k8s-apps/dns/dns.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: etcd-data
  namespace: dns
spec:
  accessModes: [ReadWriteOnce]
  resources: { requests: { storage: 1Gi } }
  storageClassName: cephfs-hyper
---
apiVersion: v1
kind: Service
metadata:
  name: etcd
  namespace: dns
spec:
  selector: { app: etcd }
  ipFamilyPolicy: PreferDualStack
  ipFamilies: [IPv6, IPv4]
  ports:
  - name: client
    port: 2379
    targetPort: 2379
    protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: etcd
  namespace: dns
spec:
  replicas: 1
  selector: { matchLabels: { app: etcd } }
  template:
    metadata: { labels: { app: etcd } }
    spec:
      containers:
      - name: etcd
        image: quay.io/coreos/etcd:v3.6.4
        command:
          - /usr/local/bin/etcd
          - --name=etcd0
          - --data-dir=/var/lib/etcd
          - --listen-client-urls=http://[::]:2379
          - --advertise-client-urls=http://etcd.dns.svc:2379
        ports:
          - { name: client, containerPort: 2379, protocol: TCP }
        volumeMounts:
          - { name: data, mountPath: /var/lib/etcd }
      volumes:
        - name: data
          persistentVolumeClaim: { claimName: etcd-data }
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-corefile
  namespace: dns
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-corefile
  namespace: dns
data:
  Corefile: |
    apps.undercloud.dev:53 {
      errors
      log
      reload 10s
      health
      ready

      template IN SOA apps.undercloud.dev {
        rcode NOERROR
        answer "{{.Name}} 3600 IN SOA ns1.apps.undercloud.dev. hostmaster.apps.undercloud.dev. 1 7200 3600 1209600 3600"
        additional "ns1.apps.undercloud.dev. 3600 IN A 10.0.91.54"
        additional "ns2.apps.undercloud.dev. 3600 IN A 10.0.91.54"
        additional "ns1.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
        additional "ns2.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
      }
      template IN NS apps.undercloud.dev {
        rcode NOERROR
        answer "{{.Name}} 3600 IN NS ns1.apps.undercloud.dev."
        answer "{{.Name}} 3600 IN NS ns2.apps.undercloud.dev."
        additional "ns1.apps.undercloud.dev. 3600 IN A 10.0.91.54"
        additional "ns2.apps.undercloud.dev. 3600 IN A 10.0.91.54"
        additional "ns1.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
        additional "ns2.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
      }

      hosts {
        10.0.91.54            ns1.apps.undercloud.dev
        10.0.91.54            ns2.apps.undercloud.dev
        2001:470:7116:f:1::54 ns1.apps.undercloud.dev
        2001:470:7116:f:1::54 ns2.apps.undercloud.dev
        fallthrough
      }

      etcd {
        path /skydns
        endpoint http://etcd.dns.svc:2379
        fallthrough
      }

      # Static IPv4 for any subdomain
      template IN A apps.undercloud.dev {
        match ^(.+)\.apps\.undercloud\.dev\.?$
        answer "{{.Name}} 300 IN A 93.228.39.77"   # your static v4
        fallthrough
      }

      # wildcard IPv6 to Ingress
      template IN AAAA apps.undercloud.dev {
        match ^(.+)\\.apps\\.undercloud\\.dev\\.?$
        answer "{{.Name}} 300 IN AAAA 2001:470:7116:f:1::b492"
      }
    }




---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredns-auth
  namespace: dns
spec:
  replicas: 2
  selector: { matchLabels: { app: coredns-auth } }
  template:
    metadata:
      labels: { app: coredns-auth, component: bind-auth }
    spec:
      containers:
        - name: coredns
          image: coredns/coredns:1.11.1
          args: ["-conf","/etc/coredns/Corefile"]
          ports:
            - { name: dns-udp, containerPort: 53, protocol: UDP }
            - { name: dns-tcp, containerPort: 53, protocol: TCP }
            - { name: health,  containerPort: 8080, protocol: TCP }
            - { name: ready,   containerPort: 8181, protocol: TCP }
          livenessProbe:
            httpGet: { path: /health, port: 8080 }
            initialDelaySeconds: 5
            periodSeconds: 10
          readinessProbe:
            httpGet: { path: /ready, port: 8181 }
            initialDelaySeconds: 3
            periodSeconds: 5
          volumeMounts:
            - { name: corefile, mountPath: /etc/coredns }
      volumes:
        - name: corefile
          configMap: { name: coredns-corefile, items: [{key: Corefile, path: Corefile}] }
---
apiVersion: v1
kind: Service
metadata:
  name: coredns-authoritative
  namespace: dns
spec:
  type: ClusterIP
  clusterIP: 2001:470:7116:f:1::54
  clusterIPs:
    - 2001:470:7116:f:1::54
    - 10.0.91.54
  ipFamilies:
    - IPv6
    - IPv4
  ipFamilyPolicy: RequireDualStack
  selector:
    app: coredns-auth
  ports:
    - name: dns-udp
      port: 53
      protocol: UDP
      targetPort: 53
    - name: dns-tcp
      port: 53
      protocol: TCP
      targetPort: 53
---
apiVersion: v1
kind: Service
metadata:
  name: coredns-authoritative2
  namespace: dns
spec:
  type: ClusterIP
  clusterIP: 2001:470:7116:f:1::55
  clusterIPs:
    - 2001:470:7116:f:1::55
    - 10.0.91.55
  ipFamilies:
    - IPv6
    - IPv4
  ipFamilyPolicy: RequireDualStack
  selector:
    app: coredns-auth
  ports:
    - name: dns-udp
      port: 53
      protocol: UDP
      targetPort: 53
    - name: dns-tcp
      port: 53
      protocol: TCP
      targetPort: 53