Merge pull request #205 from openziti/resolver-iprange-option

Resolver iprange option
openziti · May 30, 2024 · 6cc4af5 · 6cc4af5
2 parents 0407c08 + dad5450
commit 6cc4af5
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 3 deletions.
diff --git a/charts/ziti-router/Chart.yaml b/charts/ziti-router/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 1.1.3
 description: Host an OpenZiti router in Kubernetes
 name: ziti-router
 type: application
-version: 1.0.2
+version: 1.0.3
diff --git a/charts/ziti-router/README.md b/charts/ziti-router/README.md
@@ -1,7 +1,7 @@
 <!-- README.md generated by helm-docs from README.md.gotmpl -->
 # ziti-router
 
-![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.3](https://img.shields.io/badge/AppVersion-1.1.3-informational?style=flat-square)
+![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.3](https://img.shields.io/badge/AppVersion-1.1.3-informational?style=flat-square)
 
 Host an OpenZiti router in Kubernetes
 
@@ -231,6 +231,8 @@ tunnel:
 | securityContext | string | `nil` | deployment container security context |
 | tolerations | list | `[]` | deployment template spec tolerations |
 | tunnel.diverterPath | string | `nil` | the tproxy mode can be switched from iptables based interception to bpf interception by passing the user space bpf program path. bpf kernel space program is expected to be loaded prior or during router deployment, e.g. bpfman agent, hostpath, etc |
+| tunnel.dnsSvcIpRange | string | `nil` | ip subnet that is used for the internal service name resolution |
+| tunnel.lanIf | string | `"lo"` | interface device name for setting up ingress firewall rules if fw enabled. It must be set but not needed in containers. Thus, it is set to lo by default |
 | tunnel.mode | string | `"none"` | run mode for the router's built-in tunnel component: host, tproxy, proxy, or none |
 | tunnel.proxyAdditionalK8sServices | list | `[]` | additional Kubernetes services created additionally to the "default" proxy listener service, only if mode is "proxy" |
 | tunnel.proxyDefaultK8sService | object | `{"enabled":true,"type":"ClusterIP"}` | default Kubernetes service object listening to proxy ports defined in "proxyServices", only if tunnel mode is "proxy" |

diff --git a/charts/ziti-router/templates/configmap.yaml b/charts/ziti-router/templates/configmap.yaml
@@ -66,6 +66,9 @@ data:
           {{- end }}
           {{- if eq .Values.tunnel.mode "tproxy" }}
             resolver: {{ .Values.tunnel.resolver }}
+            {{- if .Values.tunnel.dnsSvcIpRange }}
+            dnsSvcIpRange: {{ .Values.tunnel.dnsSvcIpRange }}
+            {{- end }}
             lanIf: {{ .Values.tunnel.lanIf }}
           {{- else if eq .Values.tunnel.mode "proxy" }}
             services:

diff --git a/charts/ziti-router/values.yaml b/charts/ziti-router/values.yaml
@@ -93,7 +93,11 @@ tunnel:
   mode: none
   # -- built-in nameserver configuration, e.g. udp://127.1.2.3:53
   resolver: none
-  # lanIf: eth0   # interface device name for tproxy?
+  # -- ip subnet that is used for the internal service name resolution
+  dnsSvcIpRange:
+  # -- interface device name for setting up ingress firewall rules if fw enabled.
+  # It must be set but not needed in containers. Thus, it is set to lo by default
+  lanIf: lo   
   # -- the tproxy mode can be switched from iptables based interception to bpf interception by passing
   # the user space bpf program path. bpf kernel space program is expected to be loaded prior or during
   # router deployment, e.g. bpfman agent, hostpath, etc