Merge pull request #48 from mheuser/master

Set a security context with non root user

charts/k8s-gateway/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: k8s-gateway
 description: A Helm chart for the k8s_gateway CoreDNS plugin
 type: application
-version: 1.0.7
+version: 1.0.9
 appVersion: 0.1.8
 maintainers:
   - email: mmkashin@gmail.com

charts/k8s-gateway/README.md

@@ -13,6 +13,7 @@ The following table lists the configurable parameters of the k8s_gateway chart a
 | `ttl`                            | TTL for non-apex responses (in seconds)                                                   | `300`                 |
 | `dnsChallenge.enabled`           | Optional configuration option for DNS01 challenge                                         | `false`               |
 | `dnsChallenge.domain`            | See: https://cert-manager.io/docs/configuration/acme/dns01/                               | `dns01.clouddns.com`  |
+| `extraZonePlugins`               | Optional extra plugins to be added to the zone, e.g. "forward . /etc/resolv.conf"         | `""`                  | 
 | `image.registry`                 | Image registry                                                                            | `quay.io`             |
 | `image.repository`               | Image repository                                                                          | `oriedge/k8s_gateway` |
 | `image.tag`                      | Image tag                                                                                 | `latest`              |

charts/k8s-gateway/templates/configmap.yaml

@@ -6,7 +6,7 @@ metadata:
     {{- include "k8s-gateway.labels" . | nindent 4 }}
 data:
   Corefile: |-
-    .:53 {
+    .:1053 {
         errors
         log
         health {
@@ -34,4 +34,7 @@ data:
         loop
         reload
         loadbalance
+        {{- if .Values.extraZonePlugins -}}
+        {{- .Values.extraZonePlugins | nindent 8 }}
+        {{- end }}
     }

charts/k8s-gateway/templates/deployment.yaml

@@ -20,13 +20,15 @@ spec:
         image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         args: [ "-conf", "/etc/coredns/Corefile" ]
+        securityContext:
+          runAsUser: 1000
         volumeMounts:
         - name: config-volume
           mountPath: /etc/coredns
         resources:
           {{- toYaml .Values.resources | nindent 12 }}
         ports:
-        - {containerPort: 53, protocol: UDP, name: udp-53}
+        - {containerPort: 1053, protocol: UDP, name: dns-udp}
         livenessProbe:
           httpGet:
             path: /health

charts/k8s-gateway/templates/service.yaml

@@ -17,8 +17,8 @@ spec:
   ports:
   - port: {{ .Values.service.port }}
     protocol: UDP
-    name: udp-53
-    targetPort: udp-53
+    name: dns-udp
+    targetPort: dns-udp
     {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
     nodePort: {{ .Values.service.nodePort }}
     {{- end }}

charts/k8s-gateway/values.yaml

@@ -29,6 +29,9 @@ dnsChallenge:
   enabled: false
   domain: dns01.clouddns.com
 
+# Optional plugins that will be enabled in the zone, e.g. "forward . /etc/resolve.conf"
+extraZonePlugins: ""
+
 serviceAccount:
   create: true
   name: ""
@@ -40,7 +43,7 @@ service:
   # nodePort: 30053
   # loadBalancerIP: 192.168.1.2
   # externalTrafficPolicy: Local
-  # externalIPs: 
+  # externalIPs:
   #  - 192.168.1.3
 
 nodeSelector: {}

index.yaml

@@ -3,7 +3,33 @@ entries:
   k8s-gateway:
   - apiVersion: v2
     appVersion: 0.1.8
-    created: "2021-09-04T03:53:00.145401037Z"
+    created: "2021-09-11T22:07:27.010685+02:00"
+    description: A Helm chart for the k8s_gateway CoreDNS plugin
+    digest: 8d194587b8f31ed6230b2b2fcb2215f3f52e0be1a8ff754007b5a94731b7bcfb
+    maintainers:
+    - email: mmkashin@gmail.com
+      name: Michael
+    name: k8s-gateway
+    type: application
+    urls:
+    - https://ori-edge.github.io/k8s_gateway/charts/k8s-gateway-1.0.9.tgz
+    version: 1.0.9
+  - apiVersion: v2
+    appVersion: 0.1.8
+    created: "2021-09-11T22:07:27.010455+02:00"
+    description: A Helm chart for the k8s_gateway CoreDNS plugin
+    digest: 8edd4edd05d76253b81ecfaafab51f171fa725bd81b6b26fef81efa26e9374d7
+    maintainers:
+    - email: mmkashin@gmail.com
+      name: Michael
+    name: k8s-gateway
+    type: application
+    urls:
+    - https://ori-edge.github.io/k8s_gateway/charts/k8s-gateway-1.0.8.tgz
+    version: 1.0.8
+  - apiVersion: v2
+    appVersion: 0.1.8
+    created: "2021-09-11T22:07:27.010132+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: f162c5063236777b2cc238a03162e39ac2b2bbea46e0c31c6ae01eb88d9ce5c9
     maintainers:
@@ -16,7 +42,7 @@ entries:
     version: 1.0.7
   - apiVersion: v2
     appVersion: 0.1.8
-    created: "2021-09-04T03:53:00.144796577Z"
+    created: "2021-09-11T22:07:27.009587+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: cb09166912e10c092c0f15ff5aee21e5f6a57d5ffc02047695991d0f7fc019d6
     maintainers:
@@ -29,7 +55,7 @@ entries:
     version: 1.0.6
   - apiVersion: v2
     appVersion: 0.1.7
-    created: "2021-09-04T03:53:00.144201709Z"
+    created: "2021-09-11T22:07:27.009345+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: 4941bcbfc5d054cf958befda1a65a2e32773aaddd59af4b2f9420353465f0be4
     maintainers:
@@ -42,7 +68,7 @@ entries:
     version: 1.0.5
   - apiVersion: v2
     appVersion: 0.1.6
-    created: "2021-09-04T03:53:00.14361216Z"
+    created: "2021-09-11T22:07:27.009083+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: 8753d366172031ce0386c50f6857c1ac6e1f094f9ed03ad01e33f3619c6e7880
     maintainers:
@@ -55,7 +81,7 @@ entries:
     version: 1.0.4
   - apiVersion: v2
     appVersion: 0.1.5
-    created: "2021-09-04T03:53:00.14241503Z"
+    created: "2021-09-11T22:07:27.008815+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: 2aa879712ad7ce33424b5f3477acf6a90480ba317e63dd1f343f4beac66b1c0e
     maintainers:
@@ -68,7 +94,7 @@ entries:
     version: 1.0.3
   - apiVersion: v2
     appVersion: 0.1.4
-    created: "2021-09-04T03:53:00.140760756Z"
+    created: "2021-09-11T22:07:27.008551+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: 145ce2e722a9d8c95f147a5d608e00a5c47addbaeb9ea4882491e1e185c949b4
     maintainers:
@@ -81,7 +107,7 @@ entries:
     version: 1.0.2
   - apiVersion: v2
     appVersion: 0.1.4
-    created: "2021-09-04T03:53:00.140136014Z"
+    created: "2021-09-11T22:07:27.008246+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: 8f780ec9b25ca9d4461c076203a7d31889499a134086df72ce26096f0eb71ce9
     maintainers:
@@ -94,7 +120,7 @@ entries:
     version: 1.0.1
   - apiVersion: v2
     appVersion: 0.1.0
-    created: "2021-09-04T03:53:00.139079935Z"
+    created: "2021-09-11T22:07:27.007789+02:00"
     description: A Helm chart for the k8s_gateway CoreDNS plugin
     digest: 2744fcdd9840590cb9f86099135229ca2fd8b3a140bcf141a3ed206191dfd3f6
     maintainers:
@@ -105,4 +131,4 @@ entries:
     urls:
     - https://ori-edge.github.io/k8s_gateway/charts/k8s-gateway-1.0.0.tgz
     version: 1.0.0
-generated: "2021-09-04T03:53:00.137693546Z"
+generated: "2021-09-11T22:07:27.006649+02:00"