bindcar 0.6.0

HTTP REST API for managing BIND9 zones via rndc
# Docker Deployment

Deploy bindcar using Docker containers.

## Prerequisites

- Docker 20.10 or later
- Docker Compose (optional)
- BIND9 container or installation

## Quick Start

### Pull the Image

```bash
docker pull ghcr.io/firestoned/bindcar:latest
```

### Run bindcar

```bash
docker run -d \
  --name bindcar \
  -p 8080:8080 \
  -v /var/cache/bind:/var/cache/bind \
  -e RUST_LOG=info \
  -e BIND_ZONE_DIR=/var/cache/bind \
  ghcr.io/firestoned/bindcar:latest
```

## Docker Compose

### Complete Stack

```yaml
version: '3.8'

services:
  bind9:
    image: ubuntu/bind9:latest
    container_name: bind9
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - zones:/var/cache/bind
      - ./named.conf:/etc/bind/named.conf
    restart: unless-stopped

  bindcar:
    image: ghcr.io/firestoned/bindcar:latest
    container_name: bindcar
    ports:
      - "8080:8080"
    environment:
      - BIND_ZONE_DIR=/var/cache/bind
      - API_PORT=8080
      - RUST_LOG=info
      - DISABLE_AUTH=false
    volumes:
      - zones:/var/cache/bind
    depends_on:
      - bind9
    restart: unless-stopped

volumes:
  zones:
```

### Start the Stack

```bash
docker-compose up -d
```

### Verify

```bash
# Check containers are running
docker-compose ps

# Check bindcar health
curl http://localhost:8080/api/v1/health

# Check logs
docker-compose logs -f bindcar
```

## Environment Variables

See [Environment Variables](./env-vars.md) for complete reference.

Common variables:

```bash
BIND_ZONE_DIR=/var/cache/bind
API_PORT=8080
RUST_LOG=info
RNDC_SERVER=127.0.0.1:953
RNDC_ALGORITHM=sha256
RNDC_SECRET=dGVzdC1zZWNyZXQtaGVyZQ==
DISABLE_AUTH=false
```

## Volumes

### Zone Directory

Must be shared between BIND9 and bindcar:

```bash
-v zones:/var/cache/bind
```

Options:
- Named volume (recommended for production)
- Host path (for development)
- tmpfs (for testing)

## Networking

### Bridge Network (Default)

```yaml
services:
  bind9:
    networks:
      - dns-network
  bindcar:
    networks:
      - dns-network

networks:
  dns-network:
    driver: bridge
```

### Host Network

For direct host access:

```bash
docker run --network host \
  ghcr.io/firestoned/bindcar:latest
```

## Security

### Run as Non-Root

bindcar runs as UID 1000 by default:

```dockerfile
USER bindcar
```

### Read-Only Root Filesystem

```bash
docker run --read-only \
  -v /var/cache/bind:/var/cache/bind \
  ghcr.io/firestoned/bindcar:latest
```

### Limit Resources

```yaml
deploy:
  resources:
    limits:
      cpus: '0.5'
      memory: 512M
    reservations:
      cpus: '0.25'
      memory: 256M
```

## Health Checks

```yaml
healthcheck:
  test: ["CMD", "curl", "-f", "http://localhost:8080/api/v1/health"]
  interval: 30s
  timeout: 3s
  retries: 3
  start_period: 5s
```

## Troubleshooting

### Container Won't Start

```bash
# Check logs
docker logs bindcar

# Check permissions
docker exec bindcar ls -la /var/cache/bind
```

### Cannot Connect to API

```bash
# Check port binding
docker port bindcar

# Check firewall
sudo ufw status
```

### RNDC Command Fails

```bash
# Verify rndc is accessible
docker exec bindcar which rndc

# Test rndc
docker exec bind9 rndc status
```

## Next Steps

- [Kubernetes Deployment]./kubernetes.md - Deploy to Kubernetes
- [Configuration]./configuration.md - Advanced configuration
- [Monitoring]./monitoring.md - Monitor your deployment