From 64670ed470586cce09da713b319d59baf93425e8 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 11 Sep 2018 17:53:02 -0700 Subject: [PATCH] Add consul-dns service --- templates/client-daemonset.yaml | 2 ++ templates/dns-service.yaml | 26 +++++++++++++++++++ templates/server-statefulset.yaml | 2 ++ test/unit/dns-service.bats | 43 +++++++++++++++++++++++++++++++ values.yaml | 41 +++++++++++++++++------------ 5 files changed, 98 insertions(+), 16 deletions(-) create mode 100644 templates/dns-service.yaml create mode 100755 test/unit/dns-service.bats diff --git a/templates/client-daemonset.yaml b/templates/client-daemonset.yaml index 394f5b1..23b9897 100644 --- a/templates/client-daemonset.yaml +++ b/templates/client-daemonset.yaml @@ -16,6 +16,7 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: client + hasDNS: "true" template: metadata: labels: @@ -23,6 +24,7 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: client + hasDNS: "true" annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/templates/dns-service.yaml b/templates/dns-service.yaml new file mode 100644 index 0000000..8f0d30f --- /dev/null +++ b/templates/dns-service.yaml @@ -0,0 +1,26 @@ +# Service for Consul DNS. +{{- if (or (and (ne (.Values.dns.enabled | toString) "-") .Values.dns.enabled) (and (eq (.Values.dns.enabled | toString) "-") .Values.global.enabled)) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "consul.fullname" . }}-dns + labels: + app: {{ template "consul.name" . }} + chart: {{ template "consul.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: dns-tcp + port: 53 + protocol: "TCP" + targetPort: dns + - name: dns-udp + port: 53 + protocol: "UDP" + targetPort: dns + selector: + app: {{ template "consul.name" . }} + release: "{{ .Release.Name }}" + hasDNS: "true" +{{- end }} diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index 4720e6d..7276782 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -25,6 +25,7 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: server + hasDNS: "true" template: metadata: labels: @@ -32,6 +33,7 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: server + hasDNS: "true" annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/test/unit/dns-service.bats b/test/unit/dns-service.bats new file mode 100755 index 0000000..8acfdcf --- /dev/null +++ b/test/unit/dns-service.bats @@ -0,0 +1,43 @@ +#!/usr/bin/env bats + +load _helpers + +@test "dns/Service: enabled by default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/dns-service.yaml \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "dns/Service: enable with global.enabled false" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/dns-service.yaml \ + --set 'global.enabled=false' \ + --set 'dns.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "dns/Service: disable with dns.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/dns-service.yaml \ + --set 'dns.enabled=false' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "dns/Service: disable with global.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/dns-service.yaml \ + --set 'global.enabled=false' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} diff --git a/values.yaml b/values.yaml index 73a3618..27bd0a7 100644 --- a/values.yaml +++ b/values.yaml @@ -94,6 +94,31 @@ client: # name: my-secret # load: false # if true, will add to `-config-dir` to load by Consul +# Configuration for DNS configuration within the Kubernetes cluster. +# This creates a service that routes to all agents (client or server) +# for serving DNS requests. This DOES NOT automatically configure kube-dns +# today, so you must still manually configure a `stubDomain` with kube-dns +# for this to have any effect: +# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers +dns: + enabled: "-" + +ui: + # True if you want to enable the Consul UI. The UI will run only + # on the server nodes. This makes UI access via the service below (if + # enabled) predictable rather than "any node" if you're running Consul + # clients as well. + enabled: "-" + + # True if you want to create a Service entry for the Consul UI. + # + # serviceType can be used to control the type of service created. For + # example, setting this to "LoadBalancer" will create an external load + # balancer (for supported K8S installations) to access the UI. + service: + enabled: true + type: null + # ConnectInject will enable the automatic Connect sidecar injector. connectInject: enabled: false # "-" disable this by default for now until the image is public @@ -128,22 +153,6 @@ connectInject: certName: tls.crt keyName: tls.key -ui: - # True if you want to enable the Consul UI. The UI will run only - # on the server nodes. This makes UI access via the service below (if - # enabled) predictable rather than "any node" if you're running Consul - # clients as well. - enabled: "-" - - # True if you want to create a Service entry for the Consul UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - service: - enabled: true - type: null - test: image: lachlanevenson/k8s-kubectl imageTag: v1.4.8-bash