apiVersion: v1 kind: Namespace metadata: name: dns-server --- apiVersion: v1 kind: ConfigMap metadata: name: custom-dns-config namespace: dns-server data: Corefile: | # ================================================ # External DNS Server for connectvm.cloud # Handles public DNS queries and tenant DNS # ================================================ # Main domain - connectvm.cloud (Public) connectvm.cloud:53 { errors log file /etc/coredns/connectvm.cloud.db connectvm.cloud prometheus :9153 } # Tenant: dev-team (Development Team) dev.connectvm.cloud:53 { errors log file /etc/coredns/dev.connectvm.cloud.db dev.connectvm.cloud prometheus :9153 } # Tenant: prod-team (Production Team) prod.connectvm.cloud:53 { errors log file /etc/coredns/prod.connectvm.cloud.db prod.connectvm.cloud prometheus :9153 } # Tenant: qa-team (QA Team) qa.connectvm.cloud:53 { errors log file /etc/coredns/qa.connectvm.cloud.db qa.connectvm.cloud prometheus :9153 } # Internal Kubernetes DNS cluster.local:53 { errors kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :9153 } # Forward all other queries to upstream DNS .:53 { errors log forward . 8.8.8.8 8.8.4.4 cache 300 prometheus :9153 } # Main domain zone file connectvm.cloud.db: | $ORIGIN connectvm.cloud. $TTL 3600 @ IN SOA ns1.connectvm.cloud. admin.connectvm.cloud. ( 2025111501 ; Serial 7200 ; Refresh 3600 ; Retry 1209600 ; Expire 3600 ) ; Negative Cache TTL ; Name Servers @ IN NS ns1.connectvm.cloud. @ IN NS ns2.connectvm.cloud. ns1 IN A 160.30.114.10 ns2 IN A 160.30.114.10 ; Main Services (Public) @ IN A 160.30.114.10 www IN A 160.30.114.10 rancher IN A 160.30.114.10 paste IN A 160.30.114.10 fleet IN A 160.30.114.10 hello IN A 160.30.114.10 dns IN A 160.30.114.10 ; Tenant Delegations dev IN NS ns1.connectvm.cloud. prod IN NS ns1.connectvm.cloud. qa IN NS ns1.connectvm.cloud. ; Email @ IN MX 10 mail.connectvm.cloud. mail IN A 160.30.114.10 ; Wildcard * IN A 160.30.114.10 # Dev Team Tenant Zone dev.connectvm.cloud.db: | $ORIGIN dev.connectvm.cloud. $TTL 3600 @ IN SOA ns1.connectvm.cloud. admin.dev.connectvm.cloud. ( 2025111501 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 3600 ) ; Negative Cache TTL ; Name Server @ IN NS ns1.connectvm.cloud. ; Dev Team Applications @ IN A 160.30.114.10 app1 IN A 160.30.114.10 app2 IN A 160.30.114.10 api IN A 160.30.114.10 web IN A 160.30.114.10 dashboard IN A 160.30.114.10 jenkins IN A 160.30.114.10 gitlab IN A 160.30.114.10 ; Development databases db IN A 160.30.114.10 redis IN A 160.30.114.10 ; Wildcard for dev team * IN A 160.30.114.10 # Production Team Tenant Zone prod.connectvm.cloud.db: | $ORIGIN prod.connectvm.cloud. $TTL 3600 @ IN SOA ns1.connectvm.cloud. admin.prod.connectvm.cloud. ( 2025111501 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 3600 ) ; Negative Cache TTL ; Name Server @ IN NS ns1.connectvm.cloud. ; Production Applications @ IN A 160.30.114.10 api IN A 160.30.114.10 web IN A 160.30.114.10 app IN A 160.30.114.10 admin IN A 160.30.114.10 portal IN A 160.30.114.10 ; Production infrastructure db IN A 160.30.114.10 cache IN A 160.30.114.10 monitoring IN A 160.30.114.10 ; Wildcard for prod team * IN A 160.30.114.10 # QA Team Tenant Zone qa.connectvm.cloud.db: | $ORIGIN qa.connectvm.cloud. $TTL 3600 @ IN SOA ns1.connectvm.cloud. admin.qa.connectvm.cloud. ( 2025111501 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 3600 ) ; Negative Cache TTL ; Name Server @ IN NS ns1.connectvm.cloud. ; QA/Testing Applications @ IN A 160.30.114.10 test IN A 160.30.114.10 staging IN A 160.30.114.10 selenium IN A 160.30.114.10 automation IN A 160.30.114.10 reports IN A 160.30.114.10 ; QA infrastructure db IN A 160.30.114.10 ; Wildcard for QA team * IN A 160.30.114.10 --- apiVersion: apps/v1 kind: Deployment metadata: name: dns-server namespace: dns-server labels: app: dns-server spec: replicas: 3 selector: matchLabels: app: dns-server template: metadata: labels: app: dns-server spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - dns-server topologyKey: kubernetes.io/hostname containers: - name: coredns image: coredns/coredns:1.11.1 args: ["-conf", "/etc/coredns/Corefile"] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /ready port: 8181 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 resources: requests: memory: "256Mi" cpu: "200m" limits: memory: "1Gi" cpu: "1000m" volumes: - name: config-volume configMap: name: custom-dns-config items: - key: Corefile path: Corefile - key: connectvm.cloud.db path: connectvm.cloud.db - key: dev.connectvm.cloud.db path: dev.connectvm.cloud.db - key: prod.connectvm.cloud.db path: prod.connectvm.cloud.db - key: qa.connectvm.cloud.db path: qa.connectvm.cloud.db --- # External DNS Service (NodePort for external access) apiVersion: v1 kind: Service metadata: name: dns-external namespace: dns-server labels: app: dns-server annotations: metallb.universe.tf/allow-shared-ip: dns spec: selector: app: dns-server type: NodePort ports: - port: 53 targetPort: 53 nodePort: 30053 protocol: UDP name: dns-udp - port: 53 targetPort: 53 nodePort: 30053 protocol: TCP name: dns-tcp --- # Internal DNS Service (ClusterIP for internal use) apiVersion: v1 kind: Service metadata: name: dns-internal namespace: dns-server labels: app: dns-server spec: selector: app: dns-server type: ClusterIP clusterIP: 10.96.100.100 ports: - port: 53 targetPort: 53 protocol: UDP name: dns-udp - port: 53 targetPort: 53 protocol: TCP name: dns-tcp --- # Metrics Service apiVersion: v1 kind: Service metadata: name: dns-metrics namespace: dns-server labels: app: dns-server spec: selector: app: dns-server type: ClusterIP ports: - port: 9153 targetPort: 9153 protocol: TCP name: metrics --- # Web UI/Metrics Ingress apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dns-metrics-ingress namespace: dns-server annotations: cert-manager.io/cluster-issuer: "selfsigned-issuer" nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: ingressClassName: nginx tls: - hosts: - dns.connectvm.cloud secretName: dns-metrics-tls rules: - host: dns.connectvm.cloud http: paths: - path: /metrics pathType: Prefix backend: service: name: dns-metrics port: number: 9153