-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
625d354
commit 6af814c
Showing
14 changed files
with
111 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,4 +13,4 @@ | |
- containerd | ||
- kube_common | ||
- kubelet_config | ||
- role: prometheus/node_exporter | ||
# - role: prometheus/node_exporter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
$ORIGIN . | ||
$TTL 60 ; 1 minute | ||
internal IN SOA ns1.internal. admin.internal. ( | ||
2014 ; serial | ||
604800 ; refresh (1 week) | ||
86400 ; retry (1 day) | ||
2419200 ; expire (4 weeks) | ||
604800 ; minimum (1 week) | ||
) | ||
NS ns1.internal. | ||
NS ns2.internal. | ||
$ORIGIN internal. | ||
$TTL 60 ; 1 minute | ||
ns1 A 10.0.2.26 | ||
ns2 A 10.0.2.26 | ||
server A 10.0.2.26 | ||
jenkins CNAME server | ||
registry CNAME server | ||
kube-cluster CNAME server | ||
ingress CNAME kube-cluster | ||
jenkins-agent A 10.0.2.37 | ||
registry CNAME server | ||
vault CNAME server | ||
prometheus A 10.0.2.14 | ||
grafana CNAME prometheus | ||
master-node1 A 10.0.2.34 | ||
worker-node1 A 10.0.2.32 | ||
worker-node2 A 10.0.2.33 | ||
kube-state-metrics A 10.0.2.32 | ||
A 10.0.2.33 | ||
hello-kubernetes A 10.0.2.32 | ||
A 10.0.2.33 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
// DNS zone internal | ||
|
||
zone "internal" IN { | ||
type master; | ||
file "/etc/bind/db.internal"; // path to zone file | ||
|
||
allow-transfer { | ||
key kube-cluster.internal.; | ||
}; | ||
|
||
update-policy { | ||
grant kube-cluster.internal. zonesub ANY; | ||
}; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,24 +1,38 @@ | ||
controls { | ||
inet {{ ansible_default_ipv4.address }} port 953 allow { 10.0.0.0/8; } keys { "kube-cluster.internal."; }; | ||
// inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; | ||
}; | ||
|
||
acl "trusted" { | ||
localhost; | ||
10.0.0.0/8; | ||
172.16.0.0/12; | ||
192.168.0.0/16; | ||
}; | ||
|
||
// For external-dns | ||
key kube-cluster.internal. { | ||
algorithm hmac-sha256; | ||
secret "{{ key_internal }}"; | ||
}; | ||
|
||
options { | ||
directory "/var/cache/bind"; | ||
|
||
listen-on port 53 { 127.0.0.1; {% for ip in ansible_all_ipv4_addresses %}{{ ip }}; {% endfor %}}; | ||
|
||
recursion yes; | ||
auth-nxdomain yes; | ||
|
||
allow-query { trusted; }; | ||
forwarders { | ||
192.168.0.1; 8.8.8.8; | ||
192.168.1.254; 8.8.8.8; | ||
}; | ||
|
||
allow-transfer { 10.0.0.0/8; }; // Used by external-dns in Kubernetes | ||
|
||
dnssec-validation auto; | ||
dnssec-must-be-secure internal no; | ||
|
||
listen-on-v6 { any; }; | ||
}; |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
search internal | ||
nameserver 10.0.2.4 | ||
nameserver 10.0.2.26 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
--- | ||
|
||
trivy_version: 0.53.0 | ||
trivy_version: 0.54.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,7 +10,7 @@ data: | |
internal:53 { | ||
errors | ||
cache 10 | ||
forward . 10.0.2.4:53 { | ||
forward . 10.0.2.26:53 { | ||
prefer_udp | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters