apiVersion: v1 kind: ConfigMap metadata: name: coredns-external namespace: kube-system data: Corefile: |- lb.homelab.lumpiasty.xyz.:53 { view externalv4 { expr type() in ['A'] expr not hasSuffix(name(), '.in-addr.arpa.') } log . { class all } template IN A { answer "{{ .Name }} 60 IN A 139.28.40.212" } } .:53 { # Filter out anything IPv4 related view external { expr type() in ['AAAA', 'SRV', 'PTR'] expr not hasSuffix(name(), '.in-addr.arpa.') } errors health { lameduck 5s } ready log . { class error } # Exposes kubernetes domain names under homelab.lumpiasty.xyz # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ kubernetes homelab.lumpiasty.xyz ip6.arpa { pods insecure endpoint_pod_names ttl 30 } # Exposes loadbalancer domain names under lb.homelab.lumpiasty.xyz k8s_external lb.homelab.lumpiasty.xyz { ttl 30 } # Cache results to reduce stress on apiserver cache 30 { disable success homelab.lumpiasty.xyz disable denial homelab.lumpiasty.xyz } reload loadbalance } --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: kube-dns-external kubernetes.io/name: CoreDNS name: coredns-external namespace: kube-system spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kube-dns-external strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 1 type: RollingUpdate template: metadata: labels: k8s-app: kube-dns-external spec: subdomain: kube-dns-external affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: k8s-app operator: In values: - kube-dns topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - -conf - /etc/coredns/Corefile env: - name: GOMEMLIMIT value: 161MiB image: registry.k8s.io/coredns/coredns:v1.12.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 5 httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: coredns ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8181 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: memory: 170Mi requests: cpu: 0 memory: 70Mi securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/coredns name: config-volume readOnly: true dnsPolicy: Default nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler serviceAccount: coredns tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized operator: Exists volumes: - configMap: defaultMode: 420 items: - key: Corefile path: Corefile name: coredns-external name: config-volume