Arkaniad / bind9-isc-helm-chart

A Helm chart for Bind9 (using the official ISC docker image)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Helm Chart for bind9

This helm chart is based on the official ISC docker image.

Setting up bind9 as a resolver

By default, this chart will setup Bind9 as a resolver.

In case you want to forward a zone to your internal nameservers, you can create a secret containing valid named configuration that might look something like this:

apiVersion: v1
kind: Secret
metadata:
  name: my-named-configuration-secret
stringData:
  named.conf.local: |
    zone "my.corporate-domain.example.org" {
        type static-stub;
        server-addresses {
                192.168.1.1;
                192.168.1.2;
        };
    };

Please pay attention that this can ONLY contain zone settings or similar, no options blocks are allowed (as they are already set in the configuration generated by the chart).

You need to provide the name of this secret in the values.yaml file like so:

[...]
mount_configuration_from_secret:
  secretName: my-named-configuration-secret
[...]

After that, install the helm chart like described in the chart's README.

Setting up bind as an authoritative nameserver

You can use this chart to set up an authoritative nameserver by setting the chartMode value to authoritative. This will generate a basic named.conf with recursion disabled. However, you need to create a secret containing the actual nameserver configuration (i.e. zones) and let the chart mount this secret into the pod.

First, create a secret like this:

apiVersion: v1
kind: Secret
metadata:
  name: my-named-nameserver-configuration-secret
stringData:
  named.conf.local: |
    zone "example.org" in {
         type master;
         file "/named_config/example.org.zone";
         notify no;
    };
  example.org.zone: |
    $TTL 2h                             ; default TTL
    @ IN SOA dns.example.org.     dnsmaster.example.org. (
                        2022032900      ; serial
                        24h             ; refresh
                        2h              ; retry
                        1000h           ; expire
                        2d )            ; minimum
[...]

Please pay attention that this can ONLY contain zone settings or similar, no options blocks are allowed (as they are already set in the configuration generated by the chart).

Notice that there are two keys in that secret, one for the named.conf.local and one for the zone file (example.org.zone in the example). Both of these keys are being mounted as files to /named_config/. The zone file is referenced in the named configuration contained in the named.conf.local part. The named.conf.local is being loaded by bind automatically due to the configuration that the helm chart sets up.

To use your secret you need to provide the name of this secret in the values.yaml file like so:

[...]
mount_configuration_from_secret:
  secretName: my-named-nameserver-configuration-secret
[...]

About

A Helm chart for Bind9 (using the official ISC docker image)

License:BSD 3-Clause "New" or "Revised" License


Languages

Language:Smarty 100.0%