dowerx/cluster-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

split dns

Browse Source
This commit is contained in:
BENEDEK László 2025-05-03 21:18:22 +02:00
parent b51b01702f
commit 7555e214a5
3 changed files with 243 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
k8s/coredns/coredns.yml
View File

@ -4,58 +4,67 @@ metadata:
name: dns
---
kind: ConfigMap
apiVersion: v1
metadata:
name: config
namespace: dns
data:
Corefile: |-
private-Corefile: |-
.:53 {
log
errors
log . "private: {remote}:{port} - {>id} {>opcode} {>name} {>type} {>proto}"
debug
file /config/db.cluster
}
public.cluster. {
forward . 192.168.123.240
}
public-Corefile: |-
.:54 {
log
errors
log . "public: {remote}:{port} - {>id} {>opcode} {>name} {>type} {>proto}"
debug
file /config/db.public.cluster
}
db.cluster: |-
$TTL 1m
$ORIGIN cluster.
@ IN SOA cluster. lacbenedek.gmail.com. (
2025050202 ; serial
@ IN SOA ns1.cluster. admin.cluster. (
2025050302 ; serial
1m ; period
1m ; retry
1m ; exp
1m ; ttl
)
cluster. IN A 192.168.123.241
control.cluster. IN A 192.168.123.1
ns1.cluster. IN A 192.168.123.241
ns2.cluster. IN A 192.168.123.240
public.cluster. IN NS ns2.cluster.
private.cluster. IN A 192.168.123.241
IN TXT "private dns"
public.cluster. IN NS public.cluster.
IN A 192.168.123.240
whoami.private.cluster. IN CNAME private.cluster.
db.public.cluster: |-
$TTL 1m
$ORIGIN public.cluster.
@ IN SOA public.cluster. lacbenedek.gmail.com. (
2025050202 ; serial
@ IN SOA ns2.cluster. admin.cluster. (
2025050302 ; serial
1m ; period
1m ; retry
1m ; exp
1m ; ttl
)
ns2.cluster. IN A 192.168.123.240
public.cluster. IN A 192.168.123.240
IN TXT "public dns"
whoami.public.cluster. IN CNAME public.cluster.
---
kind: Deployment
apiVersion: apps/v1
metadata:
@ -72,37 +81,52 @@ spec:
app: coredns
spec:
containers:
- name: coredns
- name: coredns-private
image: coredns/coredns
ports:
- containerPort: 53
protocol: UDP
- containerPort: 53
protocol: TCP
- containerPort: 54
protocol: UDP
- containerPort: 54
protocol: TCP
args:
- -conf=/config/Corefile
- -conf=/config/private-Corefile
volumeMounts:
- mountPath: /config
name: config
readOnly: true
resources:
limits:
cpu: '1000m'
memory: '500Mi'
cpu: "1000m"
memory: "500Mi"
requests:
cpu: '10m'
memory: '10Mi'
cpu: "10m"
memory: "10Mi"
- name: coredns-public
image: coredns/coredns
ports:
- containerPort: 54
protocol: UDP
- containerPort: 54
protocol: TCP
args:
- -conf=/config/public-Corefile
volumeMounts:
- mountPath: /config
name: config
readOnly: true
resources:
limits:
cpu: "1000m"
memory: "500Mi"
requests:
cpu: "10m"
memory: "10Mi"
volumes:
- name: config
configMap:
name: config
---
kind: Service
apiVersion: v1
metadata:
@ -130,7 +154,6 @@ spec:
app: coredns
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
@ -145,7 +168,6 @@ spec:
port: 53
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
@ -160,7 +182,6 @@ spec:
- name: dns
port: 53
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
@ -175,7 +196,6 @@ spec:
port: 54
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:

27
k8s/traefik/values.yml
View File

@ -17,10 +17,35 @@ ports:
web:
expose:
default: true
private: true
private: false
websecure:
expose:
default: true
private: false
web-priv:
port: 31080
exposedPort: 80
expose:
default: false
private: true
websecure-priv:
port: 31443
exposedPort: 443
protocol: TCP
allowACMEByPass: false
http3:
enabled: false
forwardedHeaders:
insecure: false
proxyProtocol:
insecure: false
tls:
enabled: true
options: ""
certResolver: ""
domains: []
expose:
default: false
private: true
dns-udp-private:
port: 30053

145
k8s/whoami/whoami.yml Normal file
View File

@ -0,0 +1,145 @@
apiVersion: v1
kind: Namespace
metadata:
name: whoami
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: whoami-public
namespace: whoami
spec:
selector:
matchLabels:
app: whoami-public
template:
metadata:
labels:
app: whoami-public
spec:
containers:
- name: whoami-public
image: traefik/whoami
ports:
- containerPort: 80
protocol: TCP
env:
- name: WHOAMI_NAME
value: public
resources:
limits:
cpu: "1000m"
memory: "500Mi"
requests:
cpu: "10m"
memory: "10Mi"
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: whoami-private
namespace: whoami
spec:
selector:
matchLabels:
app: whoami-private
template:
metadata:
labels:
app: whoami-private
spec:
containers:
- name: whoami-private
image: traefik/whoami
ports:
- containerPort: 80
protocol: TCP
env:
- name: WHOAMI_NAME
value: private
resources:
limits:
cpu: "1000m"
memory: "500Mi"
requests:
cpu: "10m"
memory: "10Mi"
---
kind: Service
apiVersion: v1
metadata:
name: whoami-public
namespace: whoami
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: whoami-public
---
kind: Service
apiVersion: v1
metadata:
name: whoami-private
namespace: whoami
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: whoami-private
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
labels:
app: whoami-public
name: whoami-public
namespace: whoami
spec:
ingressClassName: traefik
rules:
- host: whoami.public.cluster
http:
paths:
- backend:
service:
name: whoami-public
port:
number: 80
path: /
pathType: Prefix
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web-priv,websecure-priv
labels:
app: whoami-private
name: whoami-private
namespace: whoami
spec:
ingressClassName: traefik
rules:
- host: whoami.private.cluster
http:
paths:
- backend:
service:
name: whoami-private
port:
number: 80
path: /
pathType: Prefix