

@ -0,0 +1,145 @@
apiVersion: v1
kind: Namespace
metadata:
name: whoami
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: whoami-public
namespace: whoami
spec:
selector:
matchLabels:
app: whoami-public
template:
metadata:
labels:
app: whoami-public
spec:
containers:
- name: whoami-public
image: traefik/whoami
ports:
- containerPort: 80
protocol: TCP
env:
- name: WHOAMI_NAME
value: public
resources:
limits:
cpu: "1000m"
memory: "500Mi"
requests:
cpu: "10m"
memory: "10Mi"
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: whoami-private
namespace: whoami
spec:
selector:
matchLabels:
app: whoami-private
template:
metadata:
labels:
app: whoami-private
spec:
containers:
- name: whoami-private
image: traefik/whoami
ports:
- containerPort: 80
protocol: TCP
env:
- name: WHOAMI_NAME
value: private
resources:
limits:
cpu: "1000m"
memory: "500Mi"
requests:
cpu: "10m"
memory: "10Mi"
---
kind: Service
apiVersion: v1
metadata:
name: whoami-public
namespace: whoami
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: whoami-public
---
kind: Service
apiVersion: v1
metadata:
name: whoami-private
namespace: whoami
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: whoami-private
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
labels:
app: whoami-public
name: whoami-public
namespace: whoami
spec:
ingressClassName: traefik
rules:
- host: whoami.public.cluster
http:
paths:
- backend:
service:
name: whoami-public
port:
number: 80
path: /
pathType: Prefix
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web-priv,websecure-priv
labels:
app: whoami-private
name: whoami-private
namespace: whoami
spec:
ingressClassName: traefik
rules:
- host: whoami.private.cluster
http:
paths:
- backend:
service:
name: whoami-private
port:
number: 80
path: /
pathType: Prefix