From 01e73c3a2154c96158d032091fbccbbac45771b6 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 3 Jul 2026 18:56:48 +1000 Subject: [PATCH] Pull bind CRDs from operator repo instead of vendoring References the CRD bundle from the bind-operator repo by a stable raw URL so the CRDs never drift from the operator, matching how other apps import upstream manifests. - replace the nine vendored crds/*.yaml with a single remote resource: git.unkin.net/unkin/bind-operator raw config/crd/install.yaml at v0.1.1 - bump the operator image to v0.1.1 so the running operator and its CRDs come from the same tag --- .../crds/bind.unkin.net_bindacls.yaml | 145 -- .../crds/bind.unkin.net_bindcatalogzones.yaml | 159 --- .../crds/bind.unkin.net_bindclusters.yaml | 1251 ----------------- .../bind.unkin.net_binddnssecpolicies.yaml | 219 --- .../crds/bind.unkin.net_bindpolicies.yaml | 203 --- .../crds/bind.unkin.net_bindtsigkeys.yaml | 165 --- .../crds/bind.unkin.net_bindviews.yaml | 177 --- .../crds/bind.unkin.net_bindzones.yaml | 252 ---- .../crds/bind.unkin.net_dnsrecords.yaml | 165 --- apps/base/bind-system/deployment.yaml | 2 +- apps/base/bind-system/kustomization.yaml | 12 +- 11 files changed, 4 insertions(+), 2746 deletions(-) delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml delete mode 100644 apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml deleted file mode 100644 index 3cdcb54..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml +++ /dev/null @@ -1,145 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: bindacls.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindACL - listKind: BindACLList - plural: bindacls - shortNames: - - bacl - singular: bindacl - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.clusterRef - name: Cluster - type: string - - jsonPath: .spec.entries[*] - name: Entries - type: integer - - jsonPath: .status.ready - name: Ready - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - BindACL is a named address-match-list referenced by views, zones and - policies for match-clients / allow-query / allow-transfer / allow-update. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BindACLSpec defines a reusable named address_match_list. - properties: - clusterRef: - description: |- - ClusterRef names the BindCluster whose named.conf this ACL is rendered - into. When empty the ACL is available to every cluster in the namespace. - type: string - entries: - description: |- - Entries are raw BIND address-match-list elements, e.g. "10.0.0.0/8", - "!192.168.1.5", "key transfer-key", "localhost", "any", or the name of - another ACL. - items: - type: string - minItems: 1 - type: array - required: - - entries - type: object - status: - description: BindACLStatus reports observed ACL state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - format: int64 - type: integer - ready: - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml deleted file mode 100644 index 2f90f1c..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml +++ /dev/null @@ -1,159 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: bindcatalogzones.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindCatalogZone - listKind: BindCatalogZoneList - plural: bindcatalogzones - shortNames: - - bcz - singular: bindcatalogzone - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.clusterRef - name: Cluster - type: string - - jsonPath: .spec.zoneName - name: Zone - type: string - - jsonPath: .status.memberCount - name: Members - type: integer - - jsonPath: .status.ready - name: Ready - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: BindCatalogZone auto-provisions member zones onto cluster secondaries. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - BindCatalogZoneSpec defines a BIND9 catalog zone. The primary publishes it - and secondaries consume it, so member zones are provisioned onto every - secondary automatically without per-zone reconfiguration. - properties: - clusterRef: - description: ClusterRef names the owning BindCluster. - type: string - defaultPrimaries: - description: |- - DefaultPrimaries are the addresses member zones point at on secondaries. - Defaults to the cluster primary Service. - items: - type: string - type: array - transferKeyRef: - description: |- - TransferKeyRef names the BindTSIGKey authenticating catalog + member zone - transfers to secondaries. - type: string - zoneName: - description: ZoneName is the catalog zone's own origin, e.g. "catalog.internal". - type: string - required: - - clusterRef - - zoneName - type: object - status: - description: BindCatalogZoneStatus reports observed catalog state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - memberCount: - description: MemberCount is the number of member zones registered - in the catalog. - format: int32 - type: integer - observedGeneration: - format: int64 - type: integer - ready: - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml deleted file mode 100644 index 4485e70..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml +++ /dev/null @@ -1,1251 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: bindclusters.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindCluster - listKind: BindClusterList - plural: bindclusters - shortNames: - - bc - singular: bindcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.mode - name: Mode - type: string - - jsonPath: .spec.replicas - name: Desired - type: integer - - jsonPath: .status.readyReplicas - name: Ready - type: integer - - jsonPath: .status.primaryPod - name: Primary - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: BindCluster is a managed set of BIND9 servers. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BindClusterSpec defines the desired state of a BIND cluster. - properties: - affinity: - description: Affinity for the BIND pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and subtracting - "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - allowNewZones: - default: true - description: |- - AllowNewZones enables the rndc addzone/delzone control path required for - dynamic zone provisioning. Defaults to true. - type: boolean - catalogZoneRef: - description: |- - CatalogZoneRef names a BindCatalogZone that secondaries consume so member - zones are auto-provisioned without per-zone reconfiguration. - type: string - extraOptions: - description: ExtraOptions are raw named.conf `options { ... }` lines - appended verbatim. - items: - type: string - type: array - forwarders: - description: |- - Forwarders is a list of upstream resolvers used by resolver mode (and any - forward zones that do not specify their own). - items: - type: string - type: array - image: - default: internetsystemsconsortium/bind9:9.20 - description: Image is the BIND9 container image. Must ship named, - rndc and nsupdate. - type: string - imagePullPolicy: - description: ImagePullPolicy for the BIND container. - type: string - mode: - default: authoritative - description: Mode selects the cluster role. - enum: - - authoritative - - resolver - - dynamic - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector for the BIND pods. - type: object - recursion: - description: |- - Recursion overrides the default per-mode recursion setting. When nil, - resolver mode enables recursion and the other modes disable it. - type: boolean - replicas: - default: 3 - description: |- - Replicas is the number of BIND pods. Ordinal-0 is the primary for the - authoritative and dynamic modes. - format: int32 - minimum: 1 - type: integer - resources: - description: Resources for the BIND container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This field depends on the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - service: - description: Service controls how the cluster is exposed. - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the client-facing Service (e.g. - PureLB/MetalLB hints). - type: object - loadBalancerIP: - description: LoadBalancerIP requests a specific address when Type - is LoadBalancer. - type: string - type: - description: Type of the client-facing Service. Defaults to ClusterIP. - enum: - - ClusterIP - - LoadBalancer - - NodePort - type: string - type: object - storageClassName: - description: StorageClassName for the per-pod PVC that holds zone - data and journals. - type: string - storageSize: - default: 1Gi - description: StorageSize for the per-pod PVC. Defaults to 1Gi. - type: string - tolerations: - description: Tolerations for the BIND pods. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - required: - - mode - type: object - status: - description: BindClusterStatus reports observed cluster state. - properties: - conditions: - description: Conditions represent the latest available observations. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - phase: - description: Phase is a coarse lifecycle summary. - type: string - primaryPod: - description: PrimaryPod is the pod that holds authoritative zone data - (ordinal-0). - type: string - primaryService: - description: PrimaryService is the in-cluster DNS name secondaries - transfer from. - type: string - readyReplicas: - description: ReadyReplicas is the number of BIND pods currently ready. - format: int32 - type: integer - replicas: - description: Replicas is the number of BIND pods requested. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml b/apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml deleted file mode 100644 index ba2a775..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml +++ /dev/null @@ -1,219 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: binddnssecpolicies.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindDNSSECPolicy - listKind: BindDNSSECPolicyList - plural: binddnssecpolicies - shortNames: - - bdp - singular: binddnssecpolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.clusterRef - name: Cluster - type: string - - jsonPath: .spec.algorithm - name: Algorithm - type: string - - jsonPath: .status.zoneCount - name: Zones - type: integer - - jsonPath: .status.ready - name: Ready - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: BindDNSSECPolicy is a reusable DNSSEC signing policy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - BindDNSSECPolicySpec mirrors a BIND9 dnssec-policy. Zones referencing it are - signed with inline-signing and automated key management. - properties: - algorithm: - default: ecdsap256sha256 - description: Algorithm for signing. Defaults to ecdsap256sha256. - type: string - clusterRef: - description: ClusterRef names the owning BindCluster. - type: string - csk: - description: CSK, when set, uses a Combined Signing Key instead of - split KSK/ZSK. - properties: - algorithm: - description: Algorithm overrides the policy algorithm for this - key. - type: string - keySize: - description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA). - format: int32 - type: integer - lifetime: - description: |- - Lifetime is how long the key is used before rollover, e.g. "P30D" or - "unlimited". Empty means unlimited. - type: string - type: object - extraOptions: - description: ExtraOptions are raw named.conf lines appended inside - the policy block. - items: - type: string - type: array - ksk: - description: KSK is the Key Signing Key configuration (ignored when - CSK is set). - properties: - algorithm: - description: Algorithm overrides the policy algorithm for this - key. - type: string - keySize: - description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA). - format: int32 - type: integer - lifetime: - description: |- - Lifetime is how long the key is used before rollover, e.g. "P30D" or - "unlimited". Empty means unlimited. - type: string - type: object - maxZoneTTL: - description: MaxZoneTTL, e.g. "P1D". - type: string - nsec3: - description: NSEC3 enables NSEC3 hashing instead of NSEC. - type: boolean - policyName: - description: |- - PolicyName is the dnssec-policy name in named.conf. Defaults to the object - name. - type: string - signaturesValidity: - description: SignaturesValidity, e.g. "P14D". - type: string - zsk: - description: ZSK is the Zone Signing Key configuration (ignored when - CSK is set). - properties: - algorithm: - description: Algorithm overrides the policy algorithm for this - key. - type: string - keySize: - description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA). - format: int32 - type: integer - lifetime: - description: |- - Lifetime is how long the key is used before rollover, e.g. "P30D" or - "unlimited". Empty means unlimited. - type: string - type: object - required: - - clusterRef - type: object - status: - description: BindDNSSECPolicyStatus reports observed policy state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - format: int64 - type: integer - ready: - type: boolean - zoneCount: - description: ZoneCount is the number of zones signed with this policy. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml deleted file mode 100644 index c653031..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml +++ /dev/null @@ -1,203 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: bindpolicies.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindPolicy - listKind: BindPolicyList - plural: bindpolicies - shortNames: - - bp - singular: bindpolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.clusterRef - name: Cluster - type: string - - jsonPath: .spec.zoneName - name: Zone - type: string - - jsonPath: .status.ruleCount - name: Rules - type: integer - - jsonPath: .status.ready - name: Ready - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: BindPolicy is a Response Policy Zone (RPZ) applied to a cluster. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - BindPolicySpec defines a Response Policy Zone (RPZ) — a DNS firewall applied - to a resolver cluster. - properties: - clusterRef: - description: ClusterRef names the owning BindCluster (typically a - resolver). - type: string - order: - default: 100 - description: Order controls this policy's position in the response-policy - clause. - format: int32 - type: integer - primaries: - description: |- - Primaries lets the RPZ zone be transferred from an external feed instead - of being locally populated. - items: - type: string - type: array - rules: - description: Rules are the inline policy triggers. - items: - description: RPZRule is a single response-policy rule. - properties: - action: - default: nxdomain - description: Action taken when the rule matches. - enum: - - nxdomain - - nodata - - passthru - - drop - - tcp-only - - cname - type: string - match: - description: Match is the trigger value, e.g. a domain "bad.example." - or CIDR. - type: string - target: - description: Target is the rewrite target when Action is cname. - type: string - trigger: - default: qname - description: Trigger selects what the Match is compared against. - enum: - - qname - - client-ip - - ip - - nsdname - - nsip - type: string - required: - - match - type: object - type: array - transferKeyRef: - description: TransferKeyRef names the BindTSIGKey used to pull from - Primaries. - type: string - viewRef: - description: ViewRef optionally scopes the policy to a single view. - type: string - zoneName: - description: ZoneName is the RPZ zone origin, e.g. "rpz.internal". - type: string - required: - - clusterRef - - zoneName - type: object - status: - description: BindPolicyStatus reports observed policy state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - format: int64 - type: integer - ready: - type: boolean - ruleCount: - description: RuleCount is the number of active rules. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml deleted file mode 100644 index e51cccc..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml +++ /dev/null @@ -1,165 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: bindtsigkeys.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindTSIGKey - listKind: BindTSIGKeyList - plural: bindtsigkeys - shortNames: - - btk - singular: bindtsigkey - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.algorithm - name: Algorithm - type: string - - jsonPath: .status.secretName - name: Secret - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - BindTSIGKey is a TSIG key backing zone transfers, dynamic updates and view - matching. The key material lives in a Kubernetes Secret, never in the CR. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - BindTSIGKeySpec defines a TSIG key. If no existing key material is imported, - the operator generates a random key and stores it in a Secret. - properties: - algorithm: - default: hmac-sha256 - description: Algorithm is the HMAC algorithm. Defaults to hmac-sha256. - enum: - - hmac-sha256 - - hmac-sha512 - - hmac-sha384 - - hmac-sha224 - - hmac-sha1 - - hmac-md5 - type: string - importExisting: - description: |- - ImportExisting, when true, means the referenced Secret already contains a - `secret` key and the operator will not generate new material. - type: boolean - keyName: - description: |- - KeyName is the TSIG key name emitted into named.conf. Defaults to the - object name. - type: string - secretName: - description: |- - SecretName is the Secret the key material is written to (or read from when - ImportExisting is set). Defaults to "-tsig". - type: string - type: object - status: - description: BindTSIGKeyStatus reports observed TSIG key state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - keyName: - description: KeyName as used in named.conf. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - ready: - description: Ready is true once the key Secret exists. - type: boolean - secretName: - description: SecretName holds the generated/managed key material. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml deleted file mode 100644 index c607569..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml +++ /dev/null @@ -1,177 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: bindviews.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindView - listKind: BindViewList - plural: bindviews - shortNames: - - bv - singular: bindview - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.clusterRef - name: Cluster - type: string - - jsonPath: .spec.order - name: Order - type: integer - - jsonPath: .status.zoneCount - name: Zones - type: integer - - jsonPath: .status.ready - name: Ready - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: BindView is a split-horizon view on a BindCluster. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - BindViewSpec defines a split-horizon view. View ordering is significant in - BIND; use Order to control the sequence in named.conf. - properties: - allowQuery: - description: AllowQuery is an address-match-list restricting queries - into this view. - items: - type: string - type: array - clusterRef: - description: ClusterRef names the owning BindCluster. - type: string - extraOptions: - description: ExtraOptions are raw named.conf lines appended inside - the view block. - items: - type: string - type: array - matchClients: - description: |- - MatchClients is an address-match-list (inline entries and/or ACL names) - selecting which clients this view answers. Defaults to "any". - items: - type: string - type: array - matchDestinations: - description: MatchDestinations is an optional destination address-match-list. - items: - type: string - type: array - order: - default: 100 - description: |- - Order controls the position of this view in named.conf (ascending). The - first view whose match-clients matches a query wins. - format: int32 - type: integer - recursion: - description: Recursion overrides the cluster recursion setting for - this view. - type: boolean - required: - - clusterRef - type: object - status: - description: BindViewStatus reports observed view state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - format: int64 - type: integer - ready: - type: boolean - zoneCount: - description: ZoneCount is the number of zones currently bound to this - view. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml deleted file mode 100644 index 4e9a960..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml +++ /dev/null @@ -1,252 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: bindzones.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: BindZone - listKind: BindZoneList - plural: bindzones - shortNames: - - bz - singular: bindzone - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.zoneName - name: Zone - type: string - - jsonPath: .spec.type - name: Type - type: string - - jsonPath: .spec.clusterRef - name: Cluster - type: string - - jsonPath: .status.serial - name: Serial - type: integer - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: BindZone is a forward or reverse DNS zone. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BindZoneSpec defines a DNS zone managed on a BindCluster's - primary. - properties: - allowTransfer: - description: |- - AllowTransfer is an address-match-list (inline entries and/or ACL/key - names) permitted to AXFR/IXFR this zone. - items: - type: string - type: array - catalog: - default: true - description: |- - Catalog, when true, registers this zone as a member of the cluster's - catalog zone so secondaries auto-provision it. - type: boolean - clusterRef: - description: ClusterRef names the owning BindCluster. - type: string - defaultTTL: - default: 3600 - description: DefaultTTL for records that do not set their own TTL. - Defaults to 3600. - format: int32 - type: integer - dnssecPolicyRef: - description: DNSSECPolicyRef names a BindDNSSECPolicy to sign this - zone with. - type: string - dynamicUpdate: - description: |- - DynamicUpdate enables RFC2136 updates for this zone (external-dns style). - When true, UpdateKeyRef must reference a BindTSIGKey. - type: boolean - forwarders: - description: Forwarders lists upstreams for a forward-type zone. - items: - type: string - type: array - primaries: - description: Primaries lists source servers for a secondary/stub-type - zone. - items: - type: string - type: array - records: - description: Records are static record sets seeded into a primary - zone. - items: - description: |- - Record is a single resource record set seeded into a primary zone via - dynamic update (nsupdate). Ongoing changes may also arrive from DNSRecord - objects or external RFC2136 clients. - properties: - name: - default: '@' - description: |- - Name is the owner name, relative to the zone apex or fully qualified. - Use "@" for the apex. - type: string - ttl: - description: TTL for the record set in seconds. Falls back to - the zone default TTL. - format: int32 - type: integer - type: - description: Type is the RR type, e.g. A, AAAA, CNAME, MX, TXT, - SRV, NS, PTR, CAA. - type: string - values: - description: |- - Values are the RDATA entries, e.g. ["10 mail.example.com."] for an MX or - ["192.0.2.1","192.0.2.2"] for an A round-robin. - items: - type: string - minItems: 1 - type: array - required: - - type - - values - type: object - type: array - transferKeyRef: - description: |- - TransferKeyRef names the BindTSIGKey used to authenticate transfers from - Primaries for a secondary zone. - type: string - type: - default: primary - description: Type is the zone type. Defaults to primary. - enum: - - primary - - secondary - - forward - - stub - type: string - updateKeyRef: - description: UpdateKeyRef names the BindTSIGKey permitted to send - dynamic updates. - type: string - viewRef: - description: ViewRef optionally binds this zone to a BindView. - type: string - zoneName: - description: ZoneName is the DNS origin, e.g. "example.com" or "2.0.192.in-addr.arpa". - type: string - required: - - clusterRef - - zoneName - type: object - status: - description: BindZoneStatus reports observed zone state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - format: int64 - type: integer - phase: - description: Phase is a coarse lifecycle summary (Pending/Ready/Error). - type: string - recordCount: - description: RecordCount is the number of managed record sets applied. - format: int32 - type: integer - serial: - description: Serial is the last observed SOA serial on the primary. - format: int64 - type: integer - signed: - description: Signed reports whether DNSSEC signing is active. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml b/apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml deleted file mode 100644 index 18ddaeb..0000000 --- a/apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml +++ /dev/null @@ -1,165 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.3 - name: dnsrecords.bind.unkin.net -spec: - group: bind.unkin.net - names: - kind: DNSRecord - listKind: DNSRecordList - plural: dnsrecords - shortNames: - - dnsr - singular: dnsrecord - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.zoneRef - name: Zone - type: string - - jsonPath: .spec.name - name: Name - type: string - - jsonPath: .spec.type - name: Type - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: DNSRecord is an individually-managed record set applied to a - BindZone. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - DNSRecordSpec defines a single record set applied to a zone via TSIG dynamic - update (nsupdate) — the external-dns write path expressed as a CRD. - properties: - name: - default: '@' - description: Name is the owner name, relative to the zone apex or - fully qualified. - type: string - ttl: - description: TTL for the record set in seconds. Falls back to the - zone default TTL. - format: int32 - type: integer - type: - description: Type is the RR type, e.g. A, AAAA, CNAME, TXT, SRV, MX. - type: string - values: - description: Values are the RDATA entries. - items: - type: string - minItems: 1 - type: array - zoneRef: - description: |- - ZoneRef names the BindZone this record belongs to. The cluster, view and - update key are derived from the referenced zone. - type: string - required: - - type - - values - - zoneRef - type: object - status: - description: DNSRecordStatus reports observed record state. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - fqdn: - description: FQDN is the fully-qualified owner name that was applied. - type: string - observedGeneration: - format: int64 - type: integer - phase: - description: Phase is a coarse lifecycle summary (Pending/Applied/Error). - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/apps/base/bind-system/deployment.yaml b/apps/base/bind-system/deployment.yaml index 4df43e9..0dd8c11 100644 --- a/apps/base/bind-system/deployment.yaml +++ b/apps/base/bind-system/deployment.yaml @@ -21,7 +21,7 @@ spec: runAsNonRoot: true containers: - name: operator - image: git.unkin.net/unkin/bind-operator:v0.1.0 + image: git.unkin.net/unkin/bind-operator:v0.1.1 args: - --metrics-bind-address=:8080 - --health-probe-bind-address=:8081 diff --git a/apps/base/bind-system/kustomization.yaml b/apps/base/bind-system/kustomization.yaml index 960ad46..332622f 100644 --- a/apps/base/bind-system/kustomization.yaml +++ b/apps/base/bind-system/kustomization.yaml @@ -4,14 +4,8 @@ kind: Kustomization resources: - namespace.yaml - - crds/bind.unkin.net_bindclusters.yaml - - crds/bind.unkin.net_bindzones.yaml - - crds/bind.unkin.net_bindviews.yaml - - crds/bind.unkin.net_bindtsigkeys.yaml - - crds/bind.unkin.net_bindacls.yaml - - crds/bind.unkin.net_bindcatalogzones.yaml - - crds/bind.unkin.net_bindpolicies.yaml - - crds/bind.unkin.net_binddnssecpolicies.yaml - - crds/bind.unkin.net_dnsrecords.yaml + # CRDs are pulled from the bind-operator repo at the matching tag rather than + # vendored here, so they never drift from the operator. + - https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.1/config/crd/install.yaml - rbac.yaml - deployment.yaml