kind: ConfigMap metadata: name: coredns namespace: kube-system apiVersion: v1 data: Corefile: | .:53 { errors health { lameduck 5s } ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa ttl 30 } file /etc/coredns/lan.db lan prometheus :9153 forward . /etc/resolv.conf { max_concurrent 1000 } cache 30 loop reload loadbalance } lan.db: "; lan. zone file\n$ORIGIN lan.\n@ 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2021102006 7200 3600 1209600 3600\n 3600 IN NS 172.23.255.252\n\nns \ IN A 172.23.255.252\nsalt IN A 192.168.10.2 \nmqtt \ IN A 172.16.23.1\nwww-proxy IN A 172.23.255.1\ngit IN \ A 172.23.255.2\npostgresql IN A 172.23.255.4\nmariadb IN A \ 172.23.255.5\npihole IN A 172.23.255.253\nadm IN CNAME adm01.wks.\n\nprometheus IN CNAME www-proxy \nalertmanager IN CNAME www-proxy\nstats IN CNAME www-proxy\ncr-ui IN CNAME www-proxy\napt IN CNAME www-proxy\napt-cache IN CNAME www-proxy\nnodered IN CNAME www-proxy\nfoto IN CNAME www-proxy\nmusik IN CNAME www-proxy\nhassio IN CNAME www-proxy\nhassio-conf IN CNAME www-proxy \ngit-ui IN CNAME www-proxy\ngrav IN CNAME www-proxy\ntekton IN CNAME www-proxy\nnc IN CNAME www-proxy\nauth IN CNAME www-proxy\npublic.auth IN CNAME www-proxy \nsecure.auth IN CNAME www-proxy\ndocker-registry IN CNAME adm\ncr IN CNAME adm\ndr-mirror \ IN CNAME adm\nlog IN CNAME adm\n" --- apiVersion: v1 kind: Service metadata: name: dns-ext namespace: kube-system spec: ports: - name: dns-udp protocol: UDP port: 53 targetPort: 53 selector: k8s-app: kube-dns type: LoadBalancer loadBalancerIP: 172.23.255.252 --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: kube-dns spec: progressDeadlineSeconds: 600 replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kube-dns strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 1 type: RollingUpdate template: metadata: labels: k8s-app: kube-dns spec: containers: - args: - -conf - /etc/coredns/Corefile image: k8s.gcr.io/coredns/coredns:v1.8.4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 5 httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: coredns ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8181 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/coredns name: config-volume readOnly: true dnsPolicy: Default nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: coredns serviceAccountName: coredns terminationGracePeriodSeconds: 30 tolerations: - key: CriticalAddonsOnly operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes: - configMap: defaultMode: 420 items: - key: Corefile path: Corefile - key: lan.db path: lan.db name: coredns name: config-volume