diff --git a/apps/k8s01/dns/dns.yaml b/apps/k8s01/dns/dns.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e2c7d793f2e347c93434143e3d2ea96e78463dea --- /dev/null +++ b/apps/k8s01/dns/dns.yaml @@ -0,0 +1,139 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: resolver + labels: + app: resolver +spec: + replicas: 2 + selector: + matchLabels: + app: resolver + template: + metadata: + labels: + app: resolver + spec: + containers: + - name: dns-over-httpd + image: quay.io/sheogorath/doh:latest + env: + - name: UPSTREAM_NAME + value: localhost4 + ports: + - containerPort: 8053 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 100m + memory: 256Mi + - name: named + image: docker.io/secns/unbound:latest + env: + - name: CACHE_MIN_TTL + value: "300" + - name: PREFETCH + value: "yes" + ports: + - containerPort: 53 + protocol: TCP + - containerPort: 53 + protocol: UDP + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: unbound-chroot + mountPath: /usr/local/etc/unbound/conf.d/ + readOnly: true + # - name: unbound-exporter + # image: ghcr.io/leoquote/unbound_exporter:main + # ports: + # - name: metrics + # containerPort: 9167 + # protocol: TCP + # resources: + # requests: + # cpu: 100m + # memory: 64Mi + # limits: + # cpu: 100m + # memory: 64Mi + volumes: + - name: unbound-chroot + configMap: + name: unbound-chroot + automountServiceAccountToken: false +--- +apiVersion: v1 +kind: Service +metadata: + name: dns53-tcp + annotations: + metallb.universe.tf/allow-shared-ip: "dns" +spec: + type: LoadBalancer + selector: + app: resolver + ports: + - name: dns53tcp + protocol: TCP + port: 53 + targetPort: 53 +--- +apiVersion: v1 +kind: Service +metadata: + name: dns53-udp + annotations: + metallb.universe.tf/allow-shared-ip: "dns" +spec: + type: LoadBalancer + selector: + app: resolver + ports: + - name: dns53udp + protocol: UDP + port: 53 + targetPort: 53 +--- +apiVersion: v1 +kind: Service +metadata: + name: dns-over-http +spec: + selector: + app: resolver + ports: + - protocol: TCP + port: 80 + targetPort: 8053 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: unbound-chroot +data: + chroot.conf: | + server: + chroot: "" + extended-statistics: yes + remote-control: + control-enable: yes +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: dns-pdb +spec: + minAvailable: 1 + selector: + matchLabels: + app: resolver diff --git a/apps/k8s01/dns/kustomization.yaml b/apps/k8s01/dns/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9309b0251e18f25047ce559bc95160185e4097da --- /dev/null +++ b/apps/k8s01/dns/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: dns +resources: + - namespace.yaml + - dns.yaml + - ../../../shared/networkpolicies/allow-from-same-namespace.yaml + - ../../../shared/resourcequotas/default.yaml diff --git a/apps/k8s01/dns/namespace.yaml b/apps/k8s01/dns/namespace.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fdd106b0c38eb9c70a6b5993167fea7eab7e2a94 --- /dev/null +++ b/apps/k8s01/dns/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: dns + labels: + name: dns