Extend documentation for ziti-edge-tunnel with multinode example

charts/ziti-edge-tunnel/Chart.yaml

@@ -1,10 +1,10 @@
 apiVersion: v2
-appVersion: 1.1.3
+appVersion: 1.2.5
 description: Dial OpenZiti services with a tunneler daemonset
 kubeVersion: '>= 1.20.0-0'
 name: ziti-edge-tunnel
 type: application
-version: 1.0.0
+version: 1.1.0
 icon: https://openziti.io/img/ziti-logo-dark.svg
 home: https://openziti.io
 sources:

charts/ziti-edge-tunnel/README.md

@@ -1,7 +1,7 @@
 <!-- README.md generated by helm-docs from README.md.gotmpl -->
 # ziti-edge-tunnel
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.3](https://img.shields.io/badge/AppVersion-1.1.3-informational?style=flat-square)
+![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.5](https://img.shields.io/badge/AppVersion-1.2.5-informational?style=flat-square)
 
 Dial OpenZiti services with a tunneler daemonset
 
@@ -18,6 +18,7 @@ Kubernetes: `>= 1.20.0-0`
 ## Overview
 
 You may use this chart to reach services node-wide via your Ziti network via DNS. For example, if you create a repository or container registry Ziti service, and your cluster has no internet access, you can reach those repositories or container registries via Ziti services.
+
 **NOTE:**
 For one node kubernetes approaches like k3s, this works out-of-the-box and you can extend your coredns configuration to forward to the Ziti DNS IP, as you can see [here](https://openziti.io/docs/guides/kubernetes/workload-tunneling/kubernetes-daemonset/).
 For multinode kubernetes installations, where your cluster DNS could run on a different node, you need to install the [node-local-dns](https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/) feature, which secures that the Ziti DNS name will be resolved locally, on the very same tunneler, as Ziti Intercept IPs can change from node to node. See [this](https://github.com/lablabs/k8s-nodelocaldns-helm) helm chart for a possible implementation.
@@ -61,6 +62,77 @@ When you don't want to use the default key name `persisted-identity` you can def
 
 If you want to resolve your Ziti domain inside the pods, you need to customize CoreDNS. See [Official docs](https://openziti.io/docs/guides/kubernetes/workload-tunneling/kubernetes-daemonset/).
 
+#### Multinode example
+Customise ConfigMap that you apply for node-local-dns by appending the ziti specific domain and the upstream DNS server of ziti-edge-tunnel,
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-local-dns
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+data:
+  Corefile: |
+    your.ziti.domain:53 {
+        log
+        errors
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . 100.64.0.2
+        prometheus :9253
+        }
+    __PILLAR__DNS__DOMAIN__:53 {
+        errors
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . 100.64.0.2
+        prometheus :9253
+        health __PILLAR__LOCAL__DNS__:8080
+        }
+    in-addr.arpa:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . __PILLAR__CLUSTER__DNS__ {
+                force_tcp
+        }
+        prometheus :9253
+        }
+    ip6.arpa:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . __PILLAR__CLUSTER__DNS__ {
+                force_tcp
+        }
+        prometheus :9253
+        }
+    .:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . __PILLAR__UPSTREAM__SERVERS__
+        prometheus :9253
+        }
+```
+
+Refer to the documentation of NodeLocal DNSCache on how to replace the values starting with two underscores and then apply it by,
+
+```console
+kubectl apply -f nodelocaldns.yaml
+```
+
+#### One node example
 Customize CoreDNS configuration,
 
 ```console

charts/ziti-edge-tunnel/README.md.gotmpl

@@ -17,6 +17,7 @@
 ## Overview
 
 You may use this chart to reach services node-wide via your Ziti network via DNS. For example, if you create a repository or container registry Ziti service, and your cluster has no internet access, you can reach those repositories or container registries via Ziti services.
+
 **NOTE:**
 For one node kubernetes approaches like k3s, this works out-of-the-box and you can extend your coredns configuration to forward to the Ziti DNS IP, as you can see [here](https://openziti.io/docs/guides/kubernetes/workload-tunneling/kubernetes-daemonset/).
 For multinode kubernetes installations, where your cluster DNS could run on a different node, you need to install the [node-local-dns](https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/) feature, which secures that the Ziti DNS name will be resolved locally, on the very same tunneler, as Ziti Intercept IPs can change from node to node. See [this](https://github.com/lablabs/k8s-nodelocaldns-helm) helm chart for a possible implementation.
@@ -60,6 +61,77 @@ When you don't want to use the default key name `persisted-identity` you can def
 
 If you want to resolve your Ziti domain inside the pods, you need to customize CoreDNS. See [Official docs](https://openziti.io/docs/guides/kubernetes/workload-tunneling/kubernetes-daemonset/).
 
+#### Multinode example
+Customise ConfigMap that you apply for node-local-dns by appending the ziti specific domain and the upstream DNS server of ziti-edge-tunnel,
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: node-local-dns
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+data:
+  Corefile: |
+    your.ziti.domain:53 {
+        log
+        errors
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . 100.64.0.2
+        prometheus :9253
+        }
+    __PILLAR__DNS__DOMAIN__:53 {
+        errors
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . 100.64.0.2
+        prometheus :9253
+        health __PILLAR__LOCAL__DNS__:8080
+        }
+    in-addr.arpa:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . __PILLAR__CLUSTER__DNS__ {
+                force_tcp
+        }
+        prometheus :9253
+        }
+    ip6.arpa:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . __PILLAR__CLUSTER__DNS__ {
+                force_tcp
+        }
+        prometheus :9253
+        }
+    .:53 {
+        errors
+        cache 30
+        reload
+        loop
+        bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__
+        forward . __PILLAR__UPSTREAM__SERVERS__
+        prometheus :9253
+        }
+```
+
+Refer to the documentation of NodeLocal DNSCache on how to replace the values starting with two underscores and then apply it by,
+
+```console
+kubectl apply -f nodelocaldns.yaml
+```
+
+#### One node example
 Customize CoreDNS configuration,
 
 ```console