diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml new file mode 100644 index 0000000..36960bb --- /dev/null +++ b/deployments/dns/bind.yaml @@ -0,0 +1,181 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bind9 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-master-config + namespace: dns +data: + named.conf: | + options { + directory "/var/cache/bind"; + + recursion yes; + allow-query { any; }; + + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + + forwarders { + 10.40.0.254; + }; + + acl "slaves" { + 10.0.0.0/8; + }; + + allow-transfer { "slaves"; }; + + dnssec-validation auto; + include "/etc/named/externaldns-key.conf"; + }; + + zone "." IN { + type hint; + file "/usr/share/dns/root.hints"; + }; + + zone "hxme.net." IN { + type master; + file "/etc/bind/db.hxme.net"; + allow-update { key "externaldns-key"; }; + }; + db.hxme.net: | + $TTL 3600 + @ IN SOA ns1.hxme.net. admin.hxme.net. ( + 1 ; Serial + 7200 ; Refresh + 1800 ; Retry + 1209600 ; Expire + 86400 ) ; Negative Cache TTL + ; + @ IN NS ns1.hxme.net. + ns1 IN A 10.40.0.110 + @ IN A 10.40.0.110 + www IN A 10.40.0.110 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-slave-config + namespace: dns +data: + named.conf: | + options { + directory "/var/cache/bind"; + recursion yes; + allow-query { any; }; + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + dnssec-validation auto; + }; + + include "/etc/named/tsig-key.conf"; + + zone "example.com" { + type slave; + masters { bind-master.dns.svc.cluster.local key bind-slave-key; }; + file "slaves/example.com.db"; + }; +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bind-master + namespace: dns +spec: + replicas: 1 + selector: + matchLabels: + app: bind-master + template: + metadata: + labels: + app: bind-master + spec: + containers: + - name: bind-master + image: internetsystemsconsortium/bind9:9.18 + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: config + mountPath: /etc/bind/db.hxme.net + subPath: db.hxme.net + - name: dns-secrets + mountPath: /etc/bind/externaldns-key.conf + subPath: externaldns-key.conf + volumes: + - name: dns-secrets + secret: + secretName: dns-secrets + - name: config + configMap: + name: bind-master-config +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: bind-slave + namespace: dns +spec: + selector: + matchLabels: + app: bind-slave + template: + metadata: + labels: + app: bind-slave + spec: + containers: + - name: bind9 + image: internetsystemsconsortium/bind9:9.18 + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: bind-slave-key + subPath: tsig-key.conf + mountPath: /etc/bind/tsig-key.conf + volumes: + - name: config + configMap: + name: bind-slave-config + - name: bind-slave-key + secret: + secretName: bind-slave-key +--- +apiVersion: v1 +kind: Service +metadata: + name: bind9 + namespace: dns +spec: + type: LoadBalancer + selector: + app: bind-slave + ports: + - name: dns-udp + port: 53 + targetPort: 53 + protocol: UDP + - name: dns-tcp + port: 53 + targetPort: 53 + protocol: TCP +