From 4288d2114b6f419845baa12c200515518dda6bdd Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 10:03:27 +0300 Subject: [PATCH 1/9] add .config.dnsServer to -localip only if config.setupIptables is true --- stable/node-local-dns/Chart.yaml | 4 ++-- stable/node-local-dns/README.md | 2 +- stable/node-local-dns/templates/daemonset.yaml | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/stable/node-local-dns/Chart.yaml b/stable/node-local-dns/Chart.yaml index 7ad23442..7e354f5f 100644 --- a/stable/node-local-dns/Chart.yaml +++ b/stable/node-local-dns/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: node-local-dns -version: 1.1.5 -appVersion: 1.22.20 +version: 1.1.6 +appVersion: 1.22.23 maintainers: - name: gabrieladt email: no-reply@deliveryhero.com diff --git a/stable/node-local-dns/README.md b/stable/node-local-dns/README.md index a8b14e13..0b9eb625 100644 --- a/stable/node-local-dns/README.md +++ b/stable/node-local-dns/README.md @@ -1,6 +1,6 @@ # node-local-dns -![Version: 1.1.5](https://img.shields.io/badge/Version-1.1.5-informational?style=flat-square) ![AppVersion: 1.22.20](https://img.shields.io/badge/AppVersion-1.22.20-informational?style=flat-square) +![Version: 1.1.6](https://img.shields.io/badge/Version-1.1.6-informational?style=flat-square) ![AppVersion: 1.22.23](https://img.shields.io/badge/AppVersion-1.22.23-informational?style=flat-square) A chart to install node-local-dns. diff --git a/stable/node-local-dns/templates/daemonset.yaml b/stable/node-local-dns/templates/daemonset.yaml index 07d39b13..fdb0b921 100644 --- a/stable/node-local-dns/templates/daemonset.yaml +++ b/stable/node-local-dns/templates/daemonset.yaml @@ -61,8 +61,13 @@ spec: resources: {{- toYaml . | nindent 10 }} {{- end }} args: + {{- if .Values.config.setupIptables }} - "-localip" - "{{ .Values.config.localDns }},{{ .Values.config.dnsServer }}" + {{- else }} + - "-localip" + - "{{ .Values.config.localDns }}" + {{- end }} - "-conf" - "/etc/Corefile" - "-upstreamsvc" From a01c4e073c9ec15d5b32340bb95da77be7388029 Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 10:39:04 +0300 Subject: [PATCH 2/9] bind on config.dnsServer ip only if config.setupIptables is true --- stable/node-local-dns/templates/configmap.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/node-local-dns/templates/configmap.yaml b/stable/node-local-dns/templates/configmap.yaml index ac12a3ff..7fc88087 100644 --- a/stable/node-local-dns/templates/configmap.yaml +++ b/stable/node-local-dns/templates/configmap.yaml @@ -28,7 +28,7 @@ data: cache 30 reload loop - bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }} + bind {{ .Values.config.localDns }} {{ ternary (printf "%s" .Values.config.dnsServer) "" .Values.config.setupIptables }} forward . __PILLAR__CLUSTER__DNS__ { {{ .Values.config.commProtocol }} } @@ -39,7 +39,7 @@ data: cache 30 reload loop - bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }} + bind {{ .Values.config.localDns }} {{ ternary (printf "%s" .Values.config.dnsServer) "" .Values.config.setupIptables }} forward . __PILLAR__CLUSTER__DNS__ { {{ .Values.config.commProtocol }} } @@ -50,7 +50,7 @@ data: cache 30 reload loop - bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }} + bind {{ .Values.config.localDns }} {{ ternary (printf "%s" .Values.config.dnsServer) "" .Values.config.setupIptables }} forward . __PILLAR__UPSTREAM__SERVERS__ prometheus :9253 } From 3bcbecb9bba4d6cf0fc4317a42cb62f7cf2f010a Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 10:43:26 +0300 Subject: [PATCH 3/9] change defaults args to return iptables compatibility --- stable/node-local-dns/README.md | 6 +++--- stable/node-local-dns/values.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/node-local-dns/README.md b/stable/node-local-dns/README.md index 0b9eb625..63ceacf9 100644 --- a/stable/node-local-dns/README.md +++ b/stable/node-local-dns/README.md @@ -54,9 +54,9 @@ helm install my-release deliveryhero/node-local-dns -f values.yaml | config.dnsServer | string | `"172.20.0.10"` | | | config.healthPort | int | `8080` | | | config.localDns | string | `"169.254.20.25"` | | -| config.setupInterface | bool | `false` | | -| config.setupIptables | bool | `false` | | -| config.skipTeardown | bool | `true` | | +| config.setupInterface | bool | `true` | | +| config.setupIptables | bool | `true` | | +| config.skipTeardown | bool | `false` | | | daemonsetAnnotations | object | `{}` | | | daemonsetLabels | object | `{}` | | | dashboard.annotations | object | `{}` | | diff --git a/stable/node-local-dns/values.yaml b/stable/node-local-dns/values.yaml index 5cc51abc..20a9de70 100644 --- a/stable/node-local-dns/values.yaml +++ b/stable/node-local-dns/values.yaml @@ -19,11 +19,11 @@ config: # Port used for the health endpoint healthPort: 8080 - setupInterface: false + setupInterface: true - setupIptables: false + setupIptables: true - skipTeardown: true + skipTeardown: false nameOverride: "" fullnameOverride: "" From cc2ded4bb55d7bfd5ce65d539bc169f41c1a6a94 Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 17:10:39 +0300 Subject: [PATCH 4/9] bump Chart Version --- stable/node-local-dns/Chart.yaml | 2 +- stable/node-local-dns/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/node-local-dns/Chart.yaml b/stable/node-local-dns/Chart.yaml index 7e354f5f..14094fd5 100644 --- a/stable/node-local-dns/Chart.yaml +++ b/stable/node-local-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: node-local-dns -version: 1.1.6 +version: 1.2.0 appVersion: 1.22.23 maintainers: - name: gabrieladt diff --git a/stable/node-local-dns/README.md b/stable/node-local-dns/README.md index 63ceacf9..a227ee6c 100644 --- a/stable/node-local-dns/README.md +++ b/stable/node-local-dns/README.md @@ -1,6 +1,6 @@ # node-local-dns -![Version: 1.1.6](https://img.shields.io/badge/Version-1.1.6-informational?style=flat-square) ![AppVersion: 1.22.23](https://img.shields.io/badge/AppVersion-1.22.23-informational?style=flat-square) +![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: 1.22.23](https://img.shields.io/badge/AppVersion-1.22.23-informational?style=flat-square) A chart to install node-local-dns. From dc276f9eba7c202cd8b83621bef2b2387ef46f76 Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 19:05:09 +0300 Subject: [PATCH 5/9] simplify daemonset and configmap by using bind 0.0.0.0 and default healh port --- stable/node-local-dns/README.md | 1 - stable/node-local-dns/templates/configmap.yaml | 10 +++++----- stable/node-local-dns/templates/daemonset.yaml | 3 +-- stable/node-local-dns/values.yaml | 3 --- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/stable/node-local-dns/README.md b/stable/node-local-dns/README.md index a227ee6c..cd90663b 100644 --- a/stable/node-local-dns/README.md +++ b/stable/node-local-dns/README.md @@ -52,7 +52,6 @@ helm install my-release deliveryhero/node-local-dns -f values.yaml | config.commProtocol | string | `"force_tcp"` | | | config.dnsDomain | string | `"cluster.local"` | | | config.dnsServer | string | `"172.20.0.10"` | | -| config.healthPort | int | `8080` | | | config.localDns | string | `"169.254.20.25"` | | | config.setupInterface | bool | `true` | | | config.setupIptables | bool | `true` | | diff --git a/stable/node-local-dns/templates/configmap.yaml b/stable/node-local-dns/templates/configmap.yaml index 7fc88087..bdb061c6 100644 --- a/stable/node-local-dns/templates/configmap.yaml +++ b/stable/node-local-dns/templates/configmap.yaml @@ -16,19 +16,19 @@ data: } reload loop - bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }} + bind 0.0.0.0 forward . __PILLAR__CLUSTER__DNS__ { {{ .Values.config.commProtocol }} } prometheus :9253 - health {{ .Values.config.localDns }}:{{ .Values.config.healthPort }} + health } in-addr.arpa:53 { errors cache 30 reload loop - bind {{ .Values.config.localDns }} {{ ternary (printf "%s" .Values.config.dnsServer) "" .Values.config.setupIptables }} + bind 0.0.0.0 forward . __PILLAR__CLUSTER__DNS__ { {{ .Values.config.commProtocol }} } @@ -39,7 +39,7 @@ data: cache 30 reload loop - bind {{ .Values.config.localDns }} {{ ternary (printf "%s" .Values.config.dnsServer) "" .Values.config.setupIptables }} + bind 0.0.0.0 forward . __PILLAR__CLUSTER__DNS__ { {{ .Values.config.commProtocol }} } @@ -50,7 +50,7 @@ data: cache 30 reload loop - bind {{ .Values.config.localDns }} {{ ternary (printf "%s" .Values.config.dnsServer) "" .Values.config.setupIptables }} + bind 0.0.0.0 forward . __PILLAR__UPSTREAM__SERVERS__ prometheus :9253 } diff --git a/stable/node-local-dns/templates/daemonset.yaml b/stable/node-local-dns/templates/daemonset.yaml index fdb0b921..a6ec52a5 100644 --- a/stable/node-local-dns/templates/daemonset.yaml +++ b/stable/node-local-dns/templates/daemonset.yaml @@ -89,9 +89,8 @@ spec: protocol: TCP livenessProbe: httpGet: - host: {{ .Values.config.localDns }} path: /health - port: {{ .Values.config.healthPort }} + port: 8080 initialDelaySeconds: 60 timeoutSeconds: 5 volumeMounts: diff --git a/stable/node-local-dns/values.yaml b/stable/node-local-dns/values.yaml index 20a9de70..706a4838 100644 --- a/stable/node-local-dns/values.yaml +++ b/stable/node-local-dns/values.yaml @@ -16,9 +16,6 @@ config: # Set communication protocol. Options are `prefer_udp` or `force_tcp` commProtocol: "force_tcp" - # Port used for the health endpoint - healthPort: 8080 - setupInterface: true setupIptables: true From 3cd1942b9d04806e05433cedce4b6498f791eaa9 Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 19:38:12 +0300 Subject: [PATCH 6/9] add NET_ADMIN capability only if setupIptables is true --- stable/node-local-dns/templates/daemonset.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/stable/node-local-dns/templates/daemonset.yaml b/stable/node-local-dns/templates/daemonset.yaml index a6ec52a5..ffc0727d 100644 --- a/stable/node-local-dns/templates/daemonset.yaml +++ b/stable/node-local-dns/templates/daemonset.yaml @@ -75,8 +75,10 @@ spec: - "-skipteardown={{ .Values.config.skipTeardown }}" - "-setupinterface={{ .Values.config.setupInterface }}" - "-setupiptables={{ .Values.config.setupIptables }}" + {{- if .Values.config.setupIptables }} securityContext: {{- toYaml .Values.securityContext | nindent 10 }} + {{- end }} ports: - containerPort: 53 name: dns From 8f47aff6f4c5873e97db0b19301dd2d2c6c73dfe Mon Sep 17 00:00:00 2001 From: Max Williams <8859277+max-rocket-internet@users.noreply.github.com> Date: Tue, 29 Aug 2023 19:26:47 +0200 Subject: [PATCH 7/9] Update stable/node-local-dns/Chart.yaml --- stable/node-local-dns/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/node-local-dns/Chart.yaml b/stable/node-local-dns/Chart.yaml index 14094fd5..2922ab7f 100644 --- a/stable/node-local-dns/Chart.yaml +++ b/stable/node-local-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: node-local-dns -version: 1.2.0 +version: 2.0.0 appVersion: 1.22.23 maintainers: - name: gabrieladt From 0840b8a237bbedb8492b3cf752cb09f8964315ae Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 20:44:52 +0300 Subject: [PATCH 8/9] use hostNetwok only if config.setupIptables is true --- stable/node-local-dns/templates/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/node-local-dns/templates/daemonset.yaml b/stable/node-local-dns/templates/daemonset.yaml index ffc0727d..d391fbd7 100644 --- a/stable/node-local-dns/templates/daemonset.yaml +++ b/stable/node-local-dns/templates/daemonset.yaml @@ -45,7 +45,7 @@ spec: {{- end }} priorityClassName: system-node-critical serviceAccountName: {{ include "node-local-dns.serviceAccountName" . }} - hostNetwork: true + hostNetwork: {{ .Values.config.setupIptables }} dnsPolicy: Default # Don't use cluster DNS. tolerations: - key: "CriticalAddonsOnly" From dc4f6233f3cb1f5554be7cef2b9ef720fb501e8b Mon Sep 17 00:00:00 2001 From: Stanislav Shcherbakov Date: Tue, 29 Aug 2023 20:45:27 +0300 Subject: [PATCH 9/9] fix chart version in readme --- stable/node-local-dns/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/node-local-dns/README.md b/stable/node-local-dns/README.md index cd90663b..61bed97f 100644 --- a/stable/node-local-dns/README.md +++ b/stable/node-local-dns/README.md @@ -1,6 +1,6 @@ # node-local-dns -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: 1.22.23](https://img.shields.io/badge/AppVersion-1.22.23-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 1.22.23](https://img.shields.io/badge/AppVersion-1.22.23-informational?style=flat-square) A chart to install node-local-dns.