feat(dns): Add basic dns setup to flux

This patch moves an existing "wild" deployment into the version controlled space. It's currently very simple and provides only the pure basics, but it MVP is good enough.

feat(dns): Add basic dns setup to flux
3a94a7d2 · Sheogorath · 416ecc4c · 3a94a7d2 · 3a94a7d2 · 3a94a7d2
Verified Commit 3a94a7d2 authored 3 years ago by Sheogorath
--- a/apps/k8s01/dns/dns.yaml
+++ b/apps/k8s01/dns/dns.yaml
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: resolver
+  labels:
+    app: resolver
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: resolver
+  template:
+    metadata:
+      labels:
+        app: resolver
+    spec:
+      containers:
+        - name: dns-over-httpd
+          image: quay.io/sheogorath/doh:latest
+          env:
+            - name: UPSTREAM_NAME
+              value: localhost4
+          ports:
+            - containerPort: 8053
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 100m
+              memory: 256Mi
+        - name: named
+          image: docker.io/secns/unbound:latest
+          env:
+            - name: CACHE_MIN_TTL
+              value: "300"
+            - name: PREFETCH
+              value: "yes"
+          ports:
+            - containerPort: 53
+              protocol: TCP
+            - containerPort: 53
+              protocol: UDP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 100m
+              memory: 256Mi
+          volumeMounts:
+            - name: unbound-chroot
+              mountPath: /usr/local/etc/unbound/conf.d/
+              readOnly: true
+        # - name: unbound-exporter
+        #   image: ghcr.io/leoquote/unbound_exporter:main
+        #   ports:
+        #     - name: metrics
+        #       containerPort: 9167
+        #       protocol: TCP
+        #   resources:
+        #     requests:
+        #       cpu: 100m
+        #       memory: 64Mi
+        #     limits:
+        #       cpu: 100m
+        #       memory: 64Mi
+      volumes:
+        - name: unbound-chroot
+          configMap:
+            name: unbound-chroot
+      automountServiceAccountToken: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dns53-tcp
+  annotations:
+    metallb.universe.tf/allow-shared-ip: "dns"
+spec:
+  type: LoadBalancer
+  selector:
+    app: resolver
+  ports:
+    - name: dns53tcp
+      protocol: TCP
+      port: 53
+      targetPort: 53
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dns53-udp
+  annotations:
+    metallb.universe.tf/allow-shared-ip: "dns"
+spec:
+  type: LoadBalancer
+  selector:
+    app: resolver
+  ports:
+    - name: dns53udp
+      protocol: UDP
+      port: 53
+      targetPort: 53
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dns-over-http
+spec:
+  selector:
+    app: resolver
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8053
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: unbound-chroot
+data:
+  chroot.conf: |
+    server:
+      chroot: ""
+      extended-statistics: yes
+    remote-control:
+      control-enable: yes
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: dns-pdb
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app: resolver
--- a/apps/k8s01/dns/kustomization.yaml
+++ b/apps/k8s01/dns/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: dns
+resources:
+  - namespace.yaml
+  - dns.yaml
+  - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
+  - ../../../shared/resourcequotas/default.yaml
--- a/apps/k8s01/dns/namespace.yaml
+++ b/apps/k8s01/dns/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dns
+  labels:
+    name: dns