|
4 months ago | |
---|---|---|
mysql | 4 months ago | |
README.md | 4 months ago | |
admin.yaml | 4 months ago | |
issuer.yaml | 4 months ago | |
namespace.yaml | 5 months ago | |
power.yaml | 5 months ago |
Create the namespace
kubectl apply -f namespace.yaml
Create a persistent volume for the mysql database
kubectl apply -f mysql_pvc.yaml
Create the mysql database
kubectl apply -f mysql.yaml
Create the PowerDNS service. ! Here you want to change the externalIPs that your DNS will be accessible to the world wide web
kubectl apply -f power.yaml
This will create a PVC for the GUIs data, and the service itself, listening on http://10.0.0.9:8053. You might want to change this IP again
kubectl apply -f admin.yaml
/settings/authentication/Allow users to sign up
/settings/records/SOA Forward and Reverse Zone
Install cert-manager, when you read this you might need to look for a newer yaml.
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.1/cert-manager.yaml
kubectl exec -it -n inhouse-dns powerpdns-xxxx -- bash
into any of the PowerDNS Pods.pdnsutil generate-tsig-key master_key hmac-md5
create a key named master_key
and write it to the database (the command will do both)select id from domains where name='example.org';
> 1
insert into domainmetadata (domain_id, kind, content) values (5, 'TSIG-ALLOW-DNSUPDATE', 'master_key');
pdnsutil generate-tsig-key master_key hmac-md5
, double encryption i know, but sadly
this is the only way kubernetes stores secrets/all secrets will be decoded upon being loaded, so if we dont encode it
ours wont be readable
apiVersion: v1
kind: Secret
metadata:
name: secret
namespace: cert-manager
data:
key: base64_encoded_hmac-md5sum
kubectl apply -f issuer.yaml
, you want to modify it to your domain and the public ipv4 of you nameserver