add node-local-dns 2.1.0 to the right dir

lojaintegrada · Jan 15, 2025 · 693854c · 693854c
1 parent 52adaa6
commit 693854c
Show file tree

Hide file tree

Showing 17 changed files with 386 additions and 260 deletions.
diff --git a/charts/node-local-dns/.helmignore → charts/node-local-dns 2/.helmignore b/charts/node-local-dns/.helmignore → charts/node-local-dns 2/.helmignore
diff --git a/charts/node-local-dns/Chart.yaml → charts/node-local-dns 2/Chart.yaml b/charts/node-local-dns/Chart.yaml → charts/node-local-dns 2/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.22.23
+appVersion: 1.23.1
 description: 'A chart to install node-local-dns.  NodeLocal DNSCache improves Cluster
   DNS performance by running a DNS caching agent on cluster nodes as a DaemonSet.  In
   today''s architecture, Pods in ''ClusterFirst'' DNS mode reach out to a kube-dns
@@ -15,4 +15,4 @@ maintainers:
 - email: no-reply@deliveryhero.com
   name: gabrieladt
 name: node-local-dns
-version: 2.0.4
+version: 2.1.0
diff --git a/charts/node-local-dns 2/README.md b/charts/node-local-dns 2/README.md
@@ -0,0 +1,95 @@
+# node-local-dns
+
+![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 1.23.1](https://img.shields.io/badge/AppVersion-1.23.1-informational?style=flat-square)
+
+A chart to install node-local-dns.
+
+NodeLocal DNSCache improves Cluster DNS performance by running a DNS caching agent on cluster nodes as a DaemonSet.
+
+In today's architecture, Pods in 'ClusterFirst' DNS mode reach out to a kube-dns serviceIP for DNS queries. This is translated to a kube-dns/CoreDNS endpoint via iptables rules added by kube-proxy. With this new architecture, Pods will reach out to the DNS caching agent running on the same node, thereby avoiding iptables DNAT rules and connection tracking. The local caching agent will query kube-dns service for cache misses of cluster hostnames ("cluster.local" suffix by default).
+
+Further documentation is [here](https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/)
+
+This helm chart works for both kube-proxy setups (iptables or ipvs).
+
+## How to install this chart
+
+Add Delivery Hero public chart repo:
+
+```console
+helm repo add deliveryhero https://charts.deliveryhero.io/
+```
+
+A simple install with default values:
+
+```console
+helm install deliveryhero/node-local-dns
+```
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install my-release deliveryhero/node-local-dns
+```
+
+To install with some set values:
+
+```console
+helm install my-release deliveryhero/node-local-dns --set values_key1=value1 --set values_key2=value2
+```
+
+To install with custom values file:
+
+```console
+helm install my-release deliveryhero/node-local-dns -f values.yaml
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| config.bindIp | bool | `false` | If false, it will bind 0.0.0.0, otherwise dnsServer and localDns will be used. https://github.com/bottlerocket-os/bottlerocket/issues/3711#issuecomment-1907087528 |
+| config.commProtocol | string | `"force_tcp"` | Set communication protocol. Options are `prefer_udp` or `force_tcp` |
+| config.customConfig | string | `""` | Overrides the generated configuration with specified one. |
+| config.customUpstreamsvc | string | `""` | Use a custom upstreamsvc for -upstreamsvc |
+| config.dnsDomain | string | `"cluster.local"` | Internal k8s DNS domain |
+| config.dnsServer | string | `"172.20.0.10"` | Main coredns service (kube-dns) ip, used on iptables-mode. |
+| config.healthPort | int | `8080` | Port used for the health endpoint |
+| config.localDns | string | `"169.254.20.25"` |  |
+| config.noIPv6Lookups | bool | `false` | If true, return NOERROR when attempting to resolve an IPv6 address |
+| config.prefetch | object | `{"amount":3,"duration":"30s","enabled":false,"percentage":"20%"}` | If enabled, coredns will prefetch popular items when they are about to be expunged from the cache. https://coredns.io/plugins/cache/ |
+| config.setupInterface | bool | `true` |  |
+| config.setupIptables | bool | `true` |  |
+| config.skipTeardown | bool | `false` |  |
+| daemonsetAnnotations | object | `{}` |  |
+| daemonsetLabels | object | `{}` |  |
+| dashboard | object | `{"annotations":{},"enabled":false,"label":"grafana_dashboard","namespace":"kube-system"}` | https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md |
+| dashboard.label | string | `"grafana_dashboard"` | label that grafana sidecar is configured to look for |
+| dashboard.namespace | string | `"kube-system"` | namespace where grafana sidecar is configured to look for dashboards. e.g. "monitoring" |
+| fullnameOverride | string | `""` |  |
+| image.repository | string | `"registry.k8s.io/dns/k8s-dns-node-cache"` |  |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| prometheusScraping.enabled | bool | `true` |  |
+| resources.limits.memory | string | `"128Mi"` |  |
+| resources.requests.cpu | string | `"25m"` |  |
+| resources.requests.memory | string | `"128Mi"` |  |
+| securityContext.capabilities.add[0] | string | `"NET_ADMIN"` |  |
+| service.annotations | object | `{}` | Annotations to add to the service. |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
+| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template. |
+| serviceMonitor | object | `{"enabled":false,"honorLabels":false,"labels":{},"metricRelabelings":[],"path":"/metrics","relabelings":[]}` | https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md |
+| serviceMonitor.enabled | bool | `false` | Ensure that servicemonitor is created, this will disable prometheus annotations |
+| serviceMonitor.metricRelabelings | list | `[]` | Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) |
+| serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) |
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| gabrieladt | <no-reply@deliveryhero.com> |  |
diff --git a/charts/node-local-dns/dashboard.json → charts/node-local-dns 2/dashboard.json b/charts/node-local-dns/dashboard.json → charts/node-local-dns 2/dashboard.json
diff --git a/charts/node-local-dns/templates/_helpers.tpl → ...s/node-local-dns 2/templates/_helpers.tpl b/charts/node-local-dns/templates/_helpers.tpl → ...s/node-local-dns 2/templates/_helpers.tpl
diff --git a/...al-dns/templates/configmap-dashboard.yaml → ...-dns 2/templates/configmap-dashboard.yaml b/...al-dns/templates/configmap-dashboard.yaml → ...-dns 2/templates/configmap-dashboard.yaml
diff --git a/charts/node-local-dns 2/templates/configmap.yaml b/charts/node-local-dns 2/templates/configmap.yaml
@@ -0,0 +1,117 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "node-local-dns.fullname" . }}
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    {{- include "node-local-dns.labels" . | nindent 4 }}
+data:
+  Corefile: |
+    {{- if .Values.config.customConfig -}}
+    {{- tpl .Values.config.customConfig . | nindent 4}}
+    {{- else }}
+    {{ .Values.config.dnsDomain }}:53 {
+        errors
+        cache {
+                success 9984 30
+                denial 9984 5
+            {{- if .Values.config.prefetch.enabled}}
+                prefetch {{ .Values.config.prefetch.amount }} {{ .Values.config.prefetch.duration }} {{ .Values.config.prefetch.percentage }}
+            {{- end }}
+        }
+        reload
+        loop
+    {{- if .Values.config.bindIp }}
+        bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }}
+    {{- else }}
+        bind 0.0.0.0
+    {{- end }}
+        forward . __PILLAR__CLUSTER__DNS__ {
+                {{ .Values.config.commProtocol }}
+        }
+    {{- if .Values.config.noIPv6Lookups }}
+        template IN AAAA {
+                rcode NOERROR
+        }
+    {{- end }}
+        prometheus :9253
+        health :{{ .Values.config.healthPort }}
+        }
+    in-addr.arpa:53 {
+        errors
+    {{- if .Values.config.prefetch.enabled}}
+        cache 30 {
+                prefetch {{ .Values.config.prefetch.amount }} {{ .Values.config.prefetch.duration }} {{ .Values.config.prefetch.percentage }}
+        }
+    {{- else }}
+        cache 30
+    {{- end }}
+        reload
+        loop
+    {{- if .Values.config.bindIp }}
+        bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }}
+    {{- else }}
+        bind 0.0.0.0
+    {{- end }}
+        forward . __PILLAR__CLUSTER__DNS__ {
+                {{ .Values.config.commProtocol }}
+        }
+    {{- if .Values.config.noIPv6Lookups }}
+        template IN AAAA {
+                rcode NOERROR
+        }
+    {{- end }}
+        prometheus :9253
+        }
+    ip6.arpa:53 {
+        errors
+    {{- if .Values.config.prefetch.enabled}}
+        cache 30 {
+                prefetch {{ .Values.config.prefetch.amount }} {{ .Values.config.prefetch.duration }} {{ .Values.config.prefetch.percentage }}
+        }
+    {{- else }}
+        cache 30
+    {{- end }}
+        reload
+        loop
+    {{- if .Values.config.bindIp }}
+        bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }}
+    {{- else }}
+        bind 0.0.0.0
+    {{- end }}
+        forward . __PILLAR__CLUSTER__DNS__ {
+                {{ .Values.config.commProtocol }}
+        }
+    {{- if .Values.config.noIPv6Lookups }}
+        template IN AAAA {
+                rcode NOERROR
+        }
+    {{- end }}
+        prometheus :9253
+        }
+    .:53 {
+        errors
+    {{- if .Values.config.prefetch.enabled}}
+        cache 30 {
+                prefetch {{ .Values.config.prefetch.amount }} {{ .Values.config.prefetch.duration }} {{ .Values.config.prefetch.percentage }}
+        }
+    {{- else }}
+        cache 30
+    {{- end }}
+        reload
+        loop
+    {{- if .Values.config.bindIp }}
+        bind {{ .Values.config.localDns }} {{ .Values.config.dnsServer }}
+    {{- else }}
+        bind 0.0.0.0
+    {{- end }}
+        forward . __PILLAR__UPSTREAM__SERVERS__
+        prometheus :9253
+    {{- if .Values.config.noIPv6Lookups }}
+        template IN AAAA {
+                rcode NOERROR
+        }
+    {{- end }}
+        }
+    {{ end }}
diff --git a/...s/node-local-dns/templates/daemonset.yaml → ...node-local-dns 2/templates/daemonset.yaml b/...s/node-local-dns/templates/daemonset.yaml → ...node-local-dns 2/templates/daemonset.yaml
@@ -71,7 +71,11 @@ spec:
           - "-conf"
           - "/etc/Corefile"
           - "-upstreamsvc"
+        {{- if .Values.config.customUpstreamsvc }}
+          - "{{ .Values.config.customUpstreamsvc }}"
+        {{- else }}
           - "{{ include "node-local-dns.fullname" . }}-upstream"
+        {{- end }}
           - "-skipteardown={{ .Values.config.skipTeardown }}"
           - "-setupinterface={{ .Values.config.setupInterface }}"
           - "-setupiptables={{ .Values.config.setupIptables }}"

diff --git a/...local-dns/templates/service-upstream.yaml → ...cal-dns 2/templates/service-upstream.yaml b/...local-dns/templates/service-upstream.yaml → ...cal-dns 2/templates/service-upstream.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.config.customUpstreamsvc -}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -17,3 +18,4 @@ spec:
     targetPort: 53
   selector:
     k8s-app: kube-dns
+{{- end -}}
diff --git a/charts/node-local-dns/templates/service.yaml → ...s/node-local-dns 2/templates/service.yaml b/charts/node-local-dns/templates/service.yaml → ...s/node-local-dns 2/templates/service.yaml
@@ -5,11 +5,8 @@ metadata:
   namespace: kube-system
   labels:
     {{- include "node-local-dns.labels" . | nindent 4 }}
-
-  {{- if and (not .Values.serviceMonitor.enabled) .Values.prometheusScraping.enabled }}
-  annotations:
-    prometheus.io/port: "9253"
-    prometheus.io/scrape: "true"
+  {{- with .Values.service.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
   {{- end }}
 spec:
   clusterIP: None

diff --git a/...e-local-dns/templates/serviceaccount.yaml → ...local-dns 2/templates/serviceaccount.yaml b/...e-local-dns/templates/serviceaccount.yaml → ...local-dns 2/templates/serviceaccount.yaml
diff --git a/charts/node-local-dns 2/templates/servicemonitor.yaml b/charts/node-local-dns 2/templates/servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "node-local-dns.fullname" . }}
+  namespace: kube-system
+  {{- if .Values.serviceMonitor.labels }}
+  labels:
+  {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+  {{- end }}
+spec:
+  endpoints:
+    - port: metrics
+      path: {{ .Values.serviceMonitor.path }}
+      honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+      {{- with .Values.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
+      {{- with .Values.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ . }}
+      {{- end }}
+      {{- with .Values.serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+        {{- tpl (toYaml . | nindent 6) $ }}
+      {{- end }}
+      {{- with .Values.serviceMonitor.relabelings }}
+      relabelings:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - kube-system
+  selector:
+    matchLabels:
+      {{- include "node-local-dns.selectorLabels" . | nindent 6 }}
+{{- end -}}