Add consul-dns service

2018-09-11 17:53:02 -07:00 · 2018-09-11 17:53:02 -07:00 · 64670ed470
commit 64670ed470
parent 0db2be6d10
5 changed files with 98 additions and 16 deletions
--- a/templates/client-daemonset.yaml
+++ b/templates/client-daemonset.yaml
@ -16,6 +16,7 @@ spec:
      chart: {{ template "consul.chart" . }}
      release: {{ .Release.Name }}
      component: client
+      hasDNS: "true"
  template:
    metadata:
      labels:
@ -23,6 +24,7 @@ spec:
        chart: {{ template "consul.chart" . }}
        release: {{ .Release.Name }}
        component: client
+        hasDNS: "true"
      annotations:
        "consul.hashicorp.com/connect-inject": "false"
    spec:
--- a/templates/dns-service.yaml
+++ b/templates/dns-service.yaml
@ -0,0 +1,26 @@
+# Service for Consul DNS.
+{{- if (or (and (ne (.Values.dns.enabled | toString) "-") .Values.dns.enabled) (and (eq (.Values.dns.enabled | toString) "-") .Values.global.enabled)) }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "consul.fullname" . }}-dns
+  labels:
+    app: {{ template "consul.name" . }}
+    chart: {{ template "consul.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  ports:
+    - name: dns-tcp
+      port: 53
+      protocol: "TCP"
+      targetPort: dns
+    - name: dns-udp
+      port: 53
+      protocol: "UDP"
+      targetPort: dns
+  selector:
+    app: {{ template "consul.name" . }}
+    release: "{{ .Release.Name }}"
+    hasDNS: "true"
+{{- end }}
--- a/templates/server-statefulset.yaml
+++ b/templates/server-statefulset.yaml
@ -25,6 +25,7 @@ spec:
      chart: {{ template "consul.chart" . }}
      release: {{ .Release.Name }}
      component: server
+      hasDNS: "true"
  template:
    metadata:
      labels:
@ -32,6 +33,7 @@ spec:
        chart: {{ template "consul.chart" . }}
        release: {{ .Release.Name }}
        component: server
+        hasDNS: "true"
      annotations:
        "consul.hashicorp.com/connect-inject": "false"
    spec:
--- a/test/unit/dns-service.bats
+++ b/test/unit/dns-service.bats
@ -0,0 +1,43 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+@test "dns/Service: enabled by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -x templates/dns-service.yaml  \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "dns/Service: enable with global.enabled false" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -x templates/dns-service.yaml  \
+      --set 'global.enabled=false' \
+      --set 'dns.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "dns/Service: disable with dns.enabled" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -x templates/dns-service.yaml  \
+      --set 'dns.enabled=false' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "dns/Service: disable with global.enabled" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -x templates/dns-service.yaml  \
+      --set 'global.enabled=false' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
--- a/values.yaml
+++ b/values.yaml
@ -94,6 +94,31 @@ client:
    #   name: my-secret
    #   load: false # if true, will add to `-config-dir` to load by Consul

+# Configuration for DNS configuration within the Kubernetes cluster.
+# This creates a service that routes to all agents (client or server)
+# for serving DNS requests. This DOES NOT automatically configure kube-dns
+# today, so you must still manually configure a `stubDomain` with kube-dns
+# for this to have any effect:
+# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers
+dns:
+  enabled: "-"
+
+ui:
+  # True if you want to enable the Consul UI. The UI will run only
+  # on the server nodes. This makes UI access via the service below (if
+  # enabled) predictable rather than "any node" if you're running Consul
+  # clients as well.
+  enabled: "-"
+
+  # True if you want to create a Service entry for the Consul UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  service:
+    enabled: true
+    type: null
+
 # ConnectInject will enable the automatic Connect sidecar injector.
 connectInject:
  enabled: false # "-" disable this by default for now until the image is public
@ -128,22 +153,6 @@ connectInject:
    certName: tls.crt
    keyName: tls.key

-ui:
-  # True if you want to enable the Consul UI. The UI will run only
-  # on the server nodes. This makes UI access via the service below (if
-  # enabled) predictable rather than "any node" if you're running Consul
-  # clients as well.
-  enabled: "-"
-
-  # True if you want to create a Service entry for the Consul UI.
-  #
-  # serviceType can be used to control the type of service created. For
-  # example, setting this to "LoadBalancer" will create an external load
-  # balancer (for supported K8S installations) to access the UI.
-  service:
-    enabled: true
-    type: null
-
 test:
  image: lachlanevenson/k8s-kubectl
  imageTag: v1.4.8-bash