Enable IPv6 support for K8s
Enable DNS over IPv6 and TCP to comply with isnic Provision k3s CA Make Atlas a k8s agent instead of server
This commit is contained in:
parent
0c0882fe20
commit
998e01ae8c
20 changed files with 633 additions and 62 deletions
|
|
@ -51,27 +51,52 @@ in
|
|||
metadata.labels.app = "bind9";
|
||||
|
||||
spec = {
|
||||
containers.bind9 = {
|
||||
image = "ubuntu/bind9:9.18-22.04_beta";
|
||||
envFrom = [{ configMapRef.name = "bind9-env"; }];
|
||||
containers = {
|
||||
bind9-udp = {
|
||||
image = "ubuntu/bind9:9.18-22.04_beta";
|
||||
envFrom = [{ configMapRef.name = "bind9-env"; }];
|
||||
|
||||
ports.dns = {
|
||||
containerPort = 53;
|
||||
protocol = "UDP";
|
||||
ports.dns-udp = {
|
||||
containerPort = 53;
|
||||
protocol = "UDP";
|
||||
};
|
||||
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/bind/named.conf";
|
||||
subPath = "config";
|
||||
}
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/bind/kun.is.zone";
|
||||
subPath = "kunis-zone";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/bind/named.conf";
|
||||
subPath = "config";
|
||||
}
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/bind/kun.is.zone";
|
||||
subPath = "kunis-zone";
|
||||
}
|
||||
];
|
||||
bind9-tcp = {
|
||||
image = "ubuntu/bind9:9.18-22.04_beta";
|
||||
envFrom = [{ configMapRef.name = "bind9-env"; }];
|
||||
|
||||
ports.dns-tcp = {
|
||||
containerPort = 53;
|
||||
protocol = "TCP";
|
||||
};
|
||||
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/bind/named.conf";
|
||||
subPath = "config";
|
||||
}
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/bind/kun.is.zone";
|
||||
subPath = "kunis-zone";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
volumes = [{
|
||||
|
|
@ -83,15 +108,45 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.bind9.spec = {
|
||||
type = "LoadBalancer";
|
||||
loadBalancerIP = myLib.globals.bind9IPv4;
|
||||
selector.app = "bind9";
|
||||
services = {
|
||||
bind9-udp = {
|
||||
metadata.annotations = {
|
||||
"metallb.universe.tf/loadBalancerIPs" = "${myLib.globals.bind9IPv4},${myLib.globals.bind9Ipv6}";
|
||||
"metallb.universe.tf/allow-shared-ip" = "dns";
|
||||
};
|
||||
|
||||
ports.dns = {
|
||||
port = 53;
|
||||
targetPort = "dns";
|
||||
protocol = "UDP";
|
||||
spec = {
|
||||
type = "LoadBalancer";
|
||||
selector.app = "bind9";
|
||||
ipFamilies = [ "IPv4" "IPv6" ];
|
||||
ipFamilyPolicy = "RequireDualStack";
|
||||
|
||||
ports.dns = {
|
||||
port = 53;
|
||||
targetPort = "dns-udp";
|
||||
protocol = "UDP";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
bind9-tcp = {
|
||||
metadata.annotations = {
|
||||
"metallb.universe.tf/loadBalancerIPs" = "${myLib.globals.bind9IPv4},${myLib.globals.bind9Ipv6}";
|
||||
"metallb.universe.tf/allow-shared-ip" = "dns";
|
||||
};
|
||||
|
||||
spec = {
|
||||
type = "LoadBalancer";
|
||||
selector.app = "bind9";
|
||||
ipFamilies = [ "IPv4" "IPv6" ];
|
||||
ipFamilyPolicy = "RequireDualStack";
|
||||
|
||||
ports.dns = {
|
||||
port = 53;
|
||||
targetPort = "dns-tcp";
|
||||
protocol = "TCP";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ myLib: dns: with dns.lib.combinators; {
|
|||
|
||||
SOA = {
|
||||
nameServer = "ns1";
|
||||
adminEmail = "webmaster@kun.is";
|
||||
serial = 2024041300;
|
||||
adminEmail = "webmaster.kun.is";
|
||||
serial = 2024041301;
|
||||
};
|
||||
|
||||
NS = [
|
||||
|
|
@ -23,7 +23,7 @@ myLib: dns: with dns.lib.combinators; {
|
|||
subdomains = rec {
|
||||
"*".A = [ myLib.globals.routerPublicIPv4 ];
|
||||
|
||||
ns.A = [ myLib.globals.routerPublicIPv4 ];
|
||||
ns = host myLib.globals.routerPublicIPv4 myLib.globals.bind9Ipv6;
|
||||
ns1 = ns;
|
||||
ns2 = ns;
|
||||
|
||||
|
|
|
|||
Reference in a new issue