Ryan Malloy
18aa53bdc7
The final set of fixes to make the rfc2136 plugin truly operational
in production:
- coredns/Dockerfile: switch runtime stage from gcr.io/distroless to
alpine:3.20. Distroless has no package manager and no shell, so
`git commit` (called by the plugin's auto-commit code path) had no
way to execute. Alpine adds ~10 MB image size but gives us git +
a usable shell for debugging.
- docker-compose.yml: `user: "${COREDNS_UID:-1003}:${COREDNS_GID:-1004}"`.
The container runs as the host's rpm user (uid 1003/gid 1004 on
dell01) so zone files the plugin writes are owned by rpm:rpm on
the host -- not root. Without this the plugin would write
root-owned files we couldn't read or git-edit. Defaults match
dell01; override per-host via env if needed.
- .env.example: documents COREDNS_IMAGE_TAG (CalVer; bump per build).
Add COREDNS_UID/GID if you need to override on a host where rpm
has different numeric ids.
Combined with the bumped image tag (2026.05.21.2), the full
end-to-end flow works: caddy/nsupdate -> TSIG verify -> plugin
handler -> atomic file write -> git auto-commit -> auto plugin
reload -> query returns new record.