diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..033943a --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v2 +name: node-local-dns +description: NodeLocal DNS Cache +version: 1.0.0 +appVersion: 1.15.13 +keywords: + - node + - dns + - cache +sources: + - https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/nodelocaldns +maintainers: + - name: valerius257 + email: valerius257@gmail.com diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..859203d --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "node-local-dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "node-local-dns.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "node-local-dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "node-local-dns.labels" -}} +helm.sh/chart: {{ include "node-local-dns.chart" . }} +{{ include "node-local-dns.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "node-local-dns.selectorLabels" -}} +app.kubernetes.io/name: {{ include "node-local-dns.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "node-local-dns.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "node-local-dns.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/templates/configmap.yaml b/templates/configmap.yaml new file mode 100644 index 0000000..3334e59 --- /dev/null +++ b/templates/configmap.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "node-local-dns.fullname" . }} + labels: + {{- include "node-local-dns.labels" . | nindent 4 }} +data: + Corefile: | + {{ .Values.config.clusterDomain }}:53 { + errors + cache { + success 9984 30 + denial 9984 5 + } + reload + loop + bind {{ .Values.config.localDnsIp }} {{ .Values.config.kubeDnsSvcIp }} + {{- if .Values.config.upstreamDnsUseTcp }} + forward . {{ .Values.config.nodeLocalSvcIp }} { + force_tcp + } + {{ else }} + forward . {{ .Values.config.nodeLocalSvcIp }} + {{- end }} + prometheus :9253 + health :8080 + } + in-addr.arpa:53 { + errors + cache 30 + reload + loop + bind {{ .Values.config.localDnsIp }} {{ .Values.config.kubeDnsSvcIp }} + {{- if .Values.config.upstreamDnsUseTcp }} + forward . {{ .Values.config.nodeLocalSvcIp }} { + force_tcp + } + {{ else }} + forward . {{ .Values.config.nodeLocalSvcIp }} + {{- end }} + prometheus :9253 + } + ip6.arpa:53 { + errors + cache 30 + reload + loop + bind {{ .Values.config.localDnsIp }} {{ .Values.config.kubeDnsSvcIp }} + {{- if .Values.config.upstreamDnsUseTcp }} + forward . {{ .Values.config.nodeLocalSvcIp }} { + force_tcp + } + {{ else }} + forward . {{ .Values.config.nodeLocalSvcIp }} + {{- end }} + prometheus :9253 + } + .:53 { + errors + cache 30 + reload + loop + bind {{ .Values.config.localDnsIp }} {{ .Values.config.kubeDnsSvcIp }} + {{- if .Values.config.upstreamDnsUseTcp }} + forward . {{ .Values.config.upstreamDns }} { + force_tcp + } + {{ else }} + forward . {{ .Values.config.upstreamDns }} + {{- end }} + prometheus :9253 + } diff --git a/templates/daemonset.yaml b/templates/daemonset.yaml new file mode 100644 index 0000000..4880c64 --- /dev/null +++ b/templates/daemonset.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "node-local-dns.fullname" . }} + labels: + {{- include "node-local-dns.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "node-local-dns.selectorLabels" . | nindent 6 }} + updateStrategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + template: + metadata: + annotations: + checksum/configmaps: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "node-local-dns.selectorLabels" . | nindent 8 }} + spec: + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + serviceAccountName: {{ include "node-local-dns.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + priorityClassName: {{ .Values.priorityClassName }} + hostNetwork: {{ .Values.useHostNetwork }} + dnsPolicy: Default + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - -localip + - "{{ .Values.config.localDnsIp }},{{ .Values.config.kubeDnsSvcIp }}" + - -conf + - /etc/Corefile + - -upstreamsvc + - {{ include "node-local-dns.fullname" . }}-upstream + ports: + - name: dns-udp + containerPort: 53 + protocol: UDP + - name: dns-tcp + containerPort: 53 + protocol: TCP + - name: metrics + containerPort: 9253 + protocol: TCP + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - name: kube-dns-config + mountPath: /etc/kube-dns + - name: config + mountPath: /etc/coredns + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + volumes: + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + - name: kube-dns-config + configMap: + name: kube-dns + optional: true + - name: config + configMap: + name: {{ include "node-local-dns.fullname" . }} + items: + - key: Corefile + path: Corefile.base diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..daf9d63 --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "node-local-dns.fullname" . }}-upstream + labels: + {{- include "node-local-dns.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + {{- if ne .Values.config.nodeLocalSvcIp "__PILLAR__CLUSTER__DNS__" }} + clusterIP: {{ .Values.config.nodeLocalSvcIp }} + {{- end }} + ports: + - name: dns-udp + port: {{ .Values.service.udpPort }} + targetPort: 53 + protocol: UDP + - name: dns-tcp + port: {{ .Values.service.tcpPort }} + targetPort: 53 + protocol: TCP + selector: + {{- toYaml .Values.service.upstreamSelector | nindent 4 }} diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 0000000..324aa66 --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-local-dns.serviceAccountName" . }} + labels: + {{- include "node-local-dns.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..188d749 --- /dev/null +++ b/values.yaml @@ -0,0 +1,73 @@ +--- +image: + repository: k8s.gcr.io/k8s-dns-node-cache + pullPolicy: IfNotPresent + tag: 1.15.13 + +imagePullSecrets: [] + +config: + clusterDomain: cluster.local + localDnsIp: 169.254.20.10 + kubeDnsSvcIp: 10.100.0.10 + nodeLocalSvcIp: __PILLAR__CLUSTER__DNS__ # random IP, could be changed to static + upstreamDns: __PILLAR__UPSTREAM__SERVERS__ # defaults to /etc/resolv.conf + upstreamDnsUseTcp: false + +useHostNetwork: true + +service: + type: ClusterIP + udpPort: 53 + tcpPort: 53 + upstreamSelector: + k8s-app: kube-dns + +updateStrategy: + rollingUpdate: + maxUnavailable: 10% + +priorityClassName: system-node-critical +podAnnotations: {} +podSecurityContext: {} + +securityContext: + privileged: true + +livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + +readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 10 + timeoutSeconds: 5 + +serviceAccount: + create: true + annotations: {} + name: "" + +nodeSelector: {} +affinity: {} + +tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + +resources: + requests: + cpu: 25m + memory: 5Mi + limits: + cpu: 50m + memory: 20Mi