From 6ea2f60580877b7e2d4f27d31260e4151c681015 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 22:23:31 +1000 Subject: [PATCH] Remove slave. Convert dep to ds --- deployments/dns/bind.yaml | 170 ++++++-------------------------------- 1 file changed, 23 insertions(+), 147 deletions(-) diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml index 93ab1b0..5a23d94 100644 --- a/deployments/dns/bind.yaml +++ b/deployments/dns/bind.yaml @@ -11,12 +11,7 @@ metadata: namespace: dns data: named.conf: | - acl "slaves" { - 10.42.0.0/16; - }; - include "/etc/bind/externaldns-key.conf"; - include "/etc/bind/tsig-key.conf"; options { directory "/var/cache/bind"; @@ -31,8 +26,6 @@ data: 10.40.0.254; }; - allow-transfer { "slaves"; }; - dnssec-validation auto; }; @@ -45,7 +38,6 @@ data: type master; file "/etc/bind/db.hxme.net"; allow-update { key "externaldns-key"; }; - allow-transfer { key "bind-slave-key"; }; }; db.hxme.net: | $TTL 3600 @@ -61,41 +53,12 @@ data: @ IN A 10.40.0.110 www IN A 10.40.0.110 --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bind-slave-config - namespace: dns -data: - named.conf: | - options { - directory "/var/cache/bind"; - recursion yes; - allow-query { any; }; - listen-on port 53 { any; }; - listen-on-v6 port 53 { any; }; - dnssec-validation auto; - }; - - include "/etc/bind/tsig-key.conf"; - - masters "hxme-master" { - bind-master.dns.svc.cluster.local key "bind-slave-key"; - }; - - zone "hxme.net" { - type slave; - masters { "hxme-master"; }; - file "slaves/db.hxme.net"; - }; ---- apiVersion: apps/v1 -kind: Deployment +kind: DaemonSet metadata: name: bind-master namespace: dns spec: - replicas: 1 selector: matchLabels: app: bind-master @@ -104,8 +67,10 @@ spec: labels: app: bind-master spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet securityContext: - fsGroup: 999 # allow group access to volumes for named user + fsGroup: 999 initContainers: - name: fetch-root-hints image: debian:12 @@ -115,8 +80,6 @@ spec: - | apt update && apt -y install curl curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints - # Uncomment below to hold the container open for debugging: - # tail -f /dev/null volumeMounts: - mountPath: /usr/share/dns name: root-hints @@ -125,29 +88,26 @@ spec: image: internetsystemsconsortium/bind9:9.18 command: ["named", "-g", "-c", "/etc/bind/named.conf"] ports: - - containerPort: 53 - protocol: UDP - - containerPort: 53 - protocol: TCP + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP volumeMounts: - - name: config - mountPath: /etc/bind/named.conf - subPath: named.conf - - name: config - mountPath: /etc/bind/db.hxme.net - subPath: db.hxme.net - - name: dns-secrets - mountPath: /etc/bind/externaldns-key.conf - subPath: externaldns-key.conf - - name: dns-secrets - subPath: tsig-key.conf - mountPath: /etc/bind/tsig-key.conf - - name: bind-cache - mountPath: /var/cache/bind - - name: bind-rundir - mountPath: /var/run/named - - name: root-hints - mountPath: /usr/share/dns + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: config + mountPath: /etc/bind/db.hxme.net + subPath: db.hxme.net + - name: dns-secrets + mountPath: /etc/bind/externaldns-key.conf + subPath: externaldns-key.conf + - name: bind-cache + mountPath: /var/cache/bind + - name: bind-rundir + mountPath: /var/run/named + - name: root-hints + mountPath: /usr/share/dns volumes: - name: dns-secrets secret: @@ -161,88 +121,4 @@ spec: emptyDir: {} - name: root-hints emptyDir: {} ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: bind-slave - namespace: dns -spec: - selector: - matchLabels: - app: bind-slave - template: - metadata: - labels: - app: bind-slave - spec: - securityContext: - fsGroup: 999 - containers: - - name: bind9 - image: internetsystemsconsortium/bind9:9.18 - command: ["named", "-g", "-c", "/etc/bind/named.conf"] - ports: - - containerPort: 53 - protocol: UDP - - containerPort: 53 - protocol: TCP - volumeMounts: - - name: config - mountPath: /etc/bind/named.conf - subPath: named.conf - - name: dns-secrets - subPath: tsig-key.conf - mountPath: /etc/bind/tsig-key.conf - - name: bind-cache - mountPath: /var/cache/bind - - name: bind-rundir - mountPath: /var/run/named - volumes: - - name: config - configMap: - name: bind-slave-config - - name: dns-secrets - secret: - secretName: dns-secrets - - name: bind-cache - emptyDir: {} - - name: bind-rundir - emptyDir: {} ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-slave - namespace: dns -spec: - type: LoadBalancer - selector: - app: bind-slave - ports: - - name: dns-udp - port: 53 - targetPort: 53 - protocol: UDP - - name: dns-tcp - port: 53 - targetPort: 53 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-master - namespace: dns -spec: - type: ClusterIP - selector: - app: bind-master - ports: - - name: dns-udp - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP