bind #1

Supports: kubernetes

Deploy this charm on Kubernetes with the CLI. Find out how by reading the docs.

Description

The original, complete open source DNS implementation


Bind charm

A Juju charm deploying Bind, configurable to use a git repository for its configuration files.

Overview

This is a k8s workload charm and can only be deployed to a Juju k8s cloud, attached to a controller using juju add-k8s.

Getting Started

Notes for deploying a test setup locally using microk8s, the setup of which is documented here: https://juju.is/docs/microk8s-cloud

juju add-model bind-test
  1. Either deploy with the default image from Dockerhub:
juju deploy cs:~bind-charmers/bind
  1. Or optionally build your own image locally and deploy with that
sudo snap install charmcraft
git clone https://git.launchpad.net/charm-k8s-bind
cd charm-k8s-bind
make image-build
docker push localhost:32000/bind
juju deploy cs:~bind-charmers/bind --config bind_image_path=localhost:32000/bind:latest bind

juju wait
juju status

Assuming you're using the image from dockerhub, or an image built locally from this repo without changes, the charm will deploy bind with its stock Ubuntu package configuration, which will forward all queries to root name servers.

DNSSEC is also enabled by default.

Custom config can be deployed by setting the custom_config_repo option to point to a Git repository containing a valid set of configuration files with which to populate the /etc/bind/ directory within the pod(s).

Since bind won't allow recursion from external clients by default, to allow easy testing, I've set up a repo with a copy of the stock config, modified to allow recursion from all RFC1918 networks:

https://code.launchpad.net/~barryprice/junk/+git/etc-bind-stock-config-with-all-rfc1918-nets-allowed

To configure a local microk8s-deployed bind application to use this config, simply run:

juju config bind custom_config_repo=https://git.launchpad.net/~barryprice/junk/+git/etc-bind-stock-config-with-all-rfc1918-nets-allowed

Once the application is ready, you should be able to query the App's IP address (not the Unit addresses) directly from your local machine:

$ juju status

Model      Controller       Cloud/Region     Version  SLA          Timestamp
bind-test  myk8s-localhost  myk8s/localhost  2.8.6    unsupported  16:44:30+07:00

App   Version    Status  Scale  Charm  Store       Rev  OS          Address         Notes
bind  bind:edge  active      1  bind   jujucharms    2  kubernetes  10.152.183.246

Unit     Workload  Agent  Address     Ports          Message
bind/0*  active    idle   10.1.25.35  53/TCP,53/UDP  Pod configured

$ dig +short example.com @10.152.183.246
93.184.216.34
$

Known Issues

This charm is unable to provide an ingress to route TCP and UDP traffic to the pods due to LP#1889703. This is also being tracked as a bug against the charm itself.


Configuration

bind_image_password
(string) Password to use for the configured image registry, if required
bind_image_path
(string) The location of the image to use, e.g. "registry.example.com/bind:v1". This setting is required.
bindcharmers/bind:edge
bind_image_username
(string) Username to use for the configured image registry, if required
container_config
(string) YAML formatted map of container config keys & values. These are generally accessed from inside the image as environment variables. Use to configure customized Wordpress images. This configuration gets logged; use container_secrets for secrets.
container_secrets
(string) YAML formatted map of secrets. Works just like container_config, except that values should not be logged.
custom_config_repo
(string) Repository from which to populate /etc/bind/. If unset, bind will be deployed with the package defaults. e.g. http://github.com/foo/my-custom-bind-config
https_proxy
(string) Proxy address to set in the environment, e.g. http://192.168.1.1:8080 Used to clone the configuration files from custom_config_repo, if set. If a username/password is required, they can be embedded in the proxy address e.g. http://username:password@192.168.1.1:8080 Traffic is expected to be HTTPS, but this will also work for HTTP.