From 6133b4b77a6567ba16505b00da2a5c32fcfb5951 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Tue, 1 Jul 2025 11:18:30 +1000
Subject: [PATCH 1/2] readd security context

---
 deployments/dns/bind.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml
index ed9c336..ea3b45a 100644
--- a/deployments/dns/bind.yaml
+++ b/deployments/dns/bind.yaml
@@ -97,6 +97,8 @@ spec:
       labels:
         app: bind-master
     spec:
+      securityContext:
+        fsGroup: 999
       containers:
       - name: bind-master
         image: internetsystemsconsortium/bind9:9.18
@@ -140,6 +142,8 @@ spec:
     spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
+      securityContext:
+        fsGroup: 999
       containers:
       - name: bind9
         image: internetsystemsconsortium/bind9:9.18

From b9814b70b6125140d0c11a0d81b1273bfb9bb429 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Tue, 1 Jul 2025 11:19:09 +1000
Subject: [PATCH 2/2] Mount bind cache as empty dir

---
 deployments/dns/bind.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml
index ea3b45a..582ad26 100644
--- a/deployments/dns/bind.yaml
+++ b/deployments/dns/bind.yaml
@@ -118,6 +118,8 @@ spec:
         - name: dns-secrets
           mountPath: /etc/bind/externaldns-key.conf
           subPath: externaldns-key.conf
+        - name: bind-cache
+          mountPath: /var/cache/bind
       volumes:
       - name: dns-secrets
         secret:
@@ -125,6 +127,8 @@ spec:
       - name: config
         configMap:
           name: bind-master-config
+      - name: bind-cache
+        emptyDir: {}
 ---
 apiVersion: apps/v1
 kind: DaemonSet