-
Notifications
You must be signed in to change notification settings - Fork 14
/
nodedns.go
101 lines (95 loc) · 2.6 KB
/
nodedns.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package nodedns
import (
"bytes"
"text/template"
"github.com/cybozu-go/cke/op"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type unboundConfigTemplate struct {
Domain string
ClusterIP string
Upstreams []string
}
const unboundConfigTemplateText = `
server:
do-daemonize: no
interface: 0.0.0.0
interface-automatic: yes
access-control: 0.0.0.0/0 allow
chroot: ""
username: ""
directory: "/etc/unbound"
logfile: ""
use-syslog: no
log-time-ascii: yes
log-queries: yes
log-replies: yes
log-local-actions: yes
log-servfail: yes
rrset-roundrobin: yes
pidfile: "/tmp/unbound.pid"
infra-host-ttl: 60
prefetch: yes
tcp-upstream: yes
local-zone: "10.in-addr.arpa." transparent
local-zone: "168.192.in-addr.arpa." transparent
local-zone: "16.172.in-addr.arpa." transparent
local-zone: "17.172.in-addr.arpa." transparent
local-zone: "18.172.in-addr.arpa." transparent
local-zone: "19.172.in-addr.arpa." transparent
local-zone: "20.172.in-addr.arpa." transparent
local-zone: "21.172.in-addr.arpa." transparent
local-zone: "22.172.in-addr.arpa." transparent
local-zone: "23.172.in-addr.arpa." transparent
local-zone: "24.172.in-addr.arpa." transparent
local-zone: "25.172.in-addr.arpa." transparent
local-zone: "26.172.in-addr.arpa." transparent
local-zone: "27.172.in-addr.arpa." transparent
local-zone: "28.172.in-addr.arpa." transparent
local-zone: "29.172.in-addr.arpa." transparent
local-zone: "30.172.in-addr.arpa." transparent
local-zone: "31.172.in-addr.arpa." transparent
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-use-cert: no
stub-zone:
name: "{{ .Domain }}"
stub-addr: {{ .ClusterIP }}
forward-zone:
name: "in-addr.arpa."
forward-addr: {{ .ClusterIP }}
forward-zone:
name: "ip6.arpa."
forward-addr: {{ .ClusterIP }}
{{- if .Upstreams }}
forward-zone:
name: "."
{{- range .Upstreams }}
forward-addr: {{ . }}
{{- end }}
{{- end }}
`
// ConfigMap returns ConfigMap for unbound daemonset
func ConfigMap(clusterIP, domain string, dnsServers []string) *corev1.ConfigMap {
var confTempl unboundConfigTemplate
confTempl.Domain = domain
confTempl.ClusterIP = clusterIP
confTempl.Upstreams = dnsServers
tmpl := template.Must(template.New("").Parse(unboundConfigTemplateText))
unboundConf := new(bytes.Buffer)
err := tmpl.Execute(unboundConf, confTempl)
if err != nil {
panic(err)
}
return &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: op.NodeDNSAppName,
Namespace: "kube-system",
},
Data: map[string]string{
"unbound.conf": unboundConf.String(),
},
}
}