kube/bind/bind-secondary.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: bind-secondary-config-local
  namespace: bind
data:
  named.conf.local: |
    zone "codemowers.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "codemowers.eu" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "codemowers.cloud" { type slave; masters { 172.20.0.2 key readonly; }; };
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: bind-secondary-config
  namespace: bind
data:
  named.conf: |
    include "/etc/bind/named.conf.local";
    include "/etc/bind/readonly.key";
    options {
        recursion no;
        pid-file "/var/bind/named.pid";
        allow-query { 0.0.0.0/0; };
        allow-notify { 172.20.0.2; };
        allow-transfer { none; };
        check-names slave ignore;
        notify no;
    };
    zone "k-space.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "k6.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "kspace.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: bind-secondary
  namespace: bind
spec:
  revisionHistoryLimit: 0
  replicas: 3
  selector:
    matchLabels:
      app: bind-secondary
  template:
    metadata:
      labels:
        app: bind-secondary
    spec:
      containers:
        - name: bind-secondary
          image: internetsystemsconsortium/bind9:9.20
          resources:
            limits:
              cpu: 100m
              memory: 100Mi
            requests:
              cpu: 1m
              memory: 35Mi
          workingDir: /var/bind
          command:
            - named
            - -g
            - -c
            - /etc/bind/named.conf
          volumeMounts:
            - name: bind-secondary-config
              mountPath: /etc/bind
              readOnly: true
            - name: bind-data
              mountPath: /var/bind
      volumes:
        - name: bind-secondary-config
          projected:
            sources:
              - configMap:
                  name: bind-secondary-config
              - configMap:
                  name: bind-secondary-config-local
                  optional: true
              - secret:
                  name: bind-readonly-secret
        - name: bind-data
          emptyDir: {}
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: topology.kubernetes.io/zone
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              app: bind-secondary
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 62.65.250.2
  selector:
    app: bind-secondary
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary-0
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.21.53.1
  selector:
    app: bind-secondary
    statefulset.kubernetes.io/pod-name: bind-secondary-0
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary-1
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.21.53.2
  selector:
    app: bind-secondary
    statefulset.kubernetes.io/pod-name: bind-secondary-1
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary-2
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.21.53.3
  selector:
    app: bind-secondary
    statefulset.kubernetes.io/pod-name: bind-secondary-2
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
Elaborate how to configure additional domains for Bind 2023-08-20 06:35:26 +00:00			`metadata:`
			`name: bind-secondary-config-local`
bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`namespace: bind`
Elaborate how to configure additional domains for Bind 2023-08-20 06:35:26 +00:00			`data:`
			`named.conf.local: \|`
			`zone "codemowers.ee" { type slave; masters { 172.20.0.2 key readonly; }; };`
			`zone "codemowers.eu" { type slave; masters { 172.20.0.2 key readonly; }; };`
			`zone "codemowers.cloud" { type slave; masters { 172.20.0.2 key readonly; }; };`
			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`metadata:`
			`name: bind-secondary-config`
bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`namespace: bind`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`data:`
			`named.conf: \|`
Elaborate how to configure additional domains for Bind 2023-08-20 06:35:26 +00:00			`include "/etc/bind/named.conf.local";`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`include "/etc/bind/readonly.key";`
			`options {`
			`recursion no;`
			`pid-file "/var/bind/named.pid";`
			`allow-query { 0.0.0.0/0; };`
			`allow-notify { 172.20.0.2; };`
			`allow-transfer { none; };`
			`check-names slave ignore;`
Elaborate how to configure additional domains for Bind 2023-08-20 06:35:26 +00:00			`notify no;`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`};`
			`zone "k-space.ee" { type slave; masters { 172.20.0.2 key readonly; }; };`
			`zone "k6.ee" { type slave; masters { 172.20.0.2 key readonly; }; };`
			`zone "kspace.ee" { type slave; masters { 172.20.0.2 key readonly; }; };`
			`---`
			`apiVersion: apps/v1`
			`kind: StatefulSet`
			`metadata:`
			`name: bind-secondary`
			`namespace: bind`
			`spec:`
bind, cert-manager: Cleanups 2024-08-14 07:04:41 +00:00			`revisionHistoryLimit: 0`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`replicas: 3`
			`selector:`
			`matchLabels:`
			`app: bind-secondary`
			`template:`
			`metadata:`
			`labels:`
			`app: bind-secondary`
			`spec:`
			`containers:`
			`- name: bind-secondary`
Update Bind 9.19 to 9.20 2024-07-26 10:16:22 +00:00			`image: internetsystemsconsortium/bind9:9.20`
bind: Fix resource limits 2024-08-24 20:28:28 +00:00			`resources:`
			`limits:`
			`cpu: 100m`
			`memory: 100Mi`
			`requests:`
			`cpu: 1m`
			`memory: 35Mi`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`workingDir: /var/bind`
			`command:`
			`- named`
			`- -g`
			`- -c`
			`- /etc/bind/named.conf`
			`volumeMounts:`
			`- name: bind-secondary-config`
			`mountPath: /etc/bind`
			`readOnly: true`
			`- name: bind-data`
			`mountPath: /var/bind`
			`volumes:`
			`- name: bind-secondary-config`
			`projected:`
			`sources:`
			`- configMap:`
			`name: bind-secondary-config`
Elaborate how to configure additional domains for Bind 2023-08-20 06:35:26 +00:00			`- configMap:`
			`name: bind-secondary-config-local`
			`optional: true`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`- secret:`
			`name: bind-readonly-secret`
			`- name: bind-data`
			`emptyDir: {}`
bind: Use topology spread constraint instead of anti affinity rules 2024-08-24 20:22:34 +00:00			`topologySpreadConstraints:`
			`- maxSkew: 1`
			`topologyKey: topology.kubernetes.io/zone`
			`whenUnsatisfiable: DoNotSchedule`
			`labelSelector:`
			`matchLabels:`
			`app: bind-secondary`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: bind-secondary`
			`namespace: bind`
			`spec:`
			`type: LoadBalancer`
			`externalTrafficPolicy: Local`
			`loadBalancerIP: 62.65.250.2`
			`selector:`
			`app: bind-secondary`
			`ports:`
			`- protocol: TCP`
			`port: 53`
			`name: dns-tcp`
			`targetPort: 53`
			`- protocol: UDP`
			`port: 53`
			`name: dns-udp`
			`targetPort: 53`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: bind-secondary-0`
			`namespace: bind`
			`spec:`
			`type: LoadBalancer`
			`externalTrafficPolicy: Local`
migrate workers to infra vlan, use bgp for calico, use calico for lb service annoucements 2024-08-14 15:15:04 +00:00			`loadBalancerIP: 172.21.53.1`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`selector:`
			`app: bind-secondary`
			`statefulset.kubernetes.io/pod-name: bind-secondary-0`
			`ports:`
			`- protocol: TCP`
			`port: 53`
			`name: dns-tcp`
			`targetPort: 53`
			`- protocol: UDP`
			`port: 53`
			`name: dns-udp`
			`targetPort: 53`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: bind-secondary-1`
			`namespace: bind`
			`spec:`
			`type: LoadBalancer`
			`externalTrafficPolicy: Local`
migrate workers to infra vlan, use bgp for calico, use calico for lb service annoucements 2024-08-14 15:15:04 +00:00			`loadBalancerIP: 172.21.53.2`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`selector:`
			`app: bind-secondary`
			`statefulset.kubernetes.io/pod-name: bind-secondary-1`
			`ports:`
			`- protocol: TCP`
			`port: 53`
			`name: dns-tcp`
			`targetPort: 53`
			`- protocol: UDP`
			`port: 53`
			`name: dns-udp`
			`targetPort: 53`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: bind-secondary-2`
			`namespace: bind`
			`spec:`
			`type: LoadBalancer`
			`externalTrafficPolicy: Local`
migrate workers to infra vlan, use bgp for calico, use calico for lb service annoucements 2024-08-14 15:15:04 +00:00			`loadBalancerIP: 172.21.53.3`
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`selector:`
			`app: bind-secondary`
			`statefulset.kubernetes.io/pod-name: bind-secondary-2`
			`ports:`
			`- protocol: TCP`
			`port: 53`
			`name: dns-tcp`
			`targetPort: 53`
			`- protocol: UDP`
			`port: 53`
			`name: dns-udp`
			`targetPort: 53`