add port 53/udp for dns in ingress nginx to forward to technitium [ci skip]

2024-12-15 18:09:06 +00:00 · 2024-12-15 18:09:06 +00:00 · f7c49a8939
commit f7c49a8939
parent 1bf39bc989
1 changed files with 22 additions and 1 deletions
--- a/modules/kubernetes/nginx-ingress/main.tf
+++ b/modules/kubernetes/nginx-ingress/main.tf
@ -343,6 +343,16 @@ resource "kubernetes_config_map" "ingress_nginx_controller" {
    EOT
  }
 }
+
+resource "kubernetes_config_map" "udp_services" {
+  metadata {
+    name      = "udp-services"
+    namespace = "ingress-nginx"
+  }
+  data = {
+    53 : "technitium/technitium-dns:53"
+  }
+}
 resource "kubernetes_service" "ingress_nginx_controller" {
  metadata {
    name      = "ingress-nginx-controller"
@ -368,6 +378,12 @@ resource "kubernetes_service" "ingress_nginx_controller" {
      port        = 443
      target_port = "https"
    }
+    port {
+      name        = "dns"
+      protocol    = "UDP"
+      port        = 53
+      target_port = "dns"
+    }
    selector = {
      "app.kubernetes.io/component" = "controller"
      "app.kubernetes.io/instance"  = "ingress-nginx"
@ -523,7 +539,7 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
        container {
          name  = "controller"
          image = "registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e"
-          args  = ["/nginx-ingress-controller", "--election-id=ingress-nginx-leader", "--controller-class=k8s.io/ingress-nginx", "--ingress-class=nginx", "--configmap=$(POD_NAMESPACE)/ingress-nginx-controller", "--validating-webhook=:8443", "--validating-webhook-certificate=/usr/local/certificates/cert", "--validating-webhook-key=/usr/local/certificates/key"]
+          args  = ["/nginx-ingress-controller", "--election-id=ingress-nginx-leader", "--controller-class=k8s.io/ingress-nginx", "--ingress-class=nginx", "--configmap=$(POD_NAMESPACE)/ingress-nginx-controller", "--validating-webhook=:8443", "--validating-webhook-certificate=/usr/local/certificates/cert", "--validating-webhook-key=/usr/local/certificates/key", "--udp-services-configmap", "ingress-nginx/udp-services"]
          volume_mount {
            name       = "crowdsec"
            mount_path = "/etc/nginx/lua/plugins/crowdsec"
@ -539,6 +555,11 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
            container_port = 443
            protocol       = "TCP"
          }
+          port {
+            name           = "dns"
+            container_port = 53
+            protocol       = "UDP"
+          }
          port {
            name           = "webhook"
            container_port = 8443