-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
use upstream coredns chart instead of fork #1743
Draft
abaguas
wants to merge
1
commit into
k8gb-io:master
Choose a base branch
from
abaguas:coredns/dependency
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abaguas
requested review from
donovanmuller,
k0da,
kuritka,
ytsarev and
jkremser
as code owners
October 1, 2024 18:26
abaguas
force-pushed
the
coredns/dependency
branch
from
October 1, 2024 18:37
6975a3a
to
1dc2147
Compare
✅ Deploy Preview for k8gb-preview ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
abaguas
force-pushed
the
coredns/dependency
branch
4 times, most recently
from
October 1, 2024 20:12
d4c7bb0
to
89aa08e
Compare
abaguas
force-pushed
the
coredns/dependency
branch
3 times, most recently
from
October 16, 2024 10:11
4a967bd
to
b6a49af
Compare
abaguas
force-pushed
the
coredns/dependency
branch
6 times, most recently
from
November 10, 2024 18:43
ddebf3a
to
2e9023f
Compare
Signed-off-by: Andre Baptista Aguas <andre.aguas@protonmail.com>
abaguas
force-pushed
the
coredns/dependency
branch
from
November 10, 2024 20:22
2e9023f
to
71d2501
Compare
This PR was getting slightly out of control with many little changes. I decided to split it in two PRs, one for the chart change (#1776) and another one for the e2e testing changes (coming soon). |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CoreDNS is a core component of the K8GB application. Until now we were installing it using a fork of the official helm chart with the following diff. The fork was necessary because Kubernetes did not support services of type load balancer with both udp and tcp ports, and to reduce the attack surface by running K8GB on a non-privileged port.
Since version 1.26 Kubernetes supports load balancers with mixed ports.
The coredns helm chart also evolved over the years, and with this contribution we are able to use coredns without opening privileged ports.
Generated configuration
The generated configuration by the base chart has only the following differences:
NET_BIND_SERVICE
capability)Abusing the
servers
blockSince the service ports and the prometheus port configuration are taken from the
servers
block of the configuration we need to configure it as follows:This opens the ports that we need on the coredns pod and service, nothing more.
In the coredns chart this configuration would be used to create the configmap that configures the served zones. But we are creating that config ourselves (by setting
coredns.deployment.skipConfig=true
) to reuse helm values.User configuration
The are no changes to the user configuration
Conclusion
With this change we are now able to use the upstream chart instead of a fork. Unfortunately there is a overhead on the configuration necessary to the user, but we gain a lot. We can profit from all the features the coredns community offers, expose TCP port 53 publicly (fixes #1741) and expose the metrics port on the container which allows Prometheus metrics scraping.
Others
k3d services
By enabling k3d's loadbalancer we enable routing to Kubernetes services. This means we can use services of type LoadBalancer or ClusterIP. We no longer need to rely on the service type NodePort, or on making sure a pod is running on the node exposing the port. CoreDNS can be queried exactly the same way as it was before:
In a follow up PR I will try to extend this setup to expose the istio ingress gateway and the nginx ingress controller.
upgrade testing
kubectl -n k8gb delete svc k8gb-coredns --ignore-not-found
creating namespaces with kubectl apply
While reading the upgrade testing logs I saw errors for the creation of namespaces with
kubectl create
because the namespaces already existed. By using kubectl apply these errors are no longer thrown.istio version pinning
While updating the Makefile I noticed the istio version of the ingress controller was not pinned, so I added it.