Mercurial > code > home > repos > infra

changeset 59:fa7a71b8a97f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
more dns checks, including from inside containers in k8s`
author drewp@bigasterisk.com
date Sun, 01 May 2022 23:30:09 -0700
parents f39ada0b8827
children a949704defd0
files dns_check.py dns_k8s_check.py k8s_lookup/Dockerfile k8s_lookup/deploy.yaml k8s_lookup/skaffold.yaml tasks.py
diffstat 6 files changed, 88 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/dns_check.py	Sun May 01 23:27:33 2022 -0700
+++ b/dns_check.py	Sun May 01 23:30:09 2022 -0700
@@ -1,18 +1,19 @@
 # run key dns lookups everywhere
-import subprocess
 import tempfile
 
 import requests
 from pyinfra import host
 from pyinfra.operations import apt, files, server, systemd
 
+
 def check(name, addr):
     server.shell(commands=[
         # note: one big string
         f"out=`dnsget -q {name}`; "
         f'[ -n "$out" ] || exit 1; '
         f"if [ $out != {addr} ]; then echo got $out >&2 ; exit 1; fi"
-        ])
+    ])
+
 
 '''
 idea: read a file that looks like this:
@@ -22,30 +23,32 @@
 bang       127.0.1.1  10.1.0.1  10.1.0.1  10.5.0.1
 bang5      10.5.0.1   10.5.0.1  10.5.0.1  10.5.0.1
 dash       10.1.0.5   127.0.1.1 10.1.0.5  10.5.0.5
+bang.bigasterisk.com
+bang.bigasterisk.com.
+prime
+projects.bigasterisk.com
 etc
 
 (or another idea: wireguard everywhere all the time)
 '''
 
-# outside k8s
 if host.name in ['dash', 'bang', 'slash']:
-    check('dash', '10.1.0.5')
+    check('dash', '10.2.0.77')
+    check('projects.bigasterisk.com', '10.2.0.1')
 elif host.name in ['prime']:
     check('dash', '10.5.0.5')
     check('projects.bigasterisk.com', '10.2.0.1')  # expected the public addr, but fine
 else:
-    check('dash', '10.1.0.5')
+    check('dash', '10.2.0.77')
     check('projects.bigasterisk.com', '10.2.0.1')
 
-if host.name in ['bang']:
-    check('bang', '10.2.0.1')
-elif host.name in ['prime']:
+if host.name in ['prime']:
     check('bang', '10.5.0.1')
+    check('slash', '10.5.0.6')
 else:
     check('bang', '10.2.0.1')
+    check('slash', '10.2.0.138')
 
 check('bang5', '10.5.0.1')
 check('prime', '10.5.0.2')
-check('slash', '10.1.0.6')
 
-# inside k8s
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dns_k8s_check.py	Sun May 01 23:30:09 2022 -0700
@@ -0,0 +1,28 @@
+import json
+import subprocess
+
+subprocess.check_call(["skaffold", "run"], cwd="/my/proj/infra/k8s_lookup/")
+
+try:
+    j = subprocess.check_output(['kubectl', 'get', 'pod', '-o', 'json', '--selector', 'name=k8s-lookup'])
+    pods = json.loads(j)['items']
+    for lookupName in [
+            'bang',
+            'bang.bigasterisk.com',
+            'bang.bigasterisk.com.',
+            'mongodb.default.svc.cluster.local',
+            'mongodb.default.svc.cluster.local.',
+    ]:
+        for pod in pods:
+            runningOn = pod['spec']['nodeName']
+            podName = pod['metadata']['name']
+
+            r = subprocess.run(
+                ['kubectl', 'exec', f'pod/{podName}'] + ['--'] +  #
+                ['dnsget', '-q', lookupName],
+                capture_output=True)
+            result = (r.stdout + r.stderr).decode('ascii').strip().replace('\n', '; ')
+            print(f'looked up {lookupName} from pod on {runningOn} -> {result}')
+
+finally:
+    subprocess.check_call(["skaffold", "delete"], cwd="/my/proj/infra/k8s_lookup/")
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/k8s_lookup/Dockerfile	Sun May 01 23:30:09 2022 -0700
@@ -0,0 +1,4 @@
+FROM ubuntu:jammy-20220315
+RUN echo 2022-04-19 && apt-get update
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y udns-utils
+CMD ["sleep", "1d"]
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/k8s_lookup/deploy.yaml	Sun May 01 23:30:09 2022 -0700
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: k8s-lookup
+spec:
+  selector:
+    matchLabels:
+      name: k8s-lookup
+  template:
+    metadata:
+      labels:
+        name: k8s-lookup
+    spec:
+      tolerations:
+      # this toleration is to have the daemonset runnable on master nodes
+      # remove it if your masters can't run pods
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: k8s-lookup
+        image: bang5:5000/k8s_lookup_image
+      terminationGracePeriodSeconds: 1
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/k8s_lookup/skaffold.yaml	Sun May 01 23:30:09 2022 -0700
@@ -0,0 +1,16 @@
+apiVersion: skaffold/v2beta27
+kind: Config
+metadata:
+  name: k8s-lookup
+build:
+  platforms: [amd64]
+  # tagPolicy:
+  #   dateTime:
+  #     format: "2006-01-02_15-04-05"
+  #     timezone: "Local"
+  artifacts:
+  - image: bang5:5000/k8s_lookup_image
+deploy:
+  kubectl:
+    manifests:
+    - deploy.yaml
--- a/tasks.py	Sun May 01 23:27:33 2022 -0700
+++ b/tasks.py	Sun May 01 23:30:09 2022 -0700
@@ -43,6 +43,10 @@
 def dns_check(ctx):
     ctx.run(cmd + 'inventory.py dns_check.py -v', pty=True)
 
+@task
+def dns_k8s_check(ctx):
+    ctx.run('env/bin/python dns_k8s_check.py', pty=True)
+
 
 @task
 def wireguard(ctx):