[knot] describe flow that does not work directly
This commit is contained in:
Nico Schottelius
parent
4f9678be3a
commit
e6e1e949bf
|
|
@ -0,0 +1,101 @@
|
|||
## Authoritative DNS for ungleich
|
||||
|
||||
* Zone are stored in git
|
||||
|
||||
## Reload mechansim
|
||||
|
||||
### Constraints
|
||||
|
||||
* If possible stay with the regular/upstream container
|
||||
* Rebuilding causes a delay and extra work
|
||||
|
||||
|
||||
|
||||
## Git cloning inside the pod
|
||||
|
||||
* It's easy to write a shell script that does git pull && checkzone &&
|
||||
reload
|
||||
* Needs ssh keys or token inside the pods
|
||||
|
||||
```
|
||||
git clone https://nico:<TOKEN>@gitea.default.svc.c2.k8s.ooo/nico/ungleich-k8s.git
|
||||
```
|
||||
|
||||
### Flux/git repository
|
||||
|
||||
**TL;DR**
|
||||
|
||||
This approach does not work because of shortcomings of
|
||||
kubectl/kustomize.
|
||||
|
||||
The idea:
|
||||
|
||||
* Flux has native support for git pulling
|
||||
* In theory, k8s has everything in place
|
||||
* We could generate a configmap from the DNS files (and a
|
||||
configuration file!)
|
||||
* We can checksum that configmap (helm feature or kustomize hashing)
|
||||
* Triggers a new deployment
|
||||
* We can add liveliness checks
|
||||
|
||||
|
||||
Testing config:
|
||||
|
||||
```
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: dns-zones
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 1m
|
||||
url: https://code.ungleich.ch/ungleich-intern/ungleich-dns-zones.git
|
||||
secretRef:
|
||||
name: https-credentials-dnszones
|
||||
ref:
|
||||
branch: master
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: https-credentials-dnszones
|
||||
namespace: default
|
||||
type: Opaque
|
||||
stringData:
|
||||
username: nico
|
||||
password: .....
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: dns-zone-kustomization
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 1m
|
||||
path: "./"
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: dns-zones
|
||||
```
|
||||
|
||||
Using:
|
||||
|
||||
```
|
||||
kubectl apply -f gitrepo.yaml
|
||||
```
|
||||
|
||||
**This could do everything** with the right kustomization.yaml inside
|
||||
the ungleich-dns-zones repository. However there is a problem:
|
||||
|
||||
- configmapgenerator cannot use a glob / wildcard
|
||||
|
||||
And we have a lot of different zones below the `zones/` directory in
|
||||
the ungleich-dns-zones repository.
|
||||
|
||||
This in theory very elegant approach only worked if there was an
|
||||
intermediate `kustomize edit add configmap configmapname
|
||||
--from-file='./zones/*'` in between. However even that would not work,
|
||||
as it includes dotfiles, as can be seen on
|
||||
|
||||
https://github.com/kubernetes-sigs/kustomize/issues/4108
|
||||
Loading…
Reference in New Issue