369 lines
9.2 KiB
YAML
369 lines
9.2 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: dns-server
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: custom-dns-config
|
|
namespace: dns-server
|
|
data:
|
|
Corefile: |
|
|
# ================================================
|
|
# External DNS Server for connectvm.cloud
|
|
# Handles public DNS queries and tenant DNS
|
|
# ================================================
|
|
|
|
# Main domain - connectvm.cloud (Public)
|
|
connectvm.cloud:53 {
|
|
errors
|
|
log
|
|
file /etc/coredns/connectvm.cloud.db connectvm.cloud
|
|
prometheus :9153
|
|
}
|
|
|
|
# Tenant: dev-team (Development Team)
|
|
dev.connectvm.cloud:53 {
|
|
errors
|
|
log
|
|
file /etc/coredns/dev.connectvm.cloud.db dev.connectvm.cloud
|
|
prometheus :9153
|
|
}
|
|
|
|
# Tenant: prod-team (Production Team)
|
|
prod.connectvm.cloud:53 {
|
|
errors
|
|
log
|
|
file /etc/coredns/prod.connectvm.cloud.db prod.connectvm.cloud
|
|
prometheus :9153
|
|
}
|
|
|
|
# Tenant: qa-team (QA Team)
|
|
qa.connectvm.cloud:53 {
|
|
errors
|
|
log
|
|
file /etc/coredns/qa.connectvm.cloud.db qa.connectvm.cloud
|
|
prometheus :9153
|
|
}
|
|
|
|
# Internal services (optional - for internal cluster DNS)
|
|
# Disabled kubernetes plugin to avoid RBAC issues
|
|
# cluster.local:53 {
|
|
# errors
|
|
# kubernetes cluster.local {
|
|
# pods insecure
|
|
# }
|
|
# }
|
|
|
|
# Forward all other queries to upstream DNS
|
|
.:53 {
|
|
errors
|
|
log
|
|
forward . 8.8.8.8 8.8.4.4
|
|
cache 300
|
|
prometheus :9153
|
|
}
|
|
|
|
# Main domain zone file
|
|
connectvm.cloud.db: |
|
|
$ORIGIN connectvm.cloud.
|
|
$TTL 3600
|
|
@ IN SOA ns1.connectvm.cloud. admin.connectvm.cloud. (
|
|
2025111501 ; Serial
|
|
7200 ; Refresh
|
|
3600 ; Retry
|
|
1209600 ; Expire
|
|
3600 ) ; Negative Cache TTL
|
|
|
|
; Name Servers
|
|
@ IN NS ns1.connectvm.cloud.
|
|
@ IN NS ns2.connectvm.cloud.
|
|
ns1 IN A 160.30.114.10
|
|
ns2 IN A 160.30.114.10
|
|
|
|
; Main Services (Public)
|
|
@ IN A 160.30.114.10
|
|
www IN A 160.30.114.10
|
|
rancher IN A 160.30.114.10
|
|
paste IN A 160.30.114.10
|
|
fleet IN A 160.30.114.10
|
|
hello IN A 160.30.114.10
|
|
dns IN A 160.30.114.10
|
|
kamaji IN A 160.30.114.10
|
|
|
|
; Tenant Delegations
|
|
dev IN NS ns1.connectvm.cloud.
|
|
prod IN NS ns1.connectvm.cloud.
|
|
qa IN NS ns1.connectvm.cloud.
|
|
|
|
; Email
|
|
@ IN MX 10 mail.connectvm.cloud.
|
|
mail IN A 160.30.114.10
|
|
|
|
; Wildcard
|
|
* IN A 160.30.114.10
|
|
|
|
# Dev Team Tenant Zone
|
|
dev.connectvm.cloud.db: |
|
|
$ORIGIN dev.connectvm.cloud.
|
|
$TTL 3600
|
|
@ IN SOA ns1.connectvm.cloud. admin.dev.connectvm.cloud. (
|
|
2025111501 ; Serial
|
|
3600 ; Refresh
|
|
1800 ; Retry
|
|
604800 ; Expire
|
|
3600 ) ; Negative Cache TTL
|
|
|
|
; Name Server
|
|
@ IN NS ns1.connectvm.cloud.
|
|
|
|
; Dev Team Applications
|
|
@ IN A 160.30.114.10
|
|
app1 IN A 160.30.114.10
|
|
app2 IN A 160.30.114.10
|
|
api IN A 160.30.114.10
|
|
web IN A 160.30.114.10
|
|
dashboard IN A 160.30.114.10
|
|
jenkins IN A 160.30.114.10
|
|
gitlab IN A 160.30.114.10
|
|
|
|
; Development databases
|
|
db IN A 160.30.114.10
|
|
redis IN A 160.30.114.10
|
|
|
|
; Wildcard for dev team
|
|
* IN A 160.30.114.10
|
|
|
|
# Production Team Tenant Zone
|
|
prod.connectvm.cloud.db: |
|
|
$ORIGIN prod.connectvm.cloud.
|
|
$TTL 3600
|
|
@ IN SOA ns1.connectvm.cloud. admin.prod.connectvm.cloud. (
|
|
2025111501 ; Serial
|
|
3600 ; Refresh
|
|
1800 ; Retry
|
|
604800 ; Expire
|
|
3600 ) ; Negative Cache TTL
|
|
|
|
; Name Server
|
|
@ IN NS ns1.connectvm.cloud.
|
|
|
|
; Production Applications
|
|
@ IN A 160.30.114.10
|
|
api IN A 160.30.114.10
|
|
web IN A 160.30.114.10
|
|
app IN A 160.30.114.10
|
|
admin IN A 160.30.114.10
|
|
portal IN A 160.30.114.10
|
|
|
|
; Production infrastructure
|
|
db IN A 160.30.114.10
|
|
cache IN A 160.30.114.10
|
|
monitoring IN A 160.30.114.10
|
|
|
|
; Wildcard for prod team
|
|
* IN A 160.30.114.10
|
|
|
|
# QA Team Tenant Zone
|
|
qa.connectvm.cloud.db: |
|
|
$ORIGIN qa.connectvm.cloud.
|
|
$TTL 3600
|
|
@ IN SOA ns1.connectvm.cloud. admin.qa.connectvm.cloud. (
|
|
2025111501 ; Serial
|
|
3600 ; Refresh
|
|
1800 ; Retry
|
|
604800 ; Expire
|
|
3600 ) ; Negative Cache TTL
|
|
|
|
; Name Server
|
|
@ IN NS ns1.connectvm.cloud.
|
|
|
|
; QA/Testing Applications
|
|
@ IN A 160.30.114.10
|
|
test IN A 160.30.114.10
|
|
staging IN A 160.30.114.10
|
|
selenium IN A 160.30.114.10
|
|
automation IN A 160.30.114.10
|
|
reports IN A 160.30.114.10
|
|
|
|
; QA infrastructure
|
|
db IN A 160.30.114.10
|
|
|
|
; Wildcard for QA team
|
|
* IN A 160.30.114.10
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: dns-server
|
|
namespace: dns-server
|
|
labels:
|
|
app: dns-server
|
|
spec:
|
|
replicas: 3
|
|
selector:
|
|
matchLabels:
|
|
app: dns-server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: dns-server
|
|
spec:
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- dns-server
|
|
topologyKey: kubernetes.io/hostname
|
|
containers:
|
|
- name: coredns
|
|
image: coredns/coredns:1.11.1
|
|
args: ["-conf", "/etc/coredns/Corefile"]
|
|
volumeMounts:
|
|
- name: config-volume
|
|
mountPath: /etc/coredns
|
|
readOnly: true
|
|
ports:
|
|
- containerPort: 53
|
|
name: dns
|
|
protocol: UDP
|
|
- containerPort: 53
|
|
name: dns-tcp
|
|
protocol: TCP
|
|
- containerPort: 9153
|
|
name: metrics
|
|
protocol: TCP
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 53
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 53
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
resources:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "200m"
|
|
limits:
|
|
memory: "1Gi"
|
|
cpu: "1000m"
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: custom-dns-config
|
|
items:
|
|
- key: Corefile
|
|
path: Corefile
|
|
- key: connectvm.cloud.db
|
|
path: connectvm.cloud.db
|
|
- key: dev.connectvm.cloud.db
|
|
path: dev.connectvm.cloud.db
|
|
- key: prod.connectvm.cloud.db
|
|
path: prod.connectvm.cloud.db
|
|
- key: qa.connectvm.cloud.db
|
|
path: qa.connectvm.cloud.db
|
|
---
|
|
# External DNS Service (NodePort for external access)
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: dns-external
|
|
namespace: dns-server
|
|
labels:
|
|
app: dns-server
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: dns
|
|
spec:
|
|
selector:
|
|
app: dns-server
|
|
type: NodePort
|
|
ports:
|
|
- port: 53
|
|
targetPort: 53
|
|
nodePort: 30053
|
|
protocol: UDP
|
|
name: dns-udp
|
|
- port: 53
|
|
targetPort: 53
|
|
nodePort: 30053
|
|
protocol: TCP
|
|
name: dns-tcp
|
|
---
|
|
# Internal DNS Service (ClusterIP for internal use)
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: dns-internal
|
|
namespace: dns-server
|
|
labels:
|
|
app: dns-server
|
|
spec:
|
|
selector:
|
|
app: dns-server
|
|
type: ClusterIP
|
|
clusterIP: 10.96.100.100
|
|
ports:
|
|
- port: 53
|
|
targetPort: 53
|
|
protocol: UDP
|
|
name: dns-udp
|
|
- port: 53
|
|
targetPort: 53
|
|
protocol: TCP
|
|
name: dns-tcp
|
|
---
|
|
# Metrics Service
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: dns-metrics
|
|
namespace: dns-server
|
|
labels:
|
|
app: dns-server
|
|
spec:
|
|
selector:
|
|
app: dns-server
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 9153
|
|
targetPort: 9153
|
|
protocol: TCP
|
|
name: metrics
|
|
---
|
|
# Web UI/Metrics Ingress
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: dns-metrics-ingress
|
|
namespace: dns-server
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "selfsigned-issuer"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- dns.connectvm.cloud
|
|
secretName: dns-metrics-tls
|
|
rules:
|
|
- host: dns.connectvm.cloud
|
|
http:
|
|
paths:
|
|
- path: /metrics
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: dns-metrics
|
|
port:
|
|
number: 9153
|