vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Sébastien Huss
2023-07-14 11:51:07 +02:00
commit 284dc650c4
101 changed files with 8629 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
share/dns/apps_v1_Deployment_coredns-coredns.yaml Normal file
View File

@@ -0,0 +1,89 @@
# Source: coredns/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns-coredns
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.24.1"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
app.kubernetes.io/name: coredns
app.kubernetes.io/version: "1.10.1"
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
selector:
matchLabels:
app.kubernetes.io/instance: "coredns"
k8s-app: coredns
app.kubernetes.io/name: coredns
template:
metadata:
labels:
k8s-app: coredns
app.kubernetes.io/name: coredns
app.kubernetes.io/instance: "coredns"
annotations:
checksum/config: 2c80ea26dcf7cd4d57c4ccbe0561210d06f8e048704a7edb5c495e4e2d60999d
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: coredns-coredns
dnsPolicy: Default
containers:
- name: "coredns"
image: "coredns/coredns:1.10.1"
imagePullPolicy: IfNotPresent
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
ports:
- {"containerPort":53,"name":"udp-53","protocol":"UDP"}
- {"containerPort":53,"name":"tcp-53","protocol":"TCP"}
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
volumes:
- name: config-volume
configMap:
name: coredns-coredns
items:
- key: Corefile
path: Corefile

52
share/dns/config.tf Normal file
View File

@@ -0,0 +1,52 @@
locals {
begin-core = <<-EOF
.:53 {
errors {
consolidate 5m ".* i/o timeout$" warning
consolidate 30s "^Failed to .+"
}
health {
lameduck 5s
}
ready
EOF
end-core = <<-EOF
}
EOF
soa-ns = <<-EOF
@ IN SOA ${var.sub-domain}.${var.domain-name}. ${var.domain-name}. (
${formatdate("YYYYMMDDhh",timestamp())} ; Serial
4H ; Refresh
1H ; Retry
7D ; Expire
4H ) ; Negative Cache TTL
@ IN NS ${var.sub-domain}.${var.domain-name}.
EOF
files = merge({
"Corefile" = join("", concat([local.begin-core],[for z in var.zones: format("file /etc/coredns/%s.db %s", z.name,z.name)],[local.end-core]))
},[for z in var.zones: {
"${z.name}" = join("\n", concat([
"$TTL 60",
"$ORIGIN ${z.name}.",
local.soa-ns
],
[for k,v in z.hosts: format("%s IN A %s", k, v)],
[for k,v in z.hosts6: format("%s IN AAAA %s", k, v)],
[for k,v in z.alias: format("%s IN CNAME %s", k, v)],
z.wildcard!=""?[format("*.%s. IN A %s", z.name, z.wildcard)]:[],
z.wildcard6!=""?[format("*.%s. IN AAAA %s", z.namz, z.wildcard6)]:[],
))
}]...)
}
resource "kubectl_manifest" "coredns-config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data: ${jsonencode(local.files)}
EOF
}

53
share/dns/datas.tf Normal file
View File

@@ -0,0 +1,53 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
items = concat([{
"key" = "Corefile"
"path" = "Corefile"
}],[for z in var.zones: {
"key" = z.name
"path" = z.name
}])
}
data "kustomization_overlay" "data" {
namespace = var.namespace
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
name = "coredns/coredns"
new_name = "${var.image.registry}/${var.image.repository}"
new_tag = "${var.image.tag}"
}
patches {
target {
kind = "Deployment"
name = "coredns-coredns"
}
patch = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns-coredns
spec:
template:
spec:
containers:
- name: coredns
image: "${var.image.registry}/${var.image.repository}:${var.image.tag}"
imagePullPolicy: "${var.image.pullPolicy}"
volumes:
- name: config-volume
configMap:
name: "${var.component}-${var.instance}"
items: ${jsonencode(local.items)}
EOF
}
}

84
share/dns/index.yaml Normal file
View File

@@ -0,0 +1,84 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: share
metadata:
name: dns
description: null
options:
domain:
default: your-company
examples:
- your-company
type: string
sub-domain:
default: dns
examples:
- dns
type: string
zones:
default: []
items:
properties:
alias:
default: {}
type: object
hosts:
default: {}
type: object
hosts6:
default: {}
type: object
name:
default: local.domain
type: string
wildcard:
default: ''
type: string
wildcard6:
default: ''
type: string
type: object
type: array
image:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: coredns/coredns
tag: 1.10.1
examples:
- pullPolicy: IfNotPresent
registry: docker.io
repository: coredns/coredns
tag: 1.10.1
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: coredns/coredns
type: string
tag:
default: 1.10.1
type: string
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: null
postgresql: null
restapi: null
http: null

21
share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns-coredns.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Source: coredns/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: coredns-coredns
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.24.1"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
app.kubernetes.io/name: coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: coredns-coredns
subjects:
- kind: ServiceAccount
name: coredns-coredns
namespace: vynil-infra

31
share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns-coredns.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Source: coredns/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: coredns-coredns
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.24.1"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
app.kubernetes.io/name: coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch

13
share/dns/v1_ServiceAccount_coredns-coredns.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: coredns/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns-coredns
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.24.1"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
app.kubernetes.io/name: coredns

26
share/dns/v1_Service_coredns-coredns-metrics.yaml Normal file
View File

@@ -0,0 +1,26 @@
# Source: coredns/templates/service-metrics.yaml
apiVersion: v1
kind: Service
metadata:
name: coredns-coredns-metrics
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.24.1"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
app.kubernetes.io/name: coredns
app.kubernetes.io/component: metrics
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
spec:
selector:
app.kubernetes.io/instance: "coredns"
k8s-app: coredns
app.kubernetes.io/name: coredns
ports:
- name: metrics
port: 9153
targetPort: 9153

22
share/dns/v1_Service_coredns-coredns.yaml Normal file
View File

@@ -0,0 +1,22 @@
# Source: coredns/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: coredns-coredns
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.24.1"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
app.kubernetes.io/name: coredns
spec:
selector:
app.kubernetes.io/instance: "coredns"
k8s-app: coredns
app.kubernetes.io/name: coredns
ports:
- {"name":"udp-53","port":53,"protocol":"UDP"}
- {"name":"tcp-53","port":53,"protocol":"TCP"}
type: LoadBalancer