core: fix postmark DNS and time sync

2026-01-19 23:45:31 -03:00 · 2026-01-19 23:45:31 -03:00 · 34c42cfb62
commit 34c42cfb62
parent 84cd05b08a
4 changed files with 56 additions and 2 deletions
--- a/infrastructure/core/coredns-custom.yaml
+++ b/infrastructure/core/coredns-custom.yaml
@ -32,6 +32,9 @@ data:
        192.168.22.9 notes.bstein.dev
        192.168.22.9 office.bstein.dev
        192.168.22.9 pegasus.bstein.dev
+        3.136.224.193 pm-bounces.bstein.dev
+        3.150.68.49 pm-bounces.bstein.dev
+        18.189.137.81 pm-bounces.bstein.dev
        192.168.22.9 registry.bstein.dev
        192.168.22.9 scm.bstein.dev
        192.168.22.9 secret.bstein.dev
--- a/infrastructure/core/kustomization.yaml
+++ b/infrastructure/core/kustomization.yaml
@ -6,5 +6,6 @@ resources:
  - ../modules/profiles/atlas-ha
  - coredns-custom.yaml
  - coredns-deployment.yaml
+  - ntp-sync-daemonset.yaml
  - ../sources/cert-manager/letsencrypt.yaml
  - ../sources/cert-manager/letsencrypt-prod.yaml
--- a/infrastructure/core/ntp-sync-daemonset.yaml
+++ b/infrastructure/core/ntp-sync-daemonset.yaml
@ -0,0 +1,50 @@
+# infrastructure/core/ntp-sync-daemonset.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: ntp-sync
+  namespace: kube-system
+  labels:
+    app: ntp-sync
+spec:
+  selector:
+    matchLabels:
+      app: ntp-sync
+  template:
+    metadata:
+      labels:
+        app: ntp-sync
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: DoesNotExist
+                  - key: node-role.kubernetes.io/master
+                    operator: DoesNotExist
+      containers:
+        - name: ntp-sync
+          image: public.ecr.aws/docker/library/busybox:1.36.1
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              set -eu
+              while true; do
+                ntpd -q -p pool.ntp.org || true
+                sleep 300
+              done
+          securityContext:
+            capabilities:
+              add: ["SYS_TIME"]
+            runAsUser: 0
+            runAsGroup: 0
+          resources:
+            requests:
+              cpu: 10m
+              memory: 16Mi
+            limits:
+              cpu: 50m
+              memory: 64Mi
--- a/services/monitoring/postmark-exporter-deployment.yaml
+++ b/services/monitoring/postmark-exporter-deployment.yaml
@ -18,9 +18,9 @@ spec:
        prometheus.io/path: "/metrics"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/role: "monitoring"
-        vault.hashicorp.com/agent-inject-secret-postmark-env: "kv/data/atlas/monitoring/postmark-exporter"
+        vault.hashicorp.com/agent-inject-secret-postmark-env: "kv/data/atlas/shared/postmark-relay"
        vault.hashicorp.com/agent-inject-template-postmark-env: |
-          {{- with secret "kv/data/atlas/monitoring/postmark-exporter" -}}
+          {{- with secret "kv/data/atlas/shared/postmark-relay" -}}
          export POSTMARK_SERVER_TOKEN="{{ index .Data.data "apikey" }}"
          export POSTMARK_SERVER_TOKEN_FALLBACK="{{ index .Data.data "apikey" }}"
          {{- if index .Data.data "sending-limit" }}