Kubernetes Integration

[georglauterbach]

Summary

This projects seems to supply the best DNS server in a container that one could ask for (especially when it comes to security features). Therefore, I'd like to help with documenting Kubernetes. I came across this as coreDNS does not seem to be able to do DNSSEC validation (which I find to be ridiculous). Therefore, I can point coreDNS to this container in my cluster and let this container do the resolution over TLS/HTTP with DNSSEC etc.

What would this help look like?

I am going to write a Deployment, Service and configMap which should suffice to get this up and running in a cluster. I would then add a document, maybe in the form of a KUBERNETES.md, because Kubernetes support should stay community-maintained (as it is a lot of work and maintainers most likely do not have the time).

Why this issue?

I want to ask first before doing the work in order to avoid unnecessary work. If maintainers are fine with this, I will submit a PR in the future.

[qdm12]

That sounds perfect. Go for it!

Note however that the current latest and v1.x.x docker images do dns over tls AND Dnssec, not Https. I could add https now that Unbound supports it if really needed, but...

Since before Unbound added support for DNS over HTTPS I started working on a full go only implementation of DNS over TLS+HTTPS which is available in tag :v2.0.0-beta. Now that one doesn't do DNSSEC yet, and there is also a bug where the server hangs when shutting down. It will also have breaking changes (different variables, be based on Scratch etc.). So don't use that one for now, but just so you're aware you might need to update your files in the next few weeks (maybe 1-2 months).

[georglauterbach]

I'm currently using the v2 Beta and it seems to work fine. I would like to stay on the beta version to test the latest changes. I do not actually need DoH, because I use DoT. DNSSEC is something I look forward to :D Reach back to me when DNSSEC is ready :)

I will come up with a PR when I'm ready and I will put this in a new file :)

[qdm12]

Great, I'll try to focus on DNSSEC. Right now I'm adding Prometheus metrics to debug (the lazy way) that shutdown issue. If you use v2, leave the UPDATE_PERIOD=0 so it doesn't restart for now. Mine stalls about every ~2 weeks with a 12 hours restart period and it has to be manually rebooted ughh. I'll let you know once #60 is done.

[georglauterbach]

@qdm12 Have a look at #83, these are the instructions :)

Just reach back to me when DNSSEC is ready :)

[georglauterbach]

@qdm12 #83 is ready to be merged :)

[qdm12]

Ah ok sorry about that I thought you wanted to wait for DNSSEC! (subscribe to #60 then 😉)

I'm going to be annoying, sorry in advance, but sadly I rebased v2.0.0-beta on master so there is a whole lot of weird deltas on the PR now (especially for the readme.md for some reason).

Would you mind doing that on your forked repo (basically redo your changes on a fresh k8s branch):

git checkout k8s
cp KUBERNETES.md KUBERNETES.md.bak
git checkout v2.0.0-beta
git pull
git branch -D k8s
git checkout -b k8s
mv KUBERNETES.md.bak KUBERNETES.md

Then small manual step, re-add

If you're running Kubernetes, there is a separate article on [how to set up K8s](https://github.com/qdm12/dns/blob/v2.0.0-beta/KUBERNETES.md).

Before ## Docker tags in the README.md

Finally

git add .
git commit -m "chore(K8s): add Kubernetes usage instructions"
git push --force

Thanks!!

[georglauterbach]

No big deal, just a rebase :) I hope I did it right though :D

I will subscribe to #60. In the meantime, #83 can be merged and this issue closed.

[georglauterbach]

I will close this as #83 was merged.

[qdm12]

Thanks @georglauterbach!