coredns-deployment/docker
Nico Berlee aba0245609 Drop unneeded capabilities, make container read-only (#76)
* Run CoreDNS in Docker only with CAP_NET_BIND_SERVICE, drop all other (root) privileges. Run filesystem of container and config in read-only mode.

* Run CoreDNS in Kubernetes only with CAP_NET_BIND_SERVICE, drop all other (root) privileges. Run filesystem of container and config in read-only mode.
2018-05-29 14:02:00 +01:00
..
dns.yml Drop unneeded capabilities, make container read-only (#76) 2018-05-29 14:02:00 +01:00
README.md Add Docker 1.12+ (service) based deployment (#9) 2017-08-08 03:02:04 -07:00

docker based deployment

Prerequisites

  • Docker 1.12.x or later (Docker Swarm Mode)

Setup

First decide which nodes you are going to run coredns on and set appropriate labels on your nodes. I use iface=extern as labels on nodes with external facing interfaces and iface=intern for internal facing nodes.

$ docker node inspect node1 | jq '.[0].Spec.Labels'
{
  "iface": "extern"
}

Deploy

Connect to a "manager" node: (I use docker-machine for this)

$ eval $(docker-machine env node1)
$ docker stack deploy -c dns.yml dns

Verify

Verify your setup works:

$ dig @<node1> google.com IN A +short