feat: update powerdns chart

4f528dc8 · Janne Mareike Koschinski · d4bbe902 · 4f528dc8 · 4f528dc8 · 4f528dc8
Verified Commit 4f528dc8 authored 2 years ago by Janne Mareike Koschinski
--- a/powerdns/Chart.yaml
+++ b/powerdns/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: powerdns
 description: Helm Chart for powerdns-Core
 type: application
-version: 0.0.1
+version: 0.0.5
 appVersion: "v4.4.1"
--- a/powerdns/templates/configmap.yaml
+++ b/powerdns/templates/configmap.yaml
@@ -5,12 +5,17 @@ metadata:
  labels:
    {{- include "powerdns-helm.labels" . | nindent 4 }}
 data:
+  security.conf: |-
+    setuid=100
+    setgid=101
  webserver.conf: |-
-    api={{ .Values.api }}
+    api={{ .Values.api.enabled }}
+    {{ if .Values.api.enabled }}
    webserver-address=0.0.0.0
    webserver-port=8080
    webserver-print-arguments=no
    webserver-allow-from=0.0.0.0/0,::/0
+    {{ end }}
  database.conf: |-
    launch=gpgsql
    gpgsql-host={{ .Values.database.hostname }}
@@ -20,7 +25,8 @@ data:
    gpgsql-dnssec={{ .Values.database.dnssec }}
  dnsupdate.conf: |-
    dnsupdate=yes
-    allow-dnsupdate-from=127.0.0.0/8 10.244.0.0/16
+    allow-dnsupdate-from={{ .Values.internalCidr | join "," }}
  listen.conf: |-
    local-port=5353
+  default.conf: |-
+    default-soa-content="{{ .Values.default.hostname }} {{ .Values.default.email }} 0 10800 3600 604800 3600"
--- a/powerdns/templates/deployment.yaml
+++ b/powerdns/templates/deployment.yaml
@@ -31,6 +31,9 @@ spec:
        - name: configs
          configMap:
            name: {{ include "powerdns-helm.fullname" . }}
+        - name: tmp
+          emptyDir:
+            medium: Memory
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
@@ -65,6 +68,8 @@ spec:
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
+            - mountPath: /var/run
+              name: tmp
            - mountPath: /etc/pdns/conf.d/secrets.conf
              name: secrets
              subPath: secrets.conf

--- a/powerdns/templates/ingress.yaml
+++ b/powerdns/templates/ingress.yaml
+{{ if .Values.api.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -19,3 +20,4 @@ spec:
                port:
                  name: http
            pathType: Prefix
+{{ end }}
--- a/powerdns/templates/secret.yaml
+++ b/powerdns/templates/secret.yaml
@@ -5,7 +5,9 @@ metadata:
  labels:
    {{- include "powerdns-helm.labels" . | nindent 4 }}
 stringData:
-  apikey: {{ .Values.apiKey }}
+  apikey: {{ .Values.api.key }}
  secrets.conf: |-
-    api-key={{ .Values.apiKey }}
+    {{ if .Values.api.enabled }}
+    api-key={{ .Values.api.key }}
+    {{ end }}
    gpgsql-password={{ .Values.database.password }}
--- a/powerdns/values.yaml
+++ b/powerdns/values.yaml
@@ -9,7 +9,17 @@ imagePullSecrets: [ ]
 nameOverride: ""
 fullnameOverride: ""
-apiKey: "hunter2"
+internalCidr:
+  - "127.0.0.0/8"
+  - "10.244.0.0/16"
+api:
+  enabled: false
+  key: "hunter2"
+default:
+  hostname: "a.misconfigured.dns.server.invalid"
+  email: "hostmaster.@"
 ingress:
  host: "dns.example.tld"