namespace change and updated to support official volumes correctlyish

deployments/dns/bind.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: bind-master-config
-  namespace: dns
+  namespace: bind9
 data:
   named.conf: |
     acl "slaves" {
@@ -63,7 +63,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: bind-slave-config
-  namespace: dns
+  namespace: bind9
 data:
   named.conf: |
     options {
@@ -79,7 +79,7 @@ data:
     
     zone "hxme.net" {
         type slave;
-        masters { bind-master.dns.svc.cluster.local key bind-slave-key; };
+        masters { bind-master.bind9.svc.cluster.local key bind-slave-key; };
         file "slaves/db.hxme.net";
     };
 ---
@@ -87,7 +87,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: bind-master
-  namespace: dns
+  namespace: bind9
 spec:
   replicas: 1
   selector:
@@ -99,20 +99,20 @@ spec:
         app: bind-master
     spec:
       securityContext:
-        fsGroup: 999
+        fsGroup: 999              # allow group access to volumes for named user
       initContainers:
         - name: fetch-root-hints
           image: curlimages/curl:latest
           command:
             - sh
             - -c
-            - >
-              while true ; do sleep 3600 ; done
-
+            - |
+              curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints
+              # hold container open for debug (optional)
+              # tail -f /dev/null
           volumeMounts:
-          - mountPath: /hints
+          - mountPath: /usr/share/dns
             name: root-hints
-
       containers:
         - name: bind-master
           image: internetsystemsconsortium/bind9:9.18
@@ -135,7 +135,7 @@ spec:
           - name: bind-cache
             mountPath: /var/cache/bind
           - name: bind-rundir
-            mountPath: /run/named
+            mountPath: /var/run/named
           - name: root-hints
             mountPath: /usr/share/dns
       volumes:
@@ -143,89 +143,5 @@ spec:
           secret:
             secretName: dns-secrets
         - name: config
-          configMap:
-            name: bind-master-config
-        - name: bind-cache
-          emptyDir: {}
-        - name: bind-rundir
-          emptyDir: {}
-        - name: root-hints
-          emptyDir: {}
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: bind-slave
-  namespace: dns
-spec:
-  selector:
-    matchLabels:
-      app: bind-slave
-  template:
-    metadata:
-      labels:
-        app: bind-slave
-    spec:
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
-      securityContext:
-        fsGroup: 999
-      containers:
-      - name: bind9
-        image: internetsystemsconsortium/bind9:9.18
-        ports:
-        - containerPort: 53
-          protocol: UDP
-        - containerPort: 53
-          protocol: TCP
-        volumeMounts:
-        - name: config
-          mountPath: /etc/bind/named.conf
-          subPath: named.conf
-        - name: bind-slave-key
-          subPath: tsig-key.conf
-          mountPath: /etc/bind/tsig-key.conf
-      volumes:
-      - name: config
-        configMap:
-          name: bind-slave-config
-      - name: bind-slave-key
-        secret:
-          secretName: bind-slave-key
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: bind9
-  namespace: dns
-spec:
-  type: LoadBalancer
-  selector:
-    app: bind-slave
-  ports:
-    - name: dns-udp
-      port: 53
-      targetPort: 53
-      protocol: UDP
-    - name: dns-tcp
-      port: 53
-      targetPort: 53
-      protocol: TCP
+          conf
 
----
-apiVersion: v1
-kind: Service
-metadata:
-  name:      bind-master
-  namespace: dns
-spec:
-  type: ClusterIP
-  selector:
-    app: bind-master
-  ports:
-    - name: dns-udp
-      port: 53
-      protocol: UDP
-    - name: dns-tcp
-      port: 53
-      protocol: TCP