- Much of the information was from this blog post:
<https://goglides.io/manage-ntp-using-kubernetes/90/>
- Curiously, it creates another load balancer, so this brings me up to
three load balancers (HTTP(S)/DNS/NTP)
- It uses the OpenNTPD server. And ns-aws uses NTPsec, and ns-azure uses
the granddaddy, NTP.
We only have 1 node (because I'm frugal), so we really need only one
replica (it's more likely that the node has crashed rather than my
fairly-simple server).
Also, I pushed out the liveness probe to 5 minutes so the logs aren't
cluttered with probes every ten seconds.
I got rid of the readiness probe, which is only for "[applications
[that] are temporarily unable to serve
traffic](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)".
It cluttered the logs with its probes. Also my app is never
temporarily unable to serve.
fixes too many occurrences of:
```
::1.55268 TypeA 127.0.0.1.sslip.io. ? 127.0.0.1
```
Dockerfile:
- We use `CMD` instead of `ENTRYPOINT` because it's marginally easier
to debug.
- We include 64-bit ARM, but not 32-bit
- We had to re-order the steps so that `apk add bind-tools` came
before copying the binary; that fixed a bug where the
`sslip.io-dns-server` wasn't on the ARM container filesystem (but it
was on the amd64 filesystem 🤔)
Binaries
- We now build arm64 (GOARCH) versions of FreeBSD, Linux, and macOS
(GOOS), but not Windows. It apparently doesn't have arm64 support yet.
- Use HTTP-01 challenge for run-of-the-mill certificates
- White label domains can acquire their own wildcard certificates
- VMware employees have access to *.sslip.io wildcard
- Use DNS-01 challenge for *.w-x-y-z.sslip.io wildcards
This DNS/HTTP server enables the procurement of wildcard certs for
sslip.io subdomains.
Drive-by:
- Removed the apostrophe from the initialized TXT string so that
cutting-and-pasting the string is less difficult (but the backslashes
and double quotes are still a pain).
- The DNS/HTTP server logs output when the TXT record is updated. We log
most actions, and this is perhaps the most important one, so it was an
oversight that we didn't log it.
`DEVELOPER.md` had the wrong tests (mostly missing newlines); that's
been fixed. Also, I added a new test for DNS records which contain
`_acme-challenge.`, which may enable users to generate wildcard certs
for their sslip.io domains.
We use the Alpine image; it's a lean 5.6 MB, and our 3 MB server keeps
it lean at below 9 MB.
Though we include instructions to build the Dockerfile, we plan to use
Docker Hub's automated builds feature.
When we released our new Golang-based DNS server, we had a banner that
said to let us know if anything breaks, but we neglected to tell them
_how_ to let us know. Now we include a link that opens a GitHub issue.
We describe how to run our pre-built executable within a docker
container. They can figure out the rest from there.
If they don't understand those instructions, they shouldn't be running
their own DNS server.
