diff --git a/_sys/coredns-deployment.yaml b/_sys/coredns-deployment.yaml new file mode 100644 index 0000000..dd2282e --- /dev/null +++ b/_sys/coredns-deployment.yaml @@ -0,0 +1,167 @@ +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system +apiVersion: v1 +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + file /etc/coredns/lan.db lan + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance + } + lan.db: "; lan. zone file\n$ORIGIN lan.\n@ 3600 IN SOA sns.dns.icann.org. + noc.dns.icann.org. 2021102006 7200 3600 1209600 3600\n 3600 IN NS 172.23.255.252\n\nns + \ IN A 172.23.255.252\nsalt IN A 192.168.10.2 \nmqtt + \ IN A 172.16.23.1\nwww-proxy IN A 172.23.255.1\ngit IN + \ A 172.23.255.2\npostgresql IN A 172.23.255.4\nmariadb IN A + \ 172.23.255.5\npihole IN A 172.23.255.253\nadm IN CNAME + adm01.wks.\n\nprometheus IN CNAME www-proxy \nalertmanager IN CNAME + www-proxy\nstats IN CNAME www-proxy\ncr-ui IN CNAME + www-proxy\napt IN CNAME www-proxy\napt-cache IN CNAME + www-proxy\nnodered IN CNAME www-proxy\nfoto IN CNAME + www-proxy\nmusik IN CNAME www-proxy\nhassio IN CNAME + www-proxy\nhassio-conf IN CNAME www-proxy \ngit-ui IN CNAME + www-proxy\ngrav IN CNAME www-proxy\ntekton IN CNAME + www-proxy\nnc IN CNAME www-proxy\nauth IN CNAME + www-proxy\npublic.auth IN CNAME www-proxy \nsecure.auth IN CNAME + www-proxy\ndocker-registry IN CNAME adm\ncr IN CNAME adm\ndr-mirror + \ IN CNAME adm\nlog IN CNAME adm\n" +--- +apiVersion: v1 +kind: Service +metadata: + name: dns-ext + namespace: kube-system +spec: + ports: + - name: dns-udp + protocol: UDP + port: 53 + targetPort: 53 + selector: + k8s-app: kube-dns + type: LoadBalancer + loadBalancerIP: 172.23.255.252 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: kube-dns +spec: + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: kube-dns + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + k8s-app: kube-dns + spec: + containers: + - args: + - -conf + - /etc/coredns/Corefile + image: k8s.gcr.io/coredns/coredns:v1.8.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: coredns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: 8181 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/coredns + name: config-volume + readOnly: true + dnsPolicy: Default + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: coredns + serviceAccountName: coredns + terminationGracePeriodSeconds: 30 + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - configMap: + defaultMode: 420 + items: + - key: Corefile + path: Corefile + - key: lan.db + path: lan.db + name: coredns + name: config-volume \ No newline at end of file