From b7b8339d70d62b55306022ca9b7e7a383be8d23f Mon Sep 17 00:00:00 2001
From: Janne Mareike Koschinski <janne@kuschku.de>
Date: Sat, 18 Mar 2023 21:02:11 +0100
Subject: [PATCH] feat: update powerdns chart
---
powerdns/Chart.yaml | 4 +--
powerdns/templates/configmap.yaml | 25 ++++++++--------
powerdns/templates/deployment.yaml | 46 +++++++++++++++++-------------
powerdns/templates/secret.yaml | 3 +-
powerdns/values.yaml | 13 ++++-----
5 files changed, 46 insertions(+), 45 deletions(-)
diff --git a/powerdns/Chart.yaml b/powerdns/Chart.yaml
index 7e00d18..658ec5a 100644
--- a/powerdns/Chart.yaml
+++ b/powerdns/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
name: powerdns
description: Helm Chart for powerdns-Core
type: application
-version: 0.0.5
-appVersion: "v4.4.1"
+version: 1.0.0
+appVersion: "4.7.3"
diff --git a/powerdns/templates/configmap.yaml b/powerdns/templates/configmap.yaml
index ba92089..c675096 100644
--- a/powerdns/templates/configmap.yaml
+++ b/powerdns/templates/configmap.yaml
@@ -5,10 +5,18 @@ metadata:
labels:
{{- include "powerdns-helm.labels" . | nindent 4 }}
data:
+ pdns.conf: |-
+ include-dir=/etc/powerdns/pdns.d
+ database.conf: |-
+ launch=lmdb
+ lmdb-filename=/data/pdns.lmdb
security.conf: |-
- setuid=100
- setgid=101
- webserver.conf: |-
+ setuid={{ .Values.securityContext.runAsUser }}
+ setgid={{ .Values.securityContext.runAsGroup }}
+
+ local-address=0.0.0.0,::
+ local-port=5353
+
api={{ .Values.api.enabled }}
{{ if .Values.api.enabled }}
webserver-address=0.0.0.0
@@ -16,17 +24,8 @@ data:
webserver-print-arguments=no
webserver-allow-from=0.0.0.0/0,::/0
{{ end }}
- database.conf: |-
- launch=gpgsql
- gpgsql-host={{ .Values.database.hostname }}
- gpgsql-port={{ .Values.database.port }}
- gpgsql-dbname={{ .Values.database.database }}
- gpgsql-user={{ .Values.database.username }}
- gpgsql-dnssec={{ .Values.database.dnssec }}
dnsupdate.conf: |-
dnsupdate=yes
allow-dnsupdate-from={{ .Values.internalCidr | join "," }}
- listen.conf: |-
- local-port=5353
- default.conf: |-
+ soa.conf: |-
default-soa-content="{{ .Values.default.hostname }} {{ .Values.default.email }} 0 10800 3600 604800 3600"
diff --git a/powerdns/templates/deployment.yaml b/powerdns/templates/deployment.yaml
index 5cb4c26..a018895 100644
--- a/powerdns/templates/deployment.yaml
+++ b/powerdns/templates/deployment.yaml
@@ -25,10 +25,12 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- - name: secrets
+ - name: data
+ {{- .Values.volumes.data | nindent 10 }}
+ - name: secret
secret:
secretName: {{ include "powerdns-helm.fullname" . }}
- - name: configs
+ - name: config
configMap:
name: {{ include "powerdns-helm.fullname" . }}
- name: tmp
@@ -40,9 +42,8 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
- env:
- - name: MYSQL_AUTOCONF
- value: "false"
+ command:
+ - "pdns_server"
ports:
- name: http
containerPort: 8080
@@ -68,23 +69,28 @@ spec:
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- - mountPath: /var/run
- name: tmp
- - mountPath: /etc/pdns/conf.d/secrets.conf
- name: secrets
- subPath: secrets.conf
- - mountPath: /etc/pdns/conf.d/database.conf
- name: configs
+ - mountPath: /data
+ name: data
+ - mountPath: /etc/powerdns/pdns.conf
+ name: config
+ subPath: pdns.conf
+ - mountPath: /etc/powerdns/pdns.d/secrets.conf
+ name: secret
+ subPath: pdns.conf
+ - mountPath: /etc/powerdns/pdns.d/database.conf
+ name: config
subPath: database.conf
- - mountPath: /etc/pdns/conf.d/dnsupdate.conf
- name: configs
+ - mountPath: /etc/powerdns/pdns.d/security.conf
+ name: config
+ subPath: security.conf
+ - mountPath: /etc/powerdns/pdns.d/dnsupdate.conf
+ name: config
subPath: dnsupdate.conf
- - mountPath: /etc/pdns/conf.d/listen.conf
- name: configs
- subPath: listen.conf
- - mountPath: /etc/pdns/conf.d/webserver.conf
- name: configs
- subPath: webserver.conf
+ - mountPath: /etc/powerdns/pdns.d/soa.conf
+ name: config
+ subPath: soa.conf
+ - mountPath: /var/run
+ name: tmp
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
diff --git a/powerdns/templates/secret.yaml b/powerdns/templates/secret.yaml
index e865258..072c5fd 100644
--- a/powerdns/templates/secret.yaml
+++ b/powerdns/templates/secret.yaml
@@ -6,8 +6,7 @@ metadata:
{{- include "powerdns-helm.labels" . | nindent 4 }}
stringData:
apikey: {{ .Values.api.key }}
- secrets.conf: |-
+ pdns.conf: |-
{{ if .Values.api.enabled }}
api-key={{ .Values.api.key }}
{{ end }}
- gpgsql-password={{ .Values.database.password }}
diff --git a/powerdns/values.yaml b/powerdns/values.yaml
index f2a3771..bd94a1e 100644
--- a/powerdns/values.yaml
+++ b/powerdns/values.yaml
@@ -1,7 +1,7 @@
replicaCount: 1
image:
- repository: psitrax/powerdns
+ repository: powerdns/pdns-auth-47
pullPolicy: IfNotPresent
tag: ""
@@ -24,13 +24,9 @@ default:
ingress:
host: "dns.example.tld"
-database:
- hostname: "localhost"
- port: 5432
- database: "powerdns"
- username: "powerdns"
- password: "hunter2"
- dnssec: "yes"
+volumes:
+ data: |-
+ emptyDir: {}
podAnnotations: { }
@@ -44,6 +40,7 @@ securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
+ runAsGroup: 2000
service:
type: ClusterIP
--
GitLab