diff --git a/powerdns/Chart.yaml b/powerdns/Chart.yaml
index 55e9bac6b7e83e0afa5598538a4a92e56ed3bf36..7e00d18e64dcb42ce435e0fbf975e23231576717 100644
--- a/powerdns/Chart.yaml
+++ b/powerdns/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
name: powerdns
description: Helm Chart for powerdns-Core
type: application
-version: 0.0.1
+version: 0.0.5
appVersion: "v4.4.1"
diff --git a/powerdns/templates/configmap.yaml b/powerdns/templates/configmap.yaml
index c7fd0ccb1311368694a687ddc0076b8a7ebf69cb..ba9208933a217d940fea155bb499870142ab3ca9 100644
--- a/powerdns/templates/configmap.yaml
+++ b/powerdns/templates/configmap.yaml
@@ -5,12 +5,17 @@ metadata:
labels:
{{- include "powerdns-helm.labels" . | nindent 4 }}
data:
+ security.conf: |-
+ setuid=100
+ setgid=101
webserver.conf: |-
- api={{ .Values.api }}
+ api={{ .Values.api.enabled }}
+ {{ if .Values.api.enabled }}
webserver-address=0.0.0.0
webserver-port=8080
webserver-print-arguments=no
webserver-allow-from=0.0.0.0/0,::/0
+ {{ end }}
database.conf: |-
launch=gpgsql
gpgsql-host={{ .Values.database.hostname }}
@@ -20,7 +25,8 @@ data:
gpgsql-dnssec={{ .Values.database.dnssec }}
dnsupdate.conf: |-
dnsupdate=yes
- allow-dnsupdate-from=127.0.0.0/8 10.244.0.0/16
+ allow-dnsupdate-from={{ .Values.internalCidr | join "," }}
listen.conf: |-
local-port=5353
-
+ default.conf: |-
+ default-soa-content="{{ .Values.default.hostname }} {{ .Values.default.email }} 0 10800 3600 604800 3600"
diff --git a/powerdns/templates/deployment.yaml b/powerdns/templates/deployment.yaml
index 8af71122f71e97f4c9905577bad09c3aefba1c4e..5cb4c260cc76970e9415d3a42ed614071b366821 100644
--- a/powerdns/templates/deployment.yaml
+++ b/powerdns/templates/deployment.yaml
@@ -31,6 +31,9 @@ spec:
- name: configs
configMap:
name: {{ include "powerdns-helm.fullname" . }}
+ - name: tmp
+ emptyDir:
+ medium: Memory
containers:
- name: {{ .Chart.Name }}
securityContext:
@@ -65,6 +68,8 @@ spec:
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
+ - mountPath: /var/run
+ name: tmp
- mountPath: /etc/pdns/conf.d/secrets.conf
name: secrets
subPath: secrets.conf
diff --git a/powerdns/templates/ingress.yaml b/powerdns/templates/ingress.yaml
index c9fc46b3062eff6f02f76a64e7bb82bfca812a5c..e238ffb306f0fb2a7e847dab62edf7456ac0e461 100644
--- a/powerdns/templates/ingress.yaml
+++ b/powerdns/templates/ingress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values.api.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -19,3 +20,4 @@ spec:
port:
name: http
pathType: Prefix
+{{ end }}
diff --git a/powerdns/templates/secret.yaml b/powerdns/templates/secret.yaml
index 0b15b0c68126a6c93795626b9c9124e050f2b454..e865258972aeda4fe53303dcc6f01fbdf45d8504 100644
--- a/powerdns/templates/secret.yaml
+++ b/powerdns/templates/secret.yaml
@@ -5,7 +5,9 @@ metadata:
labels:
{{- include "powerdns-helm.labels" . | nindent 4 }}
stringData:
- apikey: {{ .Values.apiKey }}
+ apikey: {{ .Values.api.key }}
secrets.conf: |-
- api-key={{ .Values.apiKey }}
+ {{ if .Values.api.enabled }}
+ api-key={{ .Values.api.key }}
+ {{ end }}
gpgsql-password={{ .Values.database.password }}
diff --git a/powerdns/values.yaml b/powerdns/values.yaml
index ffd5e7b5aa747d7056d42101207e78d8ef2891e3..f2a3771201856ba8b84b411eb9d5efa4f0e9e451 100644
--- a/powerdns/values.yaml
+++ b/powerdns/values.yaml
@@ -9,7 +9,17 @@ imagePullSecrets: [ ]
nameOverride: ""
fullnameOverride: ""
-apiKey: "hunter2"
+internalCidr:
+ - "127.0.0.0/8"
+ - "10.244.0.0/16"
+
+api:
+ enabled: false
+ key: "hunter2"
+
+default:
+ hostname: "a.misconfigured.dns.server.invalid"
+ email: "hostmaster.@"
ingress:
host: "dns.example.tld"