diff --git a/manifests/bind9/base/Deployment.yaml b/manifests/bind9/base/Deployment.yaml index 5490995..70cd92f 100644 --- a/manifests/bind9/base/Deployment.yaml +++ b/manifests/bind9/base/Deployment.yaml @@ -4,27 +4,27 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app.kubernetes.io/component: bind9 - app.kubernetes.io/name: dns - name: dns + app.kubernetes.io/name: bind + app.kubernetes.io/part-of: bind + name: bind spec: selector: matchLabels: - app.kubernetes.io/component: bind9 - app.kubernetes.io/name: dns + app.kubernetes.io/name: bind + app.kubernetes.io/part-of: bind replicas: 1 minReadySeconds: 10 template: metadata: labels: - app.kubernetes.io/component: bind9 - app.kubernetes.io/name: dns + app.kubernetes.io/name: bind + app.kubernetes.io/part-of: bind spec: terminationGracePeriodSeconds: 10 affinity: {} containers: - - name: dns + - name: bind image: nofusscomputing/bind:dev resources: limits: @@ -37,32 +37,35 @@ spec: ports: - containerPort: 53 name: dns-tcp - protocol: tcp + protocol: TCP - containerPort: 53 name: dns-udp - protocol: udp + protocol: UDP volumeMounts: - name: data mountPath: /etc/bind/conf.d/external - subPath: /git/conf/conf.d/external - - name: /git/conf/conf.d/internal + subPath: git/conf/conf.d/external + - name: data + mountPath: /etc/bind/conf.d/acl + subPath: git/conf/conf.d/acl + - name: data mountPath: /etc/bind/conf.d/internal - subPath: /git/conf/conf.d/internal + subPath: git/conf/conf.d/internal - name: data mountPath: /var/bind/dyn - subPath: /git/zones/dyn + subPath: git/zones/dyn - name: data mountPath: /var/bind/pri - subPath: /git/zones/pri + subPath: git/zones/pri - name: data mountPath: /var/bind/sec - subPath: /git/zones/sec + subPath: git/zones/sec - mountPath: /var/log name: data - subPath: /logs + subPath: logs priorityClassName: cluster-low tolerations: [] diff --git a/manifests/bind9/base/PVC-bind.yaml b/manifests/bind9/base/PVC-bind.yaml index d055243..f48a728 100644 --- a/manifests/bind9/base/PVC-bind.yaml +++ b/manifests/bind9/base/PVC-bind.yaml @@ -3,8 +3,8 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: - app.kubernetes.io/component: bind9 - app.kubernetes.io/name: dns + app.kubernetes.io/name: bind + app.kubernetes.io/part-of: bind name: bind spec: volumeMode: Filesystem diff --git a/manifests/bind9/base/Service-bind.yaml b/manifests/bind9/base/Service-bind.yaml index 824ba2f..b92fa91 100644 --- a/manifests/bind9/base/Service-bind.yaml +++ b/manifests/bind9/base/Service-bind.yaml @@ -4,18 +4,18 @@ kind: Service metadata: name: bind labels: - app.kubernetes.io/component: bind9 - app.kubernetes.io/name: dns + app.kubernetes.io/name: bind + app.kubernetes.io/part-of: bind spec: selector: - app.kubernetes.io/component: bind9 - app.kubernetes.io/name: dns + app.kubernetes.io/name: bind + app.kubernetes.io/part-of: bind ports: - name: tcp port: 53 - protcol: tcp + protocol: TCP targetPort: dns-tcp - name: udp port: 53 - protocol: udp + protocol: UDP targetPort: dns-udp diff --git a/manifests/bind9/components/extra-conf/Deployment.yaml b/manifests/bind9/components/extra-conf/Deployment.yaml new file mode 100644 index 0000000..eeb3915 --- /dev/null +++ b/manifests/bind9/components/extra-conf/Deployment.yaml @@ -0,0 +1,48 @@ +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bind +spec: + template: + + spec: + + initContainers: + + - name: extra-conf + image: alpine:3.23.2 + command: + - sh + - -c + - | + echo "Start init"; + rm -frv /etc/bind/conf.d/extra/*; + cp -frv /etc-bind-extra/* /etc/bind/conf.d/extra/; + + resources: + limits: + cpu: 150m + memory: 500Mi + requests: + cpu: 50m + memory: 150Mi + + volumeMounts: + + - name: data + mountPath: /etc/bind/conf.d/extra + subPath: extra/ + + - name: rndc + mountPath: "/etc-bind-extra/rndc.conf" + subPath: rndc.conf + + volumes: + - name: rndc + configMap: + name: rndc-conf + items: + - key: "rndc.conf" + path: "rndc.conf" \ No newline at end of file diff --git a/manifests/bind9/components/extra-conf/kustomization.yaml b/manifests/bind9/components/extra-conf/kustomization.yaml new file mode 100644 index 0000000..86ef7d6 --- /dev/null +++ b/manifests/bind9/components/extra-conf/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + + +patches: + + - path: Deployment.yaml diff --git a/manifests/bind9/components/git-ops/Deployment.yaml b/manifests/bind9/components/git-ops/Deployment.yaml index 240fbd9..5825564 100644 --- a/manifests/bind9/components/git-ops/Deployment.yaml +++ b/manifests/bind9/components/git-ops/Deployment.yaml @@ -3,13 +3,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: dns + name: bind spec: template: spec: - initContainers: + containers: - name: git image: alpine:3.23.2 @@ -17,32 +17,98 @@ spec: - sh - -c - | - apk add \ - git \ - openssh-client-default; + echo "Installing pre-reqs....."; - KEY_FILE_NAME="~/.ssh/${SSH_REPOSITORY_OWNER}/${SSH_REPOSITORY_NAME}/deploy"; + apk update; + apk add bind git openssh-client-default; - echo ${SSH_PRIVATE_KEY} > ${SSH_REPOSITORY_NAME}; + export KEY_FILE_PATH=~/.ssh/${SSH_REPOSITORY_OWNER}/${SSH_REPOSITORY_NAME}; - chmod 600 ${SSH_REPOSITORY_NAME}; + chmod 600 ${KEY_FILE_PATH}/deploy; - export GIT_SSH_COMMAND="ssh -i ${KEY_FILE_NAME}"; + export GIT_SSH_COMMAND="ssh -i $KEY_FILE_PATH/deploy"; - if [ -d /data/git/.git ] then + while :; do - git clone -b master ${SSH_REPOSITORY_HOST}/${SSH_REPOSITORY_OWNER}/${SSH_REPOSITORY_NAME}.git /data/git; + echo "Loop Start......"; + + + cd /git; + + chown 0:0 -R /git/.git + + if ssh -T "git@$SSH_REPOSITORY_HOST" -i $KEY_FILE_PATH/deploy; then + + echo "Updating repo on SSH_REPOSITORY_REF=[${SSH_REPOSITORY_REF}]"; + + echo "********************************************"; + + git status; + + echo "********************************************"; + + echo "Checking for repo updates"; + + git fetch -fpvt; + + echo "Git reset...."; + + git reset --hard; + + if [ "${SSH_REPOSITORY_REF:-}" = "tag" ]; then + + echo "'tag' or nothing supplied for variable SSH_REPOSITORY_REF, fetching latest git tag to use."; + + export REPO_NAME_FULL="${SSH_REPOSITORY_HOST}:${SSH_REPOSITORY_OWNER}/${SSH_REPOSITORY_NAME}.git" + + export SSH_REPOSITORY_REF=$(git ls-remote --tags --sort=-v:refname git@${REPO_NAME_FULL} | sed 's#.*/##' | grep -v '\^{}' | head -n 1); + + echo "Using SSH_REPOSITORY_REF=[${SSH_REPOSITORY_REF}]"; + + fi + + git checkout "${SSH_REPOSITORY_REF}"; + + echo "Pulling any changes...."; + + git pull --rebase - else - cd /data/git; + else - git fetch -fpvt; + echo "Not Authenticated, check ssh key. RC=[${?}]"; - git pull --rebase + fi + + + chown 53:53 -R /etc/bind + + chown 53:53 -R /var/bind + + if [ -d /etc/bind/conf.d/extra ]; then + + if [ -f /etc/bind/conf.d/extra/rndc.conf ]; then + + echo "********************************************"; + + echo "Reloading zones....."; + + rndc -4 -k /etc/bind/keys/rndc.key -s 127.0.0.1 -r reload + + echo "********************************************"; + + + fi fi + + echo "Loop Finish."; + + sleep 300 + + done; + env: - name: SSH_PRIVATE_KEY valueFrom: @@ -64,23 +130,228 @@ spec: secretKeyRef: name: bind-config key: SSH_REPOSITORY_NAME + - name: SSH_REPOSITORY_REF + valueFrom: + secretKeyRef: + name: bind-config + key: SSH_REPOSITORY_REF + resources: limits: cpu: 1 memory: 500Mi requests: - cpu: 400m - memory: 800Mi + cpu: 50m + memory: 150Mi + volumeMounts: - ports: - - containerPort: 53 - name: dns-tcp - protocol: tcp - - containerPort: 53 - name: dns-udp - protocol: udp + - name: data + mountPath: /etc/bind/conf.d/extra + subPath: extra/ + + - name: data + mountPath: /etc/bind/keys + subPath: keys/ - volumeMounts: - name: data - mountPath: /etc/bind/conf.d/external + mountPath: /git subPath: git/ + + - name: data + mountPath: /root + subPath: home + + - mountPath: /var/dns-log + name: data + subPath: logs + + initContainers: + + - name: clone + image: alpine:3.23.2 + command: + - sh + - -c + - | + echo "Start init"; + + + echo "Installing pre-reqs....."; + + apk update; + apk add bind git openssh-client-default; + + if [ -d /etc/bind/conf.d/extra ]; then + + if [ -f /etc/bind/conf.d/extra/rndc.conf ]; then + + + echo "********************************************"; + + echo "Generating rndc key...."; + + rndc-confgen -a -c /etc/bind/keys/rndc.key; + + echo "********************************************"; + + fi + + fi + + + export KEY_FILE_PATH=~/.ssh/${SSH_REPOSITORY_OWNER}/${SSH_REPOSITORY_NAME}; + + mkdir -p "${KEY_FILE_PATH}"; + + echo "Env var KEY_FILE_PATH=[${KEY_FILE_PATH}] setup"; + + echo "$SSH_PRIVATE_KEY" > ${KEY_FILE_PATH}/deploy + + + chmod 600 ${KEY_FILE_PATH}/deploy; + + export GIT_SSH_COMMAND="ssh -i $KEY_FILE_PATH/deploy"; + + ssh-keyscan "${SSH_REPOSITORY_HOST}" >> ~/.ssh/known_hosts + + + export REPO_NAME_FULL="${SSH_REPOSITORY_HOST}:${SSH_REPOSITORY_OWNER}/${SSH_REPOSITORY_NAME}.git" + + echo "Env var REPO_NAME_FULL=[${REPO_NAME_FULL}] setup"; + + + if [ ! -d /git/.git ]; then + + + if ssh -T "git@$SSH_REPOSITORY_HOST" -i $KEY_FILE_PATH/deploy; then + + echo "Clonning repo on branch=[${SSH_REPOSITORY_REF}]"; + + if [ "${SSH_REPOSITORY_REF}"=="tag" ]; then + + echo "'tag' or nothing supplied for variable SSH_REPOSITORY_REF, fetching latest git tag to use."; + + SSH_REPOSITORY_REF=$(git ls-remote --tags --sort=-v:refname git@${REPO_NAME_FULL} | sed 's#.*/##' | grep -v '\^{}' | head -n 1) + + fi + + + git clone -b "${SSH_REPOSITORY_REF}" git@${REPO_NAME_FULL} /git; + + else + + echo "Not Authenticated, check ssh key. RC=[${?}]"; + + exit 1; + + fi + + else + + + cd /git; + + if ssh -T "git@$SSH_REPOSITORY_HOST" -i $KEY_FILE_PATH/deploy; then + + echo "Updating repo on SSH_REPOSITORY_REF=[${SSH_REPOSITORY_REF}]"; + + echo "********************************************"; + + git status; + + echo "********************************************"; + + echo "Checking for repo updates"; + + git fetch -fpvt; + + echo "Git reset...."; + + git reset --hard; + + + if [ "${SSH_REPOSITORY_REF:-}" = "tag" ]; then + + echo "'tag' or nothing supplied for variable SSH_REPOSITORY_REF, fetching latest git tag to use."; + + SSH_REPOSITORY_REF=$(git ls-remote --tags --sort=-v:refname git@${REPO_NAME_FULL} | sed 's#.*/##' | grep -v '\^{}' | head -n 1) + + echo "Using SSH_REPOSITORY_REF=[${SSH_REPOSITORY_REF}]"; + + git checkout "${SSH_REPOSITORY_REF}" + + else + + git checkout "${SSH_REPOSITORY_REF}" + + echo "Pulling any changes...."; + + git pull --rebase + + fi + + + else + + echo "Not Authenticated, check ssh key. RC=[${?}]"; + + fi + + + fi + + + echo "Finish init"; + + env: + - name: SSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: bind-config + key: SSH_PRIVATE_KEY + - name: SSH_REPOSITORY_HOST + valueFrom: + secretKeyRef: + name: bind-config + key: SSH_REPOSITORY_HOST + - name: SSH_REPOSITORY_OWNER + valueFrom: + secretKeyRef: + name: bind-config + key: SSH_REPOSITORY_OWNER + - name: SSH_REPOSITORY_NAME + valueFrom: + secretKeyRef: + name: bind-config + key: SSH_REPOSITORY_NAME + - name: SSH_REPOSITORY_REF + valueFrom: + secretKeyRef: + name: bind-config + key: SSH_REPOSITORY_REF + + resources: + limits: + cpu: 1 + memory: 500Mi + requests: + cpu: 50m + memory: 150Mi + + volumeMounts: + + - name: data + mountPath: /etc/bind/conf.d/extra + subPath: extra/ + + - name: data + mountPath: /etc/bind/keys + subPath: keys/ + + - name: data + mountPath: /git + subPath: git + + - name: data + mountPath: /root + subPath: home diff --git a/manifests/bind9/components/git-ops/kustomization.yaml b/manifests/bind9/components/git-ops/kustomization.yaml index 5a6938d..e3d7d60 100644 --- a/manifests/bind9/components/git-ops/kustomization.yaml +++ b/manifests/bind9/components/git-ops/kustomization.yaml @@ -5,5 +5,5 @@ kind: Component patches: - - patch: Deployment.yaml + - path: Deployment.yaml \ No newline at end of file diff --git a/manifests/bind9/components/rndc/ConfigMap.yaml b/manifests/bind9/components/rndc/ConfigMap.yaml new file mode 100644 index 0000000..acb8c76 --- /dev/null +++ b/manifests/bind9/components/rndc/ConfigMap.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: rndc-conf + app.kubernetes.io/name: bind + app.kubernetes.io/part-of: bind + name: rndc-conf +data: + rndc.conf: | + include "/etc/bind/keys/rndc.key"; + + controls { + inet 127.0.0.1 port 953 + allow { 127.0.0.1; } keys { "rndc-key"; }; + }; diff --git a/manifests/bind9/components/rndc/Deployment-git-config.yaml b/manifests/bind9/components/rndc/Deployment-git-config.yaml new file mode 100644 index 0000000..ec25fa2 --- /dev/null +++ b/manifests/bind9/components/rndc/Deployment-git-config.yaml @@ -0,0 +1,20 @@ +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bind +spec: + template: + + spec: + + containers: + + - name: git + + volumeMounts: + + - name: data + mountPath: /etc/bind/conf.d/extra + subPath: extra/ diff --git a/manifests/bind9/components/rndc/Deployment.yaml b/manifests/bind9/components/rndc/Deployment.yaml new file mode 100644 index 0000000..8e1a8b9 --- /dev/null +++ b/manifests/bind9/components/rndc/Deployment.yaml @@ -0,0 +1,30 @@ +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bind +spec: + + template: + + spec: + + containers: + + - name: bind + + ports: + - containerPort: 953 + name: rndc + protocol: TCP + + volumeMounts: + + - name: data + mountPath: /etc/bind/keys + subPath: keys/ + + - name: data + mountPath: /etc/bind/conf.d/extra + subPath: extra/ diff --git a/manifests/bind9/components/rndc/Service-bind.yaml b/manifests/bind9/components/rndc/Service-bind.yaml new file mode 100644 index 0000000..743c62a --- /dev/null +++ b/manifests/bind9/components/rndc/Service-bind.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: bind +spec: + + ports: + - name: rndc + port: 953 + protocol: TCP + targetPort: rndc \ No newline at end of file diff --git a/manifests/bind9/components/rndc/kustomization.yaml b/manifests/bind9/components/rndc/kustomization.yaml new file mode 100644 index 0000000..714fbce --- /dev/null +++ b/manifests/bind9/components/rndc/kustomization.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + + +resources: + - ConfigMap.yaml + + +patches: + + - path: Deployment.yaml + + - path: Deployment-git-config.yaml + + - path: Service-bind.yaml diff --git a/manifests/bind9/overlays/production/kustomization.yaml b/manifests/bind9/overlays/production/kustomization.yaml index d2fb801..511c6c2 100644 --- a/manifests/bind9/overlays/production/kustomization.yaml +++ b/manifests/bind9/overlays/production/kustomization.yaml @@ -7,6 +7,12 @@ kind: Kustomization resources: - ../../base +# components: +# - ../../components/extra-conf +# - ../../components/git-ops +# - ../../components/rndc +# - ../../components/dns-over-http +# - ../../components/dns-over-tls namespace: dns