From e6e1e949bf8090dc55277bde3e0c84a8ae0933c3 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sun, 8 Aug 2021 12:55:08 +0200 Subject: [PATCH] [knot] describe flow that does not work directly --- apps/knotdns/README.md | 101 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 apps/knotdns/README.md diff --git a/apps/knotdns/README.md b/apps/knotdns/README.md new file mode 100644 index 0000000..5a88545 --- /dev/null +++ b/apps/knotdns/README.md @@ -0,0 +1,101 @@ +## Authoritative DNS for ungleich + +* Zone are stored in git + +## Reload mechansim + +### Constraints + +* If possible stay with the regular/upstream container + * Rebuilding causes a delay and extra work + + + +## Git cloning inside the pod + +* It's easy to write a shell script that does git pull && checkzone && + reload +* Needs ssh keys or token inside the pods + +``` +git clone https://nico:@gitea.default.svc.c2.k8s.ooo/nico/ungleich-k8s.git +``` + +### Flux/git repository + +**TL;DR** + +This approach does not work because of shortcomings of +kubectl/kustomize. + +The idea: + +* Flux has native support for git pulling +* In theory, k8s has everything in place +* We could generate a configmap from the DNS files (and a + configuration file!) +* We can checksum that configmap (helm feature or kustomize hashing) +* Triggers a new deployment +* We can add liveliness checks + + +Testing config: + +``` +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: dns-zones + namespace: default +spec: + interval: 1m + url: https://code.ungleich.ch/ungleich-intern/ungleich-dns-zones.git + secretRef: + name: https-credentials-dnszones + ref: + branch: master +--- +apiVersion: v1 +kind: Secret +metadata: + name: https-credentials-dnszones + namespace: default +type: Opaque +stringData: + username: nico + password: ..... +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: dns-zone-kustomization + namespace: default +spec: + interval: 1m + path: "./" + prune: true + sourceRef: + kind: GitRepository + name: dns-zones +``` + +Using: + +``` +kubectl apply -f gitrepo.yaml +``` + +**This could do everything** with the right kustomization.yaml inside +the ungleich-dns-zones repository. However there is a problem: + +- configmapgenerator cannot use a glob / wildcard + +And we have a lot of different zones below the `zones/` directory in +the ungleich-dns-zones repository. + +This in theory very elegant approach only worked if there was an +intermediate `kustomize edit add configmap configmapname +--from-file='./zones/*'` in between. However even that would not work, +as it includes dotfiles, as can be seen on + +https://github.com/kubernetes-sigs/kustomize/issues/4108