Remove slave. Convert dep to ds

2025-07-01 22:23:31 +10:00 · 2025-07-01 22:23:31 +10:00 · 6ea2f60580
commit 6ea2f60580
parent 077cf9bbd4
1 changed files with 23 additions and 147 deletions
--- a/deployments/dns/bind.yaml
+++ b/deployments/dns/bind.yaml
@ -11,12 +11,7 @@ metadata:
  namespace: dns
 data:
  named.conf: |
-    acl "slaves" {
-      10.42.0.0/16;
-    };
-
    include "/etc/bind/externaldns-key.conf";
-    include "/etc/bind/tsig-key.conf";

    options {
        directory "/var/cache/bind";
@ -31,8 +26,6 @@ data:
            10.40.0.254;
        };

-        allow-transfer { "slaves"; };
-
        dnssec-validation auto;
    };

@ -45,7 +38,6 @@ data:
      type master;
      file "/etc/bind/db.hxme.net";
      allow-update { key "externaldns-key"; };
-      allow-transfer { key "bind-slave-key"; };
    };
  db.hxme.net: |
    $TTL    3600
@ -61,41 +53,12 @@ data:
    @       IN      A       10.40.0.110
    www     IN      A       10.40.0.110
 ---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: bind-slave-config
-  namespace: dns
-data:
-  named.conf: |
-    options {
-        directory "/var/cache/bind";
-        recursion yes;
-        allow-query { any; };
-        listen-on port 53 { any; };
-        listen-on-v6 port 53 { any; };
-        dnssec-validation auto;
-    };
-
-    include "/etc/bind/tsig-key.conf";
-
-    masters "hxme-master" {
-      bind-master.dns.svc.cluster.local key "bind-slave-key";
-    };
-    
-    zone "hxme.net" {
-        type slave;
-        masters { "hxme-master"; };
-        file "slaves/db.hxme.net";
-    };
---
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
  name: bind-master
  namespace: dns
 spec:
-  replicas: 1
  selector:
    matchLabels:
      app: bind-master
@ -104,8 +67,10 @@ spec:
      labels:
        app: bind-master
    spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
      securityContext:
-        fsGroup: 999              # allow group access to volumes for named user
+        fsGroup: 999
      initContainers:
        - name: fetch-root-hints
          image: debian:12
@ -115,8 +80,6 @@ spec:
            - |
              apt update && apt -y install curl
              curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints
-              # Uncomment below to hold the container open for debugging:
-              # tail -f /dev/null
          volumeMounts:
            - mountPath: /usr/share/dns
              name: root-hints
@ -125,29 +88,26 @@ spec:
          image: internetsystemsconsortium/bind9:9.18
          command: ["named", "-g", "-c", "/etc/bind/named.conf"]
          ports:
-          - containerPort: 53
-            protocol: UDP
-          - containerPort: 53
-            protocol: TCP
+            - containerPort: 53
+              protocol: UDP
+            - containerPort: 53
+              protocol: TCP
          volumeMounts:
-          - name: config
-            mountPath: /etc/bind/named.conf
-            subPath: named.conf
-          - name: config
-            mountPath: /etc/bind/db.hxme.net
-            subPath: db.hxme.net
-          - name: dns-secrets
-            mountPath: /etc/bind/externaldns-key.conf
-            subPath: externaldns-key.conf
-          - name: dns-secrets
-            subPath: tsig-key.conf
-            mountPath: /etc/bind/tsig-key.conf
-          - name: bind-cache
-            mountPath: /var/cache/bind
-          - name: bind-rundir
-            mountPath: /var/run/named
-          - name: root-hints
-            mountPath: /usr/share/dns
+            - name: config
+              mountPath: /etc/bind/named.conf
+              subPath: named.conf
+            - name: config
+              mountPath: /etc/bind/db.hxme.net
+              subPath: db.hxme.net
+            - name: dns-secrets
+              mountPath: /etc/bind/externaldns-key.conf
+              subPath: externaldns-key.conf
+            - name: bind-cache
+              mountPath: /var/cache/bind
+            - name: bind-rundir
+              mountPath: /var/run/named
+            - name: root-hints
+              mountPath: /usr/share/dns
      volumes:
        - name: dns-secrets
          secret:
@ -161,88 +121,4 @@ spec:
          emptyDir: {}
        - name: root-hints
          emptyDir: {}
---
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: bind-slave
-  namespace: dns
-spec:
-  selector:
-    matchLabels:
-      app: bind-slave
-  template:
-    metadata:
-      labels:
-        app: bind-slave
-    spec:
-      securityContext:
-        fsGroup: 999
-      containers:
-      - name: bind9
-        image: internetsystemsconsortium/bind9:9.18
-        command: ["named", "-g", "-c", "/etc/bind/named.conf"]
-        ports:
-        - containerPort: 53
-          protocol: UDP
-        - containerPort: 53
-          protocol: TCP
-        volumeMounts:
-        - name: config
-          mountPath: /etc/bind/named.conf
-          subPath: named.conf
-        - name: dns-secrets
-          subPath: tsig-key.conf
-          mountPath: /etc/bind/tsig-key.conf
-        - name: bind-cache
-          mountPath: /var/cache/bind
-        - name: bind-rundir
-          mountPath: /var/run/named
-      volumes:
-      - name: config
-        configMap:
-          name: bind-slave-config
-      - name: dns-secrets
-        secret:
-          secretName: dns-secrets
-      - name: bind-cache
-        emptyDir: {}
-      - name: bind-rundir
-        emptyDir: {}
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: bind-slave
-  namespace: dns
-spec:
-  type: LoadBalancer
-  selector:
-    app: bind-slave
-  ports:
-    - name: dns-udp
-      port: 53
-      targetPort: 53
-      protocol: UDP
-    - name: dns-tcp
-      port: 53
-      targetPort: 53
-      protocol: TCP

---
-apiVersion: v1
-kind: Service
-metadata:
-  name: bind-master
-  namespace: dns
-spec:
-  type: ClusterIP
-  selector:
-    app: bind-master
-  ports:
-    - name: dns-udp
-      port: 53
-      protocol: UDP
-    - name: dns-tcp
-      port: 53
-      protocol: TCP