ungleich-public/ungleich-k8s
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[knot] describe flow that does not work directly

Browse source
This commit is contained in:
Nico Schottelius 2021-08-08 12:55:08 +02:00
parent 4f9678be3a
commit e6e1e949bf
1 changed files with 101 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

101
apps/knotdns/README.md Normal file
View file

@ -0,0 +1,101 @@
## Authoritative DNS for ungleich
* Zone are stored in git
## Reload mechansim
### Constraints
* If possible stay with the regular/upstream container
* Rebuilding causes a delay and extra work
## Git cloning inside the pod
* It's easy to write a shell script that does git pull && checkzone &&
reload
* Needs ssh keys or token inside the pods
```
git clone https://nico:<TOKEN>@gitea.default.svc.c2.k8s.ooo/nico/ungleich-k8s.git
```
### Flux/git repository
**TL;DR**
This approach does not work because of shortcomings of
kubectl/kustomize.
The idea:
* Flux has native support for git pulling
* In theory, k8s has everything in place
* We could generate a configmap from the DNS files (and a
configuration file!)
* We can checksum that configmap (helm feature or kustomize hashing)
* Triggers a new deployment
* We can add liveliness checks
Testing config:
```
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: dns-zones
namespace: default
spec:
interval: 1m
url: https://code.ungleich.ch/ungleich-intern/ungleich-dns-zones.git
secretRef:
name: https-credentials-dnszones
ref:
branch: master
---
apiVersion: v1
kind: Secret
metadata:
name: https-credentials-dnszones
namespace: default
type: Opaque
stringData:
username: nico
password: .....
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: dns-zone-kustomization
namespace: default
spec:
interval: 1m
path: "./"
prune: true
sourceRef:
kind: GitRepository
name: dns-zones
```
Using:
```
kubectl apply -f gitrepo.yaml
```
**This could do everything** with the right kustomization.yaml inside
the ungleich-dns-zones repository. However there is a problem:
- configmapgenerator cannot use a glob / wildcard
And we have a lot of different zones below the `zones/` directory in
the ungleich-dns-zones repository.
This in theory very elegant approach only worked if there was an
intermediate `kustomize edit add configmap configmapname
--from-file='./zones/*'` in between. However even that would not work,
as it includes dotfiles, as can be seen on
https://github.com/kubernetes-sigs/kustomize/issues/4108