all repos — infra @ fe4e1663705e00f04340ca4f18cde91a435f6f92

infrastructure manifests and setup notes

dns: rewrite dav.koti.lan to radicale
Anirudh Oppiliappan x@icyphox.sh
Tue, 02 Jul 2024 00:29:27 +0300
commit

fe4e1663705e00f04340ca4f18cde91a435f6f92

parent

818cff80fbe70014fd5d1f1c3449550415b2a21b

3 files changed, 150 insertions(+), 0 deletions(-)

jump to
A apps/coredns/coredns.yaml

@@ -0,0 +1,139 @@

+apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: kube-dns + kubernetes.io/name: CoreDNS + name: coredns + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: kube-dns + template: + metadata: + labels: + k8s-app: kube-dns + spec: + containers: + - args: + - -conf + - /etc/coredns/Corefile + image: coredns/coredns:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: coredns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: 8181 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/coredns + name: config-volume + readOnly: true + - mountPath: /etc/coredns/custom + name: custom-config-volume + readOnly: true + dnsPolicy: Default + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + restartPolicy: Always + serviceAccount: coredns + serviceAccountName: coredns + volumes: + - configMap: + defaultMode: 420 + items: + - key: Corefile + path: Corefile + - key: NodeHosts + path: NodeHosts + name: coredns + name: config-volume + - configMap: + defaultMode: 420 + name: coredns-custom + optional: true + name: custom-config-volume +--- +apiVersion: v1 +data: + Corefile: | + .:53 { + errors + health + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + } + hosts /etc/coredns/NodeHosts { + ttl 60 + reload 15s + fallthrough + } + prometheus :9153 + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + import /etc/coredns/custom/*.override + + } + + koti.lan:53 { + kubernetes koti.lan + + rewrite name dav.koti.lan radicale.default.svc.koti.lan + } + + import /etc/coredns/custom/*.server + NodeHosts: | + 100.85.88.64 sini +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system
A apps/coredns/tailscale.yaml

@@ -0,0 +1,10 @@

+apiVersion: tailscale.com/v1alpha1 +kind: Connector +metadata: + name: ts-pod-cidrs +spec: + hostname: ts-pod-cidrs + subnetRouter: + advertiseRoutes: + - "10.43.0.0/16" +
M metallb/metallb.yamlmetallb/metallb.yaml

@@ -6,6 +6,7 @@ namespace: metallb-system

spec: addresses: - 100.85.88.64/32 + - 100.85.88.65/32 --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement