Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 462cd7959e515879ca54c1c7b8d72a043b37330c^! / .
commit462cd7959e515879ca54c1c7b8d72a043b37330c[log] [tgz]
authorMohammed Naser <mnaser@vexxhost.com>Mon Aug 22 14:17:20 2022 -0400
committerMohammed Naser <mnaser@vexxhost.com>Mon Aug 22 14:19:14 2022 -0400
treefc49168c8f68e3c75fcc74f151ee9cd51d9fc508
parentc61c87dffaecd8c322ebd61747f71d29bd7bc739 [diff]
Added native CoreDNS system for recursive DNS

This will get native DNS out of the box for users and it will use DNS
over TLS as well to ensure requests go over the network securely.

Sem-Ver: feature
Change-Id: I3046fc1bf775afc86d60695d7ebe175799b9159f

diff --git a/playbooks/generate_workspace.yml b/playbooks/generate_workspace.yml
index 982078e..c072d94 100644
--- a/playbooks/generate_workspace.yml
+++ b/playbooks/generate_workspace.yml

@@ -277,9 +277,6 @@
                 gateway_ip: 10.96.250.10
                 allocation_pool_start: 10.96.250.200
                 allocation_pool_end: 10.96.250.220
-                dns_nameservers:
-                  - 1.1.1.1
-                  - 1.0.0.1
                 enable_dhcp: true
 
     - name: Write new Neutron configuration file to disk

diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml
index 4736047..29b21c6 100644
--- a/playbooks/openstack.yml
+++ b/playbooks/openstack.yml

@@ -113,6 +113,10 @@
       tags:
         - openstack-helm-infra-libvirt
 
+    - role: coredns
+      tags:
+        - coredns
+
     - role: openstack_helm_neutron
       tags:
         - openstack-helm-neutron

diff --git a/releasenotes/notes/add-coredns-forwarder-14bb2a1830cc57e6.yaml b/releasenotes/notes/add-coredns-forwarder-14bb2a1830cc57e6.yaml
new file mode 100644
index 0000000..2ba9d10
--- /dev/null
+++ b/releasenotes/notes/add-coredns-forwarder-14bb2a1830cc57e6.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Added native deployment of CoreDNS dedicated for forwarding and caching DNS
+    requests for the cloud.  By default, it's enabled to use DNS over TLS using
+    both CloudFlare and Google DNS.

diff --git a/roles/coredns/tasks/main.yml b/roles/coredns/tasks/main.yml
new file mode 100644
index 0000000..51a94be
--- /dev/null
+++ b/roles/coredns/tasks/main.yml

@@ -0,0 +1,89 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy Helm chart
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      - apiVersion: source.toolkit.fluxcd.io/v1beta2
+        kind: HelmRepository
+        metadata:
+          name: coredns
+          namespace: openstack
+        spec:
+          interval: 60s
+          url: https://coredns.github.io/helm
+
+      - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+        kind: HelmRelease
+        metadata:
+          name: neutron-coredns
+          namespace: openstack
+        spec:
+          interval: 60s
+          chart:
+            spec:
+              chart: coredns
+              version: 1.19.4
+              sourceRef:
+                kind: HelmRepository
+                name: coredns
+          values:
+            replicaCount: 3
+            service:
+              name: neutron-coredns
+              clusterIP: 10.96.0.20
+            isClusterService: false
+            servers:
+              - port: 53
+                zones:
+                  - zone: .
+                plugins:
+                  - name: errors
+                  - name: ready
+                  - name: health
+                    configBlock: |-
+                      lameduck 5s
+                  - name: prometheus
+                    parameters: 0.0.0.0:9153
+                  - name: cache
+                  - name: reload
+                  - name: loadbalance
+                  - name: forward
+                    parameters: . 127.0.0.1:5301 127.0.0.1:5302
+              - port: 5301
+                zones:
+                  - zone: .
+                plugins:
+                  - name: forward
+                    parameters: . tls://1.1.1.1 tls://1.0.0.1
+                    configBlock: |-
+                      tls_servername cloudflare-dns.com
+                      health_check 5s
+              - port: 5302
+                zones:
+                  - zone: .
+                plugins:
+                  - name: forward
+                    parameters: . tls://8.8.8.8 tls://8.8.4.4
+                    configBlock: |-
+                      tls_servername dns.google
+                      health_check 5s
+            nodeSelector:
+              openstack-control-plane: enabled
+            customLabels:
+              application: neutron
+              component: coredns
+            deployment:
+              name: neutron-coredns

diff --git a/roles/openstack_helm_neutron/vars/main.yml b/roles/openstack_helm_neutron/vars/main.yml
index 91e2e30..352f973 100644
--- a/roles/openstack_helm_neutron/vars/main.yml
+++ b/roles/openstack_helm_neutron/vars/main.yml

@@ -62,7 +62,7 @@
         service_provider: VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
     dhcp_agent:
       DEFAULT:
-        dnsmasq_dns_servers: 1.1.1.1
+        dnsmasq_dns_servers: 10.96.0.20
         enable_isolated_metadata: true
     l3_agent:
       AGENT: