├── .tool-versions ├── charts └── node-local-dns │ ├── templates │ ├── NOTES.txt │ ├── serviceaccount.yaml │ ├── tests │ │ └── test-dns-resolution.yaml │ ├── podmonitor.yaml │ ├── service.yaml │ ├── ciliumlocalredirectpolicy.yaml │ ├── _helpers.tpl │ ├── configmap.yaml │ └── daemonset.yaml │ ├── Chart.yaml │ ├── README.md.gotmpl │ ├── values.yaml │ ├── README.md │ └── LICENSE ├── .gitignore ├── .pre-commit-config.yaml ├── .github ├── PULL_REQUEST_TEMPLATE.md ├── workflows │ ├── release.yaml │ ├── lint-test.yaml │ └── pr-release.yaml ├── CONTRIBUTING.md └── CODE_OF_CONDUCT.md └── README.md /.tool-versions: -------------------------------------------------------------------------------- 1 | helm-docs 1.14.2 2 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore env files 2 | .env 3 | .envrc 4 | 5 | # Ignore editors 6 | .DS_Store 7 | .idea/ 8 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | --- 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: {{ include "node-local-dns.serviceAccountName" . }} 7 | labels: 8 | {{- include "node-local-dns.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/norwoodj/helm-docs 3 | rev: v1.11.3 4 | hooks: 5 | - id: helm-docs 6 | args: 7 | # Make the tool search for charts only under the `example-charts` directory 8 | - --chart-search-root=charts/node-local-dns/ 9 | 10 | # The `./` makes it relative to the chart-search-root set above 11 | - --template-files=./README.md.gotmpl 12 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/tests/test-dns-resolution.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "node-local-dns.fullname" . }}-dns-test" 5 | labels: 6 | {{- include "node-local-dns.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: dns-test 12 | image: tutum/dnsutils 13 | command: ['dig'] 14 | args: ['google.com'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | 6 | 7 | ## Type of change 8 | 9 | - [ ] Bug fix (non-breaking change which fixes an issue) 10 | - [ ] New feature (non-breaking change which adds functionality) 11 | - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) 12 | - [ ] This change requires a documentation update 13 | - [ ] Small minor change not affecting the Ansible Role code (Github Actions Workflow, Documentation etc.) 14 | 15 | ## How Has This Been Tested? 16 | 20 | -------------------------------------------------------------------------------- /charts/node-local-dns/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | name: node-local-dns 4 | version: 2.4.0 5 | appVersion: 1.23.1 6 | home: https://github.com/lablabs/k8s-nodelocaldns-helm 7 | description: NodeLocal DNS Cache helm chart 8 | icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg 9 | keywords: 10 | - node 11 | - dns 12 | - cache 13 | - kubernetes 14 | sources: 15 | - https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/nodelocaldns 16 | maintainers: 17 | - name: martinhaus 18 | - name: haad 19 | engine: gotpl 20 | type: application 21 | annotations: 22 | artifacthub.io/changes: | 23 | - Initial helm chart changelog 24 | - Update node-cache version, add support for better granular logging 25 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podmonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: {{ include "node-local-dns.fullname" . }} 6 | labels: 7 | {{- include "node-local-dns.labels" . | nindent 4 }} 8 | {{- if .Values.podmonitor.promOperatorSelector }} 9 | {{ toYaml .Values.podmonitor.promOperatorSelector | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.podmonitor.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | selector: 17 | matchLabels: 18 | {{- include "node-local-dns.selectorLabels" . | nindent 8 }} 19 | podMetricsEndpoints: 20 | - port: metrics 21 | {{- if .Values.podmonitor.metricRelabelings }} 22 | metricRelabelings: 23 | {{- toYaml .Values.podmonitor.metricRelabelings | nindent 6 }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if hasKey .Values.config "cilium" }} 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ .Values.image.args.upstreamSvc }} 7 | labels: 8 | {{- include "node-local-dns.labels" . | nindent 4 }} 9 | k8s-app: kube-dns 10 | kubernetes.io/name: "KubeDNSUpstream" 11 | {{- with .Values.serviceAccount.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | ports: 17 | {{- if .Values.config.cilium.udp.enabled }} 18 | - name: {{ .Values.config.cilium.udp.portName | default "dns" }} 19 | port: 53 20 | protocol: UDP 21 | targetPort: 53 22 | {{- end }} 23 | {{- if .Values.config.cilium.tcp.enabled }} 24 | - name: {{ .Values.config.cilium.tcp.portName | default "dns-tcp" }} 25 | port: 53 26 | protocol: TCP 27 | targetPort: 53 28 | {{- end }} 29 | selector: 30 | k8s-app: kube-dns 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | workflow_dispatch: 5 | push: 6 | branches: 7 | - main 8 | paths: 9 | - 'charts/node-local-dns/**' 10 | 11 | jobs: 12 | release: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v4 17 | with: 18 | fetch-depth: 0 19 | 20 | - name: Configure Git 21 | run: | 22 | git config user.name "$GITHUB_ACTOR" 23 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 24 | 25 | - name: Install Helm 26 | uses: azure/setup-helm@v3 27 | with: 28 | version: v3.12.1 29 | 30 | - name: Add dependency chart repos 31 | run: | 32 | helm repo add stable https://charts.helm.sh/stable 33 | helm repo add incubator https://charts.helm.sh/incubator 34 | 35 | - name: Run chart-releaser 36 | uses: helm/chart-releaser-action@v1.6.0 37 | env: 38 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 39 | CR_SKIP_EXISTING: true 40 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NodeLocal DNSCache Helm chart 2 | 3 | ![Release Charts](https://github.com/lablabs/k8s-nodelocaldns-helm/workflows/Release%20Charts/badge.svg?branch=master) 4 | [![Releases downloads](https://img.shields.io/github/downloads/lablabs/k8s-nodelocaldns-helm/total.svg)](https://github.com/lablabs/k8s-nodelocaldns-helm/releases) 5 | [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/lablabs/k8s-nodelocaldns-helm/blob/master/charts/node-local-dns/LICENSE) 6 | 7 | [](https://lablabs.io/) 8 | 9 | We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at 10 | 11 | --- 12 | 13 | ## Description 14 | 15 | A Helm chart to deploy Node Local DNS Cache. 16 | 17 | More details about the chart and it's configuration can be found [here](charts/node-local-dns/README.md) 18 | 19 | ## Helm Chart Repository 20 | 21 | ```console 22 | helm repo add k8s-nodelocaldns-helm https://lablabs.github.io/k8s-nodelocaldns-helm/ 23 | helm install k8s-nodelocaldns-helm/node-local-dns 24 | ``` 25 | -------------------------------------------------------------------------------- /.github/workflows/lint-test.yaml: -------------------------------------------------------------------------------- 1 | name: Lint and Test Charts 2 | 3 | on: pull_request 4 | 5 | jobs: 6 | lint-test: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - name: Checkout 10 | uses: actions/checkout@v4 11 | with: 12 | fetch-depth: 0 13 | 14 | - name: Set up Helm 15 | uses: azure/setup-helm@v3 16 | with: 17 | version: v3.12.1 18 | 19 | - uses: actions/setup-python@v4 20 | with: 21 | python-version: '3.10' 22 | check-latest: true 23 | 24 | - name: Set up chart-testing 25 | uses: helm/chart-testing-action@v2.6.1 26 | 27 | - name: Run chart-testing (list-changed) 28 | id: list-changed 29 | run: | 30 | changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) 31 | if [[ -n "$changed" ]]; then 32 | echo "changed=true" >> "$GITHUB_OUTPUT" 33 | fi 34 | 35 | - name: Run chart-testing (lint) 36 | if: steps.list-changed.outputs.changed == 'true' 37 | run: ct lint --target-branch ${{ github.event.repository.default_branch }} 38 | 39 | - name: Create kind cluster 40 | if: steps.list-changed.outputs.changed == 'true' 41 | uses: helm/kind-action@v1.8.0 42 | 43 | - name: Run chart-testing (install) 44 | if: steps.list-changed.outputs.changed == 'true' 45 | run: ct install --target-branch ${{ github.event.repository.default_branch }} 46 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/ciliumlocalredirectpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if hasKey .Values.config "cilium" }} 2 | --- 3 | apiVersion: "cilium.io/v2" 4 | kind: CiliumLocalRedirectPolicy 5 | metadata: 6 | name: "node-local-dns" 7 | labels: 8 | {{- include "node-local-dns.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | redirectFrontend: 15 | {{- if eq .Values.config.cilium.redirectType "address" }} 16 | addressMatcher: 17 | ip: {{ .Values.config.localDnsIp }} 18 | toPorts: 19 | {{- if .Values.config.cilium.udp.enabled }} 20 | - port: "53" 21 | name: {{ .Values.config.cilium.udp.portName | default "dns" }} 22 | protocol: UDP 23 | {{- end }} 24 | {{- if .Values.config.cilium.tcp.enabled }} 25 | - port: "53" 26 | name: {{ .Values.config.cilium.tcp.portName | default "dns-tcp" }} 27 | protocol: TCP 28 | {{- end }} 29 | {{- else }} 30 | serviceMatcher: 31 | serviceName: {{ .Values.config.cilium.clusterDNSService | default "kube-dns" }} 32 | namespace: {{ .Values.config.cilium.clusterDNSNamespace | default "kube-system" }} 33 | {{- end }} 34 | redirectBackend: 35 | localEndpointSelector: 36 | matchLabels: 37 | {{- include "node-local-dns.selectorLabels" . | nindent 8 }} 38 | toPorts: 39 | {{- if .Values.config.cilium.udp.enabled }} 40 | - port: "53" 41 | name: {{ .Values.config.cilium.udp.portName | default "dns" }} 42 | protocol: UDP 43 | {{- end }} 44 | {{- if .Values.config.cilium.tcp.enabled }} 45 | - port: "53" 46 | name: {{ .Values.config.cilium.tcp.portName | default "dns-tcp" }} 47 | protocol: TCP 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | Feel free to: 4 | 5 | - [Create an issue](https://help.github.com/articles/creating-an-issue/) 6 | - [Make a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) into the `main` branch 7 | 8 | Here is how you can help, a lot of steps are related to GitHub, not specifically my roles. 9 | 10 | ## 1. Create an issue 11 | 12 | When you see some issue or have an idea for improvement, [create an issue](https://github.com/lablabs/ansible-nexus_config/issues). 13 | 14 | ## 2. Fork the project 15 | 16 | Click on `fork` on the top-right corner and fork the repository. 17 | 18 | ## 3. Install pre-commit 19 | 20 | 1. Install [pre-commit](https://pre-commit.com/#install) software 21 | 2. Install [helm-docs](https://github.com/norwoodj/helm-docs#installation) pre-commit hook 22 | 3. Run `pre-commit install` in the repository root directory 23 | 24 | ## 4. Make the changes 25 | 26 | Do the changes in your own GitHub namespace. 27 | 28 | ## 5. Test the changes 29 | 30 | Test your changes locally. Also please run `helm lint charts/node-local-dns`. 31 | 32 | ## 6. Create a pull request 33 | 34 | Please create a pull request into the `master` branch. Here is [how to do it](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork). 35 | 36 | ## 7. Semantic Commits 37 | 38 | Commits must follow conventional specs below: 39 | 40 | - `ci:` Changes to our CI configuration files and scripts (example scopes: GitHub Actions) 41 | - `docs:` Documentation only changes 42 | - `feat:` A new feature 43 | - `fix:` A bug fix 44 | - `refactor:` A code change that neither fixes a bug nor adds a feature 45 | - `style:` Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc) 46 | - `test:` Adding missing tests or correcting existing tests 47 | -------------------------------------------------------------------------------- /charts/node-local-dns/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "chart.header" . }} 2 | {{ template "chart.description" . }} 3 | 4 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 5 | 6 | [](https://lablabs.io/) 7 | 8 | ## Installing the Chart 9 | 10 | This chart deploys NodeLocal DNSCache Daemon set according to . 11 | 12 | It is designed to work both with iptables and IPVS setup. 13 | 14 | Latest available `node-local-dns` image can be found at [node-local-dns google container repository](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/k8s-dns-node-cache) 15 | 16 | {{ template "chart.requirementsSection" . }} 17 | 18 | {{ template "chart.valuesSection" . }} 19 | 20 | ## Additional Information 21 | 22 | ### Cilium 23 | 24 | For clusters running [cilium](https://cilium.io/), there is a CRD, 25 | [local-redirect-policy](https://docs.cilium.io/en/stable/network/kubernetes/local-redirect-policy/), 26 | which needs be extra enabled via `--set localRedirectPolicy=true`. 27 | It enables pod traffic destined to an IP address and port/protocol tuple or Kubernetes service to be redirected 28 | locally to backend pod(s) within a node, using eBPF. 29 | The namespace of backend pod(s) need to match with that of the policy. 30 | 31 | For using this feature, values should provides the following extra configuration, 32 | 33 | For getting the `CLUSTER_DNS_IP`, 34 | 35 | ```console 36 | kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP} 37 | ``` 38 | 39 | ```yaml 40 | config: 41 | localDnsIp: CLUSTER_DNS_IP 42 | cilium: 43 | clusterDNSService: kube-dns 44 | clusterDNSNamespace: kube-system 45 | udp: 46 | enabled: true 47 | portName: dns 48 | tcp: 49 | enabled: true 50 | portName: dns-tcp 51 | ``` 52 | 53 | #### RKE2 54 | 55 | As this feature heavily depends on the Cluster DNS implementation, for a [Rancher Kubernetes Engine 2](https://docs.rke2.io/) cluster, 56 | `clusterDNSService` should be `rke2-coredns-rke2-coredns`, and port names, 57 | `udp-53` and `tcp-53` respectively. 58 | 59 | {{ template "helm-docs.versionFooter" . }} -------------------------------------------------------------------------------- /charts/node-local-dns/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "node-local-dns.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 7 | {{- end }} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "node-local-dns.fullname" -}} 15 | {{- if .Values.fullnameOverride }} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 17 | {{- else }} 18 | {{- $name := default .Chart.Name .Values.nameOverride }} 19 | {{- if contains $name .Release.Name }} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 21 | {{- else }} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "node-local-dns.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 32 | {{- end }} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "node-local-dns.labels" -}} 38 | helm.sh/chart: {{ include "node-local-dns.chart" . }} 39 | {{ include "node-local-dns.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- if .Values.commonLabels }} 45 | {{ toYaml .Values.commonLabels }} 46 | {{- end }} 47 | {{- end }} 48 | 49 | {{/* 50 | Selector labels 51 | */}} 52 | {{- define "node-local-dns.selectorLabels" -}} 53 | app.kubernetes.io/name: {{ include "node-local-dns.name" . }} 54 | app.kubernetes.io/instance: {{ .Release.Name }} 55 | {{- end }} 56 | 57 | {{/* 58 | Create the name of the service account to use 59 | */}} 60 | {{- define "node-local-dns.serviceAccountName" -}} 61 | {{- if .Values.serviceAccount.create }} 62 | {{- default (include "node-local-dns.fullname" .) .Values.serviceAccount.name }} 63 | {{- else }} 64 | {{- default "default" .Values.serviceAccount.name }} 65 | {{- end }} 66 | {{- end }} 67 | -------------------------------------------------------------------------------- /.github/workflows/pr-release.yaml: -------------------------------------------------------------------------------- 1 | name: Pull Request - Release Charts 2 | 3 | on: 4 | workflow_dispatch: 5 | pull_request: 6 | branches: 7 | - main 8 | paths: 9 | - 'charts/node-local-dns/**' 10 | 11 | jobs: 12 | release: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v4 17 | with: 18 | fetch-depth: 0 19 | 20 | - name: Configure Git 21 | run: | 22 | git config user.name "$GITHUB_ACTOR" 23 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 24 | 25 | - name: Install Helm 26 | uses: azure/setup-helm@v3 27 | with: 28 | version: v3.12.1 29 | 30 | - name: Add dependency chart repos 31 | run: | 32 | helm repo add stable https://charts.helm.sh/stable 33 | helm repo add incubator https://charts.helm.sh/incubator 34 | 35 | - name: Get version 36 | id: get_version 37 | run: | 38 | version=$(grep 'version: ' charts/node-local-dns/Chart.yaml | awk '{print $2}') 39 | branch=$GITHUB_HEAD_REF 40 | 41 | pr_version="${version}-${branch}" 42 | echo "Defining PR version $pr_version for branch $branch" 43 | 44 | echo "Updating charts/node-local-dns/Chart.yaml version to ${pr_version}" 45 | sed -i "s/^version:.*/version: ${pr_version}/" charts/node-local-dns/Chart.yaml 46 | echo "pr_version=$pr_version" >> $GITHUB_ENV 47 | 48 | - name: Check and remove existing PR release 49 | run: | 50 | echo "Checking release $pr_version existence in $GITHUB_REPOSITORY" 51 | release_id=$( gh api -H "Accept: application/vnd.github.v3+json" /repos/$GITHUB_REPOSITORY/releases/tags/node-local-dns-$pr_version | jq -r .id ) 52 | if [ "$release_id" != "null" ]; then 53 | echo "Release node-local-dns-$pr_version exists. Deleting..." 54 | gh api -X DELETE /repos/$GITHUB_REPOSITORY/releases/$release_id 55 | 56 | echo "Deleting tag node-local-dns-$pr_version..." 57 | gh api -X DELETE /repos/$GITHUB_REPOSITORY/git/refs/tags/node-local-dns-$pr_version 58 | else 59 | echo "Release $pr_version does not exist. Continuing..." 60 | fi 61 | env: 62 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 63 | 64 | - name: Run chart-releaser 65 | uses: helm/chart-releaser-action@v1.6.0 66 | env: 67 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 68 | 69 | -------------------------------------------------------------------------------- /charts/node-local-dns/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | commonLabels: {} 3 | 4 | image: 5 | repository: registry.k8s.io/dns/k8s-dns-node-cache 6 | pullPolicy: IfNotPresent 7 | tag: 1.23.0 8 | args: 9 | interfaceName: nodelocaldns 10 | healthPort: 8080 11 | setupInterface: true 12 | skipTeardown: true 13 | setupIptables: false 14 | syncInterval: 1ns 15 | quiet: false 16 | upstreamSvc: kube-dns 17 | 18 | imagePullSecrets: [] 19 | 20 | config: 21 | localDnsIp: 169.254.20.11 22 | # cilium: 23 | # clusterDNSService: kube-dns 24 | # clusterDNSNamespace: kube-system 25 | # redirectType: address 26 | # udp: 27 | # enabled: true 28 | # portName: dns 29 | # tcp: 30 | # enabled: true 31 | # portName: dns-tcp 32 | zones: 33 | .:53: 34 | plugins: 35 | errors: true 36 | reload: true 37 | debug: false 38 | log: 39 | format: combined 40 | classes: all 41 | template: {} # https://coredns.io/plugins/template/ 42 | # parameters: "ANY AAAA" 43 | # match: "" 44 | # additional: "" 45 | # authority: "" 46 | # rcode: "NOERROR" 47 | # ederror: "" 48 | # fallthrough: "" 49 | cache: 50 | parameters: 30 51 | denial: {} 52 | # size: 0 53 | # ttl: 1 54 | success: {} 55 | # size: 8192 56 | # ttl: 30 57 | prefetch: {} 58 | # amount: 1 59 | # duration: 10m 60 | # percentage: 20% 61 | serve_stale: false 62 | forward: 63 | parameters: __PILLAR__UPSTREAM__SERVERS__ # defaults to /etc/resolv.conf 64 | force_tcp: false 65 | prefer_udp: false 66 | policy: "" # random|round_robin|sequential 67 | max_fails: "" # 10 68 | expire: "" # 10s 69 | health_check: "" # 10s 70 | except: "" # space-separated list of domains to exclude from forwarding 71 | prometheus: true 72 | health: 73 | port: 8080 74 | # hosts: 75 | # entries: # dns.hosts INLINE 76 | # - ip: 10.5.0.4 77 | # name: blabla.lala 78 | # ttl: 3600 # in seconds, 3600 (default) 79 | # no_reverse: true # set no_reverse 80 | # reload: "0s" # 0s disable (default), use duration notation, ie, "1.5h" 81 | # fallthrough: true 82 | ip6.arpa:53: 83 | plugins: 84 | errors: true 85 | reload: true 86 | debug: false 87 | log: 88 | format: combined 89 | classes: all 90 | cache: 91 | parameters: 30 92 | forward: 93 | parameters: __PILLAR__UPSTREAM__SERVERS__ # defaults to /etc/resolv.conf 94 | force_tcp: false 95 | prometheus: true 96 | health: 97 | port: 8080 98 | in-addr.arpa:53: 99 | plugins: 100 | errors: true 101 | reload: true 102 | debug: false 103 | log: 104 | format: combined 105 | classes: all 106 | cache: 107 | parameters: 30 108 | forward: 109 | parameters: __PILLAR__UPSTREAM__SERVERS__ # defaults to /etc/resolv.conf 110 | force_tcp: false 111 | prometheus: true 112 | health: 113 | port: 8080 114 | 115 | # useHostNetwork is always false when using cilium 116 | useHostNetwork: true 117 | 118 | updateStrategy: 119 | rollingUpdate: 120 | maxUnavailable: 10% 121 | 122 | priorityClassName: system-node-critical 123 | podAnnotations: {} 124 | podLabels: {} 125 | podSecurityContext: {} 126 | 127 | securityContext: 128 | privileged: true 129 | 130 | readinessProbe: 131 | 132 | serviceAccount: 133 | create: true 134 | annotations: {} 135 | name: "" 136 | 137 | nodeSelector: {} 138 | affinity: {} 139 | 140 | tolerations: 141 | - key: CriticalAddonsOnly 142 | operator: Exists 143 | - effect: NoExecute 144 | operator: Exists 145 | - effect: NoSchedule 146 | operator: Exists 147 | 148 | resources: 149 | requests: 150 | cpu: 30m 151 | memory: 50Mi 152 | 153 | metrics: 154 | prometheusScrape: "true" 155 | port: 9253 156 | 157 | podmonitor: 158 | enabled: false 159 | metricRelabelings: [] 160 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "node-local-dns.fullname" . }} 6 | labels: 7 | {{- include "node-local-dns.labels" . | nindent 4 }} 8 | data: 9 | Corefile: |- 10 | {{- $localDnsIp := .Values.config.localDnsIp -}} 11 | {{- $metricsPort := .Values.metrics.port -}} 12 | {{- $ciliumConfig := ternary true false (hasKey .Values.config "cilium") -}} 13 | 14 | {{- range $k, $v := .Values.config.zones }} 15 | {{ $k }} { 16 | {{- range $v }} 17 | {{- if $v.plugins.errors }} 18 | errors 19 | {{- end }} 20 | cache {{ $v.plugins.cache.parameters }} { 21 | {{- if $v.plugins.cache.denial }} 22 | denial {{ $v.plugins.cache.denial.size }} {{ if $v.plugins.cache.denial.ttl }} {{ $v.plugins.cache.denial.ttl }} {{ end }} 23 | {{- end }} 24 | {{- if $v.plugins.cache.success }} 25 | success {{ $v.plugins.cache.success.size }} {{ if $v.plugins.cache.success.ttl }} {{ $v.plugins.cache.success.ttl }} {{ end }} 26 | {{- end }} 27 | {{- if $v.plugins.cache.prefetch }} 28 | prefetch {{ $v.plugins.cache.prefetch.amount }} {{ if $v.plugins.cache.prefetch.duration }} {{ $v.plugins.cache.prefetch.duration }} {{ end }} {{ if $v.plugins.cache.prefetch.percentage }} {{ $v.plugins.cache.prefetch.percentage }} {{ end }} 29 | {{- end }} 30 | {{- if $v.plugins.cache.server_stale }} 31 | serve_stale 32 | {{- end }} 33 | } 34 | {{- if $v.plugins.template }} 35 | template {{ $v.plugins.template.parameters }} { 36 | {{- if $v.plugins.template.match }} 37 | match {{ $v.plugins.template.match }} 38 | {{- end }} 39 | {{- if $v.plugins.template.answer }} 40 | answer {{ $v.plugins.template.answer }} 41 | {{- end }} 42 | {{- if $v.plugins.template.additional }} 43 | additional {{ $v.plugins.template.additional }} 44 | {{- end }} 45 | {{- if $v.plugins.template.authority }} 46 | authority {{ $v.plugins.template.authority }} 47 | {{- end }} 48 | {{- if $v.plugins.template.rcode }} 49 | rcode {{ $v.plugins.template.rcode }} 50 | {{- end }} 51 | {{- if $v.plugins.template.ederror }} 52 | ederror {{ $v.plugins.template.ederror }} 53 | {{- end }} 54 | {{- if $v.plugins.template.fallthrough }} 55 | fallthrough {{ $v.plugins.template.fallthrough }} 56 | {{- end }} 57 | } 58 | {{- end }} 59 | {{- if $v.plugins.reload }} 60 | reload 61 | {{- end }} 62 | {{- if $v.plugins.hosts }} 63 | hosts { 64 | {{- range $kk, $vv := $v.plugins.hosts.entries }} 65 | {{ $vv.ip }} {{ $vv.name }} 66 | {{- end }} 67 | {{- if $v.plugins.hosts.ttl }} 68 | ttl {{ $v.plugins.hosts.ttl }} 69 | {{- end }} 70 | {{- if $v.plugins.hosts.no_reverse }} 71 | no_reverse 72 | {{- end }} 73 | {{- if $v.plugins.hosts.reload }} 74 | reload {{ $v.plugins.hosts.reload | quote }} 75 | {{- end }} 76 | {{- if $v.plugins.hosts.fallthrough }} 77 | fallthrough 78 | {{- end }} 79 | } 80 | {{- end }} 81 | {{- if $v.plugins.log }} 82 | log . {{ default "combined" $v.plugins.log.format }} { 83 | class {{ $v.plugins.log.classes }} 84 | } 85 | {{- end }} 86 | {{- if $v.plugins.debug }} 87 | debug 88 | {{- end }} 89 | loop 90 | {{- if not $ciliumConfig }} 91 | bind {{ $localDnsIp }} 92 | {{- else }} 93 | bind 0.0.0.0 94 | {{- end }} 95 | forward . {{ $v.plugins.forward.parameters }} { 96 | {{- if $v.plugins.forward.policy }} 97 | policy {{ $v.plugins.forward.policy }} 98 | {{- end }} 99 | {{- if $v.plugins.forward.force_tcp }} 100 | force_tcp 101 | {{- end }} 102 | {{- if $v.plugins.forward.prefer_udp }} 103 | prefer_udp 104 | {{- end }} 105 | {{- if $v.plugins.forward.max_fails }} 106 | max_fails {{ $v.plugins.forward.max_fails }} 107 | {{- end }} 108 | {{- if $v.plugins.forward.expire }} 109 | expire {{ $v.plugins.forward.expire }} 110 | {{- end }} 111 | {{- if $v.plugins.forward.health_check }} 112 | expire {{ $v.plugins.forward.health_check }} 113 | {{- end }} 114 | {{- if $v.plugins.forward.except }} 115 | except {{ $v.plugins.forward.except }} 116 | {{- end }} 117 | } 118 | {{- if $v.plugins.prometheus }} 119 | prometheus :{{ $metricsPort }} 120 | {{- end }} 121 | {{- if $v.plugins.health }} 122 | {{- if not $ciliumConfig }} 123 | health {{ $localDnsIp }}:{{ $v.plugins.health.port }} 124 | {{- else }} 125 | health 126 | {{- end }} 127 | {{- end }} 128 | {{- end }} 129 | } 130 | {{- end }} 131 | -------------------------------------------------------------------------------- /charts/node-local-dns/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: DaemonSet 4 | metadata: 5 | name: {{ include "node-local-dns.fullname" . }} 6 | labels: 7 | {{- include "node-local-dns.labels" . | nindent 4 }} 8 | spec: 9 | selector: 10 | matchLabels: 11 | {{- include "node-local-dns.selectorLabels" . | nindent 6 }} 12 | updateStrategy: 13 | {{- toYaml .Values.updateStrategy | nindent 4 }} 14 | template: 15 | metadata: 16 | annotations: 17 | prometheus.io/scrape: {{ .Values.metrics.prometheusScrape | quote }} 18 | prometheus.io/port: {{ .Values.metrics.port | quote }} 19 | checksum/configmaps: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 20 | {{- if .Values.podAnnotations }} 21 | {{- toYaml .Values.podAnnotations | nindent 8 }} 22 | {{- end }} 23 | labels: 24 | {{- include "node-local-dns.selectorLabels" . | nindent 8 }} 25 | {{- if .Values.podLabels }} 26 | {{- toYaml .Values.podLabels | nindent 8 }} 27 | {{- end }} 28 | spec: 29 | imagePullSecrets: 30 | {{- toYaml .Values.imagePullSecrets | nindent 8 }} 31 | serviceAccountName: {{ include "node-local-dns.serviceAccountName" . }} 32 | securityContext: 33 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 34 | priorityClassName: {{ .Values.priorityClassName }} 35 | {{- if not (hasKey .Values.config "cilium") }} 36 | hostNetwork: {{ .Values.useHostNetwork }} 37 | {{- end }} 38 | dnsPolicy: Default 39 | containers: 40 | - name: {{ .Chart.Name }} 41 | image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" 42 | imagePullPolicy: {{ .Values.image.pullPolicy }} 43 | args: 44 | - -localip 45 | - "{{ .Values.config.localDnsIp }}" 46 | {{- if .Values.image.args.skipTeardown }} 47 | - -skipteardown=true 48 | {{- else }} 49 | - -skipteardown=false 50 | {{- end }} 51 | {{- if .Values.image.args.setupEptables }} 52 | - -setupeptables 53 | {{- end }} 54 | {{- if .Values.image.args.setupInterface }} 55 | - -setupinterface=true 56 | {{- else }} 57 | - -setupinterface=false 58 | {{- end }} 59 | {{- if .Values.image.args.setupIptables }} 60 | - -setupiptables=true 61 | {{- else }} 62 | - -setupiptables=false 63 | {{- end }} 64 | {{- if .Values.image.args.quiet }} 65 | - -quiet 66 | {{- end }} 67 | {{- if .Values.image.args.healthPort }} 68 | - -health-port 69 | - {{ .Values.image.args.healthPort | quote }} 70 | {{- end }} 71 | {{- if .Values.image.args.upstreamSvc }} 72 | - -upstreamsvc 73 | - {{ .Values.image.args.upstreamSvc | quote }} 74 | {{- end }} 75 | - -conf 76 | - /etc/Corefile 77 | - -syncinterval 78 | - {{ .Values.image.args.syncInterval }} 79 | {{- if .Values.image.args.setupInterface }} 80 | - -interfacename 81 | - {{ .Values.image.args.interfaceName }} 82 | {{- end }} 83 | - -metrics-listen-address 84 | - "0.0.0.0:{{ add .Values.metrics.port 100 }}" 85 | ports: 86 | - name: metrics 87 | containerPort: {{ .Values.metrics.port }} 88 | protocol: TCP 89 | {{- if (hasKey .Values.config "cilium") }} 90 | {{- if .Values.config.cilium.udp.enabled }} 91 | - name: {{ .Values.config.cilium.udp.portName | default "dns" }} 92 | containerPort: 53 93 | protocol: UDP 94 | {{- end }} 95 | {{- if .Values.config.cilium.tcp.enabled }} 96 | - name: {{ .Values.config.cilium.tcp.portName | default "dns-tcp" }} 97 | containerPort: 53 98 | protocol: TCP 99 | {{- end }} 100 | {{- end }} 101 | securityContext: 102 | {{- toYaml .Values.securityContext | nindent 12 }} 103 | livenessProbe: 104 | httpGet: 105 | {{- if not (hasKey .Values.config "cilium") }} 106 | host: {{ .Values.config.localDnsIp }} 107 | {{- end }} 108 | path: /health 109 | port: {{ default "8080" .Values.image.args.healthPort }} 110 | initialDelaySeconds: 60 111 | timeoutSeconds: 5 112 | readinessProbe: 113 | {{- toYaml .Values.readinessProbe | nindent 12 }} 114 | resources: 115 | {{- toYaml .Values.resources | nindent 12 }} 116 | volumeMounts: 117 | - mountPath: /run/xtables.lock 118 | name: xtables-lock 119 | readOnly: false 120 | - name: config 121 | mountPath: /etc/coredns 122 | nodeSelector: 123 | {{- toYaml .Values.nodeSelector | nindent 8 }} 124 | affinity: 125 | {{- toYaml .Values.affinity | nindent 8 }} 126 | tolerations: 127 | {{- toYaml .Values.tolerations | nindent 8 }} 128 | volumes: 129 | - name: xtables-lock 130 | hostPath: 131 | path: /run/xtables.lock 132 | type: FileOrCreate 133 | - name: config 134 | configMap: 135 | name: {{ include "node-local-dns.fullname" . }} 136 | items: 137 | - key: Corefile 138 | path: Corefile.base 139 | -------------------------------------------------------------------------------- /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | 2 | # Contributor Covenant Code of Conduct 3 | 4 | ## Our Pledge 5 | 6 | We as members, contributors, and leaders pledge to make participation in our 7 | community a harassment-free experience for everyone, regardless of age, body 8 | size, visible or invisible disability, ethnicity, sex characteristics, gender 9 | identity and expression, level of experience, education, socio-economic status, 10 | nationality, personal appearance, race, caste, color, religion, or sexual 11 | identity and orientation. 12 | 13 | We pledge to act and interact in ways that contribute to an open, welcoming, 14 | diverse, inclusive, and healthy community. 15 | 16 | ## Our Standards 17 | 18 | Examples of behavior that contributes to a positive environment for our 19 | community include: 20 | 21 | * Demonstrating empathy and kindness toward other people 22 | * Being respectful of differing opinions, viewpoints, and experiences 23 | * Giving and gracefully accepting constructive feedback 24 | * Accepting responsibility and apologizing to those affected by our mistakes, 25 | and learning from the experience 26 | * Focusing on what is best not just for us as individuals, but for the overall 27 | community 28 | 29 | Examples of unacceptable behavior include: 30 | 31 | * The use of sexualized language or imagery, and sexual attention or advances of 32 | any kind 33 | * Trolling, insulting or derogatory comments, and personal or political attacks 34 | * Public or private harassment 35 | * Publishing others' private information, such as a physical or email address, 36 | without their explicit permission 37 | * Other conduct which could reasonably be considered inappropriate in a 38 | professional setting 39 | 40 | ## Enforcement Responsibilities 41 | 42 | Community leaders are responsible for clarifying and enforcing our standards of 43 | acceptable behavior and will take appropriate and fair corrective action in 44 | response to any behavior that they deem inappropriate, threatening, offensive, 45 | or harmful. 46 | 47 | Community leaders have the right and responsibility to remove, edit, or reject 48 | comments, commits, code, wiki edits, issues, and other contributions that are 49 | not aligned to this Code of Conduct, and will communicate reasons for moderation 50 | decisions when appropriate. 51 | 52 | ## Scope 53 | 54 | This Code of Conduct applies within all community spaces, and also applies when 55 | an individual is officially representing the community in public spaces. 56 | Examples of representing our community include using an official e-mail address, 57 | posting via an official social media account, or acting as an appointed 58 | representative at an online or offline event. 59 | 60 | ## Enforcement 61 | 62 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 63 | reported to the community leaders responsible for enforcement at 64 | info@lablabs.io. 65 | All complaints will be reviewed and investigated promptly and fairly. 66 | 67 | All community leaders are obligated to respect the privacy and security of the 68 | reporter of any incident. 69 | 70 | ## Enforcement Guidelines 71 | 72 | Community leaders will follow these Community Impact Guidelines in determining 73 | the consequences for any action they deem in violation of this Code of Conduct: 74 | 75 | ### 1. Correction 76 | 77 | **Community Impact**: Use of inappropriate language or other behavior deemed 78 | unprofessional or unwelcome in the community. 79 | 80 | **Consequence**: A private, written warning from community leaders, providing 81 | clarity around the nature of the violation and an explanation of why the 82 | behavior was inappropriate. A public apology may be requested. 83 | 84 | ### 2. Warning 85 | 86 | **Community Impact**: A violation through a single incident or series of 87 | actions. 88 | 89 | **Consequence**: A warning with consequences for continued behavior. No 90 | interaction with the people involved, including unsolicited interaction with 91 | those enforcing the Code of Conduct, for a specified period of time. This 92 | includes avoiding interactions in community spaces as well as external channels 93 | like social media. Violating these terms may lead to a temporary or permanent 94 | ban. 95 | 96 | ### 3. Temporary Ban 97 | 98 | **Community Impact**: A serious violation of community standards, including 99 | sustained inappropriate behavior. 100 | 101 | **Consequence**: A temporary ban from any sort of interaction or public 102 | communication with the community for a specified period of time. No public or 103 | private interaction with the people involved, including unsolicited interaction 104 | with those enforcing the Code of Conduct, is allowed during this period. 105 | Violating these terms may lead to a permanent ban. 106 | 107 | ### 4. Permanent Ban 108 | 109 | **Community Impact**: Demonstrating a pattern of violation of community 110 | standards, including sustained inappropriate behavior, harassment of an 111 | individual, or aggression toward or disparagement of classes of individuals. 112 | 113 | **Consequence**: A permanent ban from any sort of public interaction within the 114 | community. 115 | 116 | ## Attribution 117 | 118 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 119 | version 2.1, available at 120 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. 121 | 122 | Community Impact Guidelines were inspired by 123 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. 124 | 125 | For answers to common questions about this code of conduct, see the FAQ at 126 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at 127 | [https://www.contributor-covenant.org/translations][translations]. 128 | 129 | [homepage]: https://www.contributor-covenant.org 130 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html 131 | [Mozilla CoC]: https://github.com/mozilla/diversity 132 | [FAQ]: https://www.contributor-covenant.org/faq 133 | [translations]: https://www.contributor-covenant.org/translations 134 | -------------------------------------------------------------------------------- /charts/node-local-dns/README.md: -------------------------------------------------------------------------------- 1 | # node-local-dns 2 | 3 | NodeLocal DNS Cache helm chart 4 | 5 | ![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.23.1](https://img.shields.io/badge/AppVersion-1.23.1-informational?style=flat-square) 6 | 7 | [](https://lablabs.io/) 8 | 9 | ## Installing the Chart 10 | 11 | This chart deploys NodeLocal DNSCache Daemon set according to . 12 | 13 | It is designed to work both with iptables and IPVS setup. 14 | 15 | Latest available `node-local-dns` image can be found at [node-local-dns google container repository](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/k8s-dns-node-cache) 16 | 17 | ## Values 18 | 19 | | Key | Type | Default | Description | 20 | |-----|------|---------|-------------| 21 | | affinity | object | `{}` | | 22 | | commonLabels | object | `{}` | | 23 | | config.localDnsIp | string | `"169.254.20.11"` | | 24 | | config.zones.".:53".plugins.cache.denial | object | `{}` | | 25 | | config.zones.".:53".plugins.cache.parameters | int | `30` | | 26 | | config.zones.".:53".plugins.cache.prefetch | object | `{}` | | 27 | | config.zones.".:53".plugins.cache.serve_stale | bool | `false` | | 28 | | config.zones.".:53".plugins.cache.success | object | `{}` | | 29 | | config.zones.".:53".plugins.debug | bool | `false` | | 30 | | config.zones.".:53".plugins.errors | bool | `true` | | 31 | | config.zones.".:53".plugins.forward.except | string | `""` | | 32 | | config.zones.".:53".plugins.forward.expire | string | `""` | | 33 | | config.zones.".:53".plugins.forward.force_tcp | bool | `false` | | 34 | | config.zones.".:53".plugins.forward.health_check | string | `""` | | 35 | | config.zones.".:53".plugins.forward.max_fails | string | `""` | | 36 | | config.zones.".:53".plugins.forward.parameters | string | `"__PILLAR__UPSTREAM__SERVERS__"` | | 37 | | config.zones.".:53".plugins.forward.policy | string | `""` | | 38 | | config.zones.".:53".plugins.forward.prefer_udp | bool | `false` | | 39 | | config.zones.".:53".plugins.health.port | int | `8080` | | 40 | | config.zones.".:53".plugins.log.classes | string | `"all"` | | 41 | | config.zones.".:53".plugins.log.format | string | `"combined"` | | 42 | | config.zones.".:53".plugins.prometheus | bool | `true` | | 43 | | config.zones.".:53".plugins.reload | bool | `true` | | 44 | | config.zones.".:53".plugins.template | object | `{}` | | 45 | | config.zones."in-addr.arpa:53".plugins.cache.parameters | int | `30` | | 46 | | config.zones."in-addr.arpa:53".plugins.debug | bool | `false` | | 47 | | config.zones."in-addr.arpa:53".plugins.errors | bool | `true` | | 48 | | config.zones."in-addr.arpa:53".plugins.forward.force_tcp | bool | `false` | | 49 | | config.zones."in-addr.arpa:53".plugins.forward.parameters | string | `"__PILLAR__UPSTREAM__SERVERS__"` | | 50 | | config.zones."in-addr.arpa:53".plugins.health.port | int | `8080` | | 51 | | config.zones."in-addr.arpa:53".plugins.log.classes | string | `"all"` | | 52 | | config.zones."in-addr.arpa:53".plugins.log.format | string | `"combined"` | | 53 | | config.zones."in-addr.arpa:53".plugins.prometheus | bool | `true` | | 54 | | config.zones."in-addr.arpa:53".plugins.reload | bool | `true` | | 55 | | config.zones."ip6.arpa:53".plugins.cache.parameters | int | `30` | | 56 | | config.zones."ip6.arpa:53".plugins.debug | bool | `false` | | 57 | | config.zones."ip6.arpa:53".plugins.errors | bool | `true` | | 58 | | config.zones."ip6.arpa:53".plugins.forward.force_tcp | bool | `false` | | 59 | | config.zones."ip6.arpa:53".plugins.forward.parameters | string | `"__PILLAR__UPSTREAM__SERVERS__"` | | 60 | | config.zones."ip6.arpa:53".plugins.health.port | int | `8080` | | 61 | | config.zones."ip6.arpa:53".plugins.log.classes | string | `"all"` | | 62 | | config.zones."ip6.arpa:53".plugins.log.format | string | `"combined"` | | 63 | | config.zones."ip6.arpa:53".plugins.prometheus | bool | `true` | | 64 | | config.zones."ip6.arpa:53".plugins.reload | bool | `true` | | 65 | | image.args.healthPort | int | `8080` | | 66 | | image.args.interfaceName | string | `"nodelocaldns"` | | 67 | | image.args.quiet | bool | `false` | | 68 | | image.args.setupInterface | bool | `true` | | 69 | | image.args.setupIptables | bool | `false` | | 70 | | image.args.skipTeardown | bool | `true` | | 71 | | image.args.syncInterval | string | `"1ns"` | | 72 | | image.args.upstreamSvc | string | `"kube-dns"` | | 73 | | image.pullPolicy | string | `"IfNotPresent"` | | 74 | | image.repository | string | `"registry.k8s.io/dns/k8s-dns-node-cache"` | | 75 | | image.tag | string | `"1.23.0"` | | 76 | | imagePullSecrets | list | `[]` | | 77 | | metrics.port | int | `9253` | | 78 | | metrics.prometheusScrape | string | `"true"` | | 79 | | nodeSelector | object | `{}` | | 80 | | podAnnotations | object | `{}` | | 81 | | podLabels | object | `{}` | | 82 | | podSecurityContext | object | `{}` | | 83 | | podmonitor.enabled | bool | `false` | | 84 | | podmonitor.metricRelabelings | list | `[]` | | 85 | | priorityClassName | string | `"system-node-critical"` | | 86 | | readinessProbe | string | `nil` | | 87 | | resources.requests.cpu | string | `"30m"` | | 88 | | resources.requests.memory | string | `"50Mi"` | | 89 | | securityContext.privileged | bool | `true` | | 90 | | serviceAccount.annotations | object | `{}` | | 91 | | serviceAccount.create | bool | `true` | | 92 | | serviceAccount.name | string | `""` | | 93 | | tolerations[0].key | string | `"CriticalAddonsOnly"` | | 94 | | tolerations[0].operator | string | `"Exists"` | | 95 | | tolerations[1].effect | string | `"NoExecute"` | | 96 | | tolerations[1].operator | string | `"Exists"` | | 97 | | tolerations[2].effect | string | `"NoSchedule"` | | 98 | | tolerations[2].operator | string | `"Exists"` | | 99 | | updateStrategy.rollingUpdate.maxUnavailable | string | `"10%"` | | 100 | | useHostNetwork | bool | `true` | | 101 | 102 | ## Additional Information 103 | 104 | ### Cilium 105 | 106 | For clusters running [cilium](https://cilium.io/), there is a CRD, 107 | [local-redirect-policy](https://docs.cilium.io/en/stable/network/kubernetes/local-redirect-policy/), 108 | which needs be extra enabled via `--set localRedirectPolicy=true`. 109 | It enables pod traffic destined to an IP address and port/protocol tuple or Kubernetes service to be redirected 110 | locally to backend pod(s) within a node, using eBPF. 111 | The namespace of backend pod(s) need to match with that of the policy. 112 | 113 | For using this feature, values should provides the following extra configuration, 114 | 115 | For getting the `CLUSTER_DNS_IP`, 116 | 117 | ```console 118 | kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP} 119 | ``` 120 | 121 | ```yaml 122 | config: 123 | localDnsIp: CLUSTER_DNS_IP 124 | cilium: 125 | clusterDNSService: kube-dns 126 | clusterDNSNamespace: kube-system 127 | udp: 128 | enabled: true 129 | portName: dns 130 | tcp: 131 | enabled: true 132 | portName: dns-tcp 133 | ``` 134 | 135 | #### RKE2 136 | 137 | As this feature heavily depends on the Cluster DNS implementation, for a [Rancher Kubernetes Engine 2](https://docs.rke2.io/) cluster, 138 | `clusterDNSService` should be `rke2-coredns-rke2-coredns`, and port names, 139 | `udp-53` and `tcp-53` respectively. 140 | 141 | ---------------------------------------------- 142 | Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) -------------------------------------------------------------------------------- /charts/node-local-dns/LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [2021] [Labyrinth Labs] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------