tobi
/
PowerDns
2
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
30 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
 ZIP  TAR.GZ
tobi 7a4cf64f6c idk 4 months ago
mysql static pv, fix 4 months ago
README.md idk 4 months ago
admin.yaml static pv, fix 4 months ago
issuer.yaml static pv, fix 4 months ago
namespace.yaml init 5 months ago
power.yaml rewrite readme, better doc 5 months ago

README.md

Powerdns, WebGui and dns-01 certs

Create the namespace

kubectl apply -f namespace.yaml

PowerDNS (mysql backend)

Create a persistent volume for the mysql database

kubectl apply -f mysql_pvc.yaml

Create the mysql database

kubectl apply -f mysql.yaml

Create the PowerDNS service. ! Here you want to change the externalIPs that your DNS will be accessible to the world wide web

kubectl apply -f power.yaml

PowerDNS Admin (webgui)

This will create a PVC for the GUIs data, and the service itself, listening on http://10.0.0.9:8053. You might want to change this IP again

kubectl apply -f admin.yaml
  • create one user, then disable new user creation

/settings/authentication/Allow users to sign up

  • enable SOA records (otherwise you get set the default, wich is no good)

/settings/records/SOA Forward and Reverse Zone

Cert-Manger DNS-01 (Wildcard) Certs

Install cert-manager, when you read this you might need to look for a newer yaml.

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.1/cert-manager.yaml

Prepare PowerDNS

  1. kubectl exec -it -n inhouse-dns powerpdns-xxxx -- bash into any of the PowerDNS Pods.
  2. pdnsutil generate-tsig-key master_key hmac-md5 create a key named master_key and write it to the database (the command will do both)
  3. Allow key to edit your domain (yes this can only be done through direct SQL - expose the PowerDNS mysql database through an externalIP) 
    select id from domains where name='example.org';
> 1
insert into domainmetadata (domain_id, kind, content) values (5, 'TSIG-ALLOW-DNSUPDATE', 'master_key');
  4. base64 encode the key generated by pdnsutil generate-tsig-key master_key hmac-md5, double encryption i know, but sadly this is the only way kubernetes stores secrets/all secrets will be decoded upon being loaded, so if we dont encode it ours wont be readable 
    apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: cert-manager
data:
  key: base64_encoded_hmac-md5sum
  5. kubectl apply -f issuer.yaml, you want to modify it to your domain and the public ipv4 of you nameserver

Useful Resources