おうち Lab で GitDNSOps / GitDNS Ops in My Home Lab

Transcript

1. ©2021 VMware, Inc. おうち Lab で GitDNSOps Sep. 22, 2021

   CTO, North Asia (Japan, Korea and Greater China) Motonori Shindo / motonori_shindo

2. 2 ©2021 VMware, Inc. 進藤 資訓 (Motonori Shindo) 東京電⼒ in

   1988 • CMU, School of Computer Science Ascend à CoSine à Proxim ファイブフロント（起業） Nicira à VMware（買収） Viptela à Cisco（買収） VMware Again in 2018 ⾃⼰紹介 Twitter : @motonori_shindo Facebook : https://www.facebook.com/motonori.shindo Linkedin : https://www.linkedin.com/in/motonorishindo/ Blog : https://blog.shin.do つながり歓迎︕

3. 3 ©2021 VMware, Inc. Home Lab and Network blog DNS

   (ext) global dmz home storage NAS NURO UCOM Internet DNS (int) VC GCP DNS (ext) multihome vyOS VeloCloud coredns unbound NSD GitDNSOps してます︕

4. 4 ©2021 VMware, Inc. GitOps って何︖ Git にあるものが “Single Source

   of Truth” な「あ るべき状態 (Desired State) 」となる Git を使うことによるメリット バージョニング アクセスコントロール 監査ログ エージェントがあるべき状態と現在の状態との間に ズレが無いかを常に監視し、ズレがあればそれを解 消してくれる

5. 5 ©2021 VMware, Inc. DNS via GitOps (GitDNSOps) microk8s Operator

   git commit git push Webhook or Polling GitHub ArgoCD MetalLB DNS Query & Response

6. ‹#› ©2021 VMware, Inc. Demo Photo by Morgan Richardson on

   Unsplash https://www.youtube.com/hashtag/vmware_devops

7. 7 ©2021 VMware, Inc. GitDNSOps using ArgoCD

8. 8 ©2021 VMware, Inc. GitDNSOps YAML definition Configmap apiVersion: v1

   kind: ConfigMap metadata: name: coredns data: Corefile: | shin.do:5353 { file /etc/coredns/shin.do.zone reload 10s } shin.do.zone: | $TTL 3600 @ IN SOA ns1.shin.do. root.shin.do. ( 2021081404 3600 900 3600000 3600 ) IN NS ns1.shin.do. IN NS ns2.shin.do. IN MX 10 ASPMX.L.GOOGLE.COM. ns1 IN A 221.245.168.210 ns2 IN A 35.247.124.32 blog IN A 221.245.168.211

9. 9 ©2021 VMware, Inc. GitDNSOps YAML definition Deployment apiVersion: apps/v1

   kind: Deployment metadata: name: coredns spec: selector: matchLabels: app: coredns template: metadata: labels: app: coredns spec: containers: - name: coredns image: coredns/coredns:1.8.4 args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true ports: - containerPort: 5353 name: dns protocol: UDP volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile - key: shin.do.zone path: shin.do.zone

10. 10 ©2021 VMware, Inc. GitDNSOps YAML definition Service apiVersion: v1

    kind: Service metadata: name: coredns spec: type: LoadBalancer selector: app: coredns ports: - name: dns port: 15353 targetPort: 5353 protocol: UDP

11. ©2021 VMware, Inc. Thank You