Skip to content

Latest commit

 

History

History
55 lines (42 loc) · 1.55 KB

README.md

File metadata and controls

55 lines (42 loc) · 1.55 KB

Kubaefik-dns

Small DNS server used to redirect a kubernetes services/ingresses internal IP's. It is intended to work with a Wireguard and Traefik to have "automatic" https with traefik within the wireguard tunnel.

This is a small specialized project not intended to be used without changes.

Configuration

Most of the configuration is happening in config.rs

The IP used to redirect the services/ingresses of our Kubernetes, to the address of our traefik web entrypoint. I work with 2 kubernetes thus I have 2 traefik address and 2 kubernetes clients

The kubernetes clients are created in the clients function The traefik service names are defined in the get_traefik_ingresses function

Wireguard config

Example of what our wireguard config looks like

[Interface]
PrivateKey = X
Address = 10.192.0.3
; Address to this DNS running inside kubernetes
DNS = 10.40.11.210
; Failover DNS in case things don't work
DNS = 1.1.1.1
MTU = 1380

[Peer]
PublicKey = X
; Ip address range of service in Kubernetes. This depends on the configuration of you kubernetes, you probably want to change it. 
AllowedIPs = 10.40.0.0/16
; Address of the wireguard server
Endpoint = wg.test.com:51820
PersistentKeepalive = 25

Traefik config

I use a middleware to restrict access only from within the server, and thus only allowing the Wireguard users

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: wireguard-ip-whitelist
  namespace: traefik
spec:
  ipWhiteList:
    sourceRange:
      - 10.2.0.0/8