From 005f6e56a87808b65808249734b43e5328766e31 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 11:53:51 +1000 Subject: [PATCH] namespace change and updated to support official volumes correctlyish --- deployments/dns/bind.yaml | 108 +++++--------------------------------- 1 file changed, 12 insertions(+), 96 deletions(-) diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml index 096876b..d560e41 100644 --- a/deployments/dns/bind.yaml +++ b/deployments/dns/bind.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-master-config - namespace: dns + namespace: bind9 data: named.conf: | acl "slaves" { @@ -63,7 +63,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-slave-config - namespace: dns + namespace: bind9 data: named.conf: | options { @@ -79,7 +79,7 @@ data: zone "hxme.net" { type slave; - masters { bind-master.dns.svc.cluster.local key bind-slave-key; }; + masters { bind-master.bind9.svc.cluster.local key bind-slave-key; }; file "slaves/db.hxme.net"; }; --- @@ -87,7 +87,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: bind-master - namespace: dns + namespace: bind9 spec: replicas: 1 selector: @@ -99,20 +99,20 @@ spec: app: bind-master spec: securityContext: - fsGroup: 999 + fsGroup: 999 # allow group access to volumes for named user initContainers: - name: fetch-root-hints image: curlimages/curl:latest command: - sh - -c - - > - while true ; do sleep 3600 ; done - + - | + curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints + # hold container open for debug (optional) + # tail -f /dev/null volumeMounts: - - mountPath: /hints + - mountPath: /usr/share/dns name: root-hints - containers: - name: bind-master image: internetsystemsconsortium/bind9:9.18 @@ -135,7 +135,7 @@ spec: - name: bind-cache mountPath: /var/cache/bind - name: bind-rundir - mountPath: /run/named + mountPath: /var/run/named - name: root-hints mountPath: /usr/share/dns volumes: @@ -143,89 +143,5 @@ spec: secret: secretName: dns-secrets - name: config - configMap: - name: bind-master-config - - name: bind-cache - emptyDir: {} - - name: bind-rundir - emptyDir: {} - - name: root-hints - emptyDir: {} ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: bind-slave - namespace: dns -spec: - selector: - matchLabels: - app: bind-slave - template: - metadata: - labels: - app: bind-slave - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - securityContext: - fsGroup: 999 - containers: - - name: bind9 - image: internetsystemsconsortium/bind9:9.18 - ports: - - containerPort: 53 - protocol: UDP - - containerPort: 53 - protocol: TCP - volumeMounts: - - name: config - mountPath: /etc/bind/named.conf - subPath: named.conf - - name: bind-slave-key - subPath: tsig-key.conf - mountPath: /etc/bind/tsig-key.conf - volumes: - - name: config - configMap: - name: bind-slave-config - - name: bind-slave-key - secret: - secretName: bind-slave-key ---- -apiVersion: v1 -kind: Service -metadata: - name: bind9 - namespace: dns -spec: - type: LoadBalancer - selector: - app: bind-slave - ports: - - name: dns-udp - port: 53 - targetPort: 53 - protocol: UDP - - name: dns-tcp - port: 53 - targetPort: 53 - protocol: TCP + conf ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-master - namespace: dns -spec: - type: ClusterIP - selector: - app: bind-master - ports: - - name: dns-udp - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP