joostvdg/coredns-k8s-sync

Synchronize CoreDNS config file with DNS entries from Kubernetes resources

coredns-k8s-sync

Synchronize CoreDNS config file with DNS entries from Kubernetes resources

TODO

• Reload CoreDNS withouth using systemctl or sudo
  • https://coredns.io/plugins/reload/
  • We can use the file plugin to watch for changes in the file
• Remove the CoreDNS sync logic and use the file plugin
  • https://coredns.io/plugins/file/
  • We can use the file plugin to watch for changes in the file
  • cleanup permissions for user
• Detect changes in Config file, and reload
  • Detect changes in source files
• Gracefull shutdown, when the program is terminated
  • Wait for the CoreDNS restart to complete
  • Ensure we stop or wait for the DNS Collector to finish before closing
  • Inspiration from Tokio Graceful Shutdown docs
• Have proper retry logic for the DNS Collector
• Integration test, using several test source files and then verifying the output
• Support authentication for IDEC endpoints
• CI/CD workflow
• Publish as Ubuntu package
• Publush via Homebrew

Rust Tools Required

rustup component add rustfmt
rustup component add clippy
cargo install cargo-audit

Testing With Kind

• https://istio.io/latest/docs/setup/platform-setup/kind/

kind create cluster --name coredns-k8s-sync

kubectl config use-context kind-coredns-k8s-sync

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml

kubectl wait --namespace metallb-system \
    --for=condition=ready pod \
    --selector=app=metallb \
    --timeout=90s

apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: example
  namespace: metallb-system
spec:
  addresses:
  - 172.19.255.200-172.19.255.250
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: empty
  namespace: metallb-system

kubectl apply -f kind-tests/metallb-pool.yaml

istioctl install --set profile=demo -y

kubectl label namespace default istio-injection=enabled

kubectl apply -f kind-tests/idec.yaml

kubectl port-forward services/idec 8080:80

http :8080/export

export RUST_LOG=INFO

cargo run

Run As SystemD Service

sudo cp coredns-k8s-sync.service /etc/systemd/system/

sudo cat /etc/systemd/system/coredns-k8s-sync.service

sudo systemctl daemon-reload

sudo systemctl enable coredns-k8s-sync

sudo systemctl start coredns-k8s-sync

sudo systemctl stop coredns-k8s-sync

sudo systemctl status coredns-k8s-sync

sudo journalctl -u coredns-k8s-sync -n50

Permisions To Restart CoreDNS Service

sudo vim /etc/sudoers.d/coredns

%coredns ALL= NOPASSWD: /bin/systemctl start coredns-k8s-sync
%coredns ALL= NOPASSWD: /bin/systemctl stop coredns-k8s-sync
%coredns ALL= NOPASSWD: /bin/systemctl restart coredns-k8s-sync

sudo visudo -c

coredns ALL=(ALL) NOPASSWD: ALL