Pull bind CRDs from operator repo instead of vendoring
References the CRD bundle from the bind-operator repo by a stable raw URL so the CRDs never drift from the operator, matching how other apps import upstream manifests. - replace the nine vendored crds/*.yaml with a single remote resource: git.unkin.net/unkin/bind-operator raw config/crd/install.yaml at v0.1.1 - bump the operator image to v0.1.1 so the running operator and its CRDs come from the same tag
This commit is contained in:
@@ -1,145 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: bindacls.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: BindACL
|
|
||||||
listKind: BindACLList
|
|
||||||
plural: bindacls
|
|
||||||
shortNames:
|
|
||||||
- bacl
|
|
||||||
singular: bindacl
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.clusterRef
|
|
||||||
name: Cluster
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.entries[*]
|
|
||||||
name: Entries
|
|
||||||
type: integer
|
|
||||||
- jsonPath: .status.ready
|
|
||||||
name: Ready
|
|
||||||
type: boolean
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: |-
|
|
||||||
BindACL is a named address-match-list referenced by views, zones and
|
|
||||||
policies for match-clients / allow-query / allow-transfer / allow-update.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: BindACLSpec defines a reusable named address_match_list.
|
|
||||||
properties:
|
|
||||||
clusterRef:
|
|
||||||
description: |-
|
|
||||||
ClusterRef names the BindCluster whose named.conf this ACL is rendered
|
|
||||||
into. When empty the ACL is available to every cluster in the namespace.
|
|
||||||
type: string
|
|
||||||
entries:
|
|
||||||
description: |-
|
|
||||||
Entries are raw BIND address-match-list elements, e.g. "10.0.0.0/8",
|
|
||||||
"!192.168.1.5", "key transfer-key", "localhost", "any", or the name of
|
|
||||||
another ACL.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
minItems: 1
|
|
||||||
type: array
|
|
||||||
required:
|
|
||||||
- entries
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: BindACLStatus reports observed ACL state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
observedGeneration:
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
ready:
|
|
||||||
type: boolean
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
@@ -1,159 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: bindcatalogzones.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: BindCatalogZone
|
|
||||||
listKind: BindCatalogZoneList
|
|
||||||
plural: bindcatalogzones
|
|
||||||
shortNames:
|
|
||||||
- bcz
|
|
||||||
singular: bindcatalogzone
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.clusterRef
|
|
||||||
name: Cluster
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.zoneName
|
|
||||||
name: Zone
|
|
||||||
type: string
|
|
||||||
- jsonPath: .status.memberCount
|
|
||||||
name: Members
|
|
||||||
type: integer
|
|
||||||
- jsonPath: .status.ready
|
|
||||||
name: Ready
|
|
||||||
type: boolean
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: BindCatalogZone auto-provisions member zones onto cluster secondaries.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: |-
|
|
||||||
BindCatalogZoneSpec defines a BIND9 catalog zone. The primary publishes it
|
|
||||||
and secondaries consume it, so member zones are provisioned onto every
|
|
||||||
secondary automatically without per-zone reconfiguration.
|
|
||||||
properties:
|
|
||||||
clusterRef:
|
|
||||||
description: ClusterRef names the owning BindCluster.
|
|
||||||
type: string
|
|
||||||
defaultPrimaries:
|
|
||||||
description: |-
|
|
||||||
DefaultPrimaries are the addresses member zones point at on secondaries.
|
|
||||||
Defaults to the cluster primary Service.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
transferKeyRef:
|
|
||||||
description: |-
|
|
||||||
TransferKeyRef names the BindTSIGKey authenticating catalog + member zone
|
|
||||||
transfers to secondaries.
|
|
||||||
type: string
|
|
||||||
zoneName:
|
|
||||||
description: ZoneName is the catalog zone's own origin, e.g. "catalog.internal".
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- clusterRef
|
|
||||||
- zoneName
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: BindCatalogZoneStatus reports observed catalog state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
memberCount:
|
|
||||||
description: MemberCount is the number of member zones registered
|
|
||||||
in the catalog.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
observedGeneration:
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
ready:
|
|
||||||
type: boolean
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -1,219 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: binddnssecpolicies.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: BindDNSSECPolicy
|
|
||||||
listKind: BindDNSSECPolicyList
|
|
||||||
plural: binddnssecpolicies
|
|
||||||
shortNames:
|
|
||||||
- bdp
|
|
||||||
singular: binddnssecpolicy
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.clusterRef
|
|
||||||
name: Cluster
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.algorithm
|
|
||||||
name: Algorithm
|
|
||||||
type: string
|
|
||||||
- jsonPath: .status.zoneCount
|
|
||||||
name: Zones
|
|
||||||
type: integer
|
|
||||||
- jsonPath: .status.ready
|
|
||||||
name: Ready
|
|
||||||
type: boolean
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: BindDNSSECPolicy is a reusable DNSSEC signing policy.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: |-
|
|
||||||
BindDNSSECPolicySpec mirrors a BIND9 dnssec-policy. Zones referencing it are
|
|
||||||
signed with inline-signing and automated key management.
|
|
||||||
properties:
|
|
||||||
algorithm:
|
|
||||||
default: ecdsap256sha256
|
|
||||||
description: Algorithm for signing. Defaults to ecdsap256sha256.
|
|
||||||
type: string
|
|
||||||
clusterRef:
|
|
||||||
description: ClusterRef names the owning BindCluster.
|
|
||||||
type: string
|
|
||||||
csk:
|
|
||||||
description: CSK, when set, uses a Combined Signing Key instead of
|
|
||||||
split KSK/ZSK.
|
|
||||||
properties:
|
|
||||||
algorithm:
|
|
||||||
description: Algorithm overrides the policy algorithm for this
|
|
||||||
key.
|
|
||||||
type: string
|
|
||||||
keySize:
|
|
||||||
description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA).
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
lifetime:
|
|
||||||
description: |-
|
|
||||||
Lifetime is how long the key is used before rollover, e.g. "P30D" or
|
|
||||||
"unlimited". Empty means unlimited.
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
extraOptions:
|
|
||||||
description: ExtraOptions are raw named.conf lines appended inside
|
|
||||||
the policy block.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
ksk:
|
|
||||||
description: KSK is the Key Signing Key configuration (ignored when
|
|
||||||
CSK is set).
|
|
||||||
properties:
|
|
||||||
algorithm:
|
|
||||||
description: Algorithm overrides the policy algorithm for this
|
|
||||||
key.
|
|
||||||
type: string
|
|
||||||
keySize:
|
|
||||||
description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA).
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
lifetime:
|
|
||||||
description: |-
|
|
||||||
Lifetime is how long the key is used before rollover, e.g. "P30D" or
|
|
||||||
"unlimited". Empty means unlimited.
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
maxZoneTTL:
|
|
||||||
description: MaxZoneTTL, e.g. "P1D".
|
|
||||||
type: string
|
|
||||||
nsec3:
|
|
||||||
description: NSEC3 enables NSEC3 hashing instead of NSEC.
|
|
||||||
type: boolean
|
|
||||||
policyName:
|
|
||||||
description: |-
|
|
||||||
PolicyName is the dnssec-policy name in named.conf. Defaults to the object
|
|
||||||
name.
|
|
||||||
type: string
|
|
||||||
signaturesValidity:
|
|
||||||
description: SignaturesValidity, e.g. "P14D".
|
|
||||||
type: string
|
|
||||||
zsk:
|
|
||||||
description: ZSK is the Zone Signing Key configuration (ignored when
|
|
||||||
CSK is set).
|
|
||||||
properties:
|
|
||||||
algorithm:
|
|
||||||
description: Algorithm overrides the policy algorithm for this
|
|
||||||
key.
|
|
||||||
type: string
|
|
||||||
keySize:
|
|
||||||
description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA).
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
lifetime:
|
|
||||||
description: |-
|
|
||||||
Lifetime is how long the key is used before rollover, e.g. "P30D" or
|
|
||||||
"unlimited". Empty means unlimited.
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
required:
|
|
||||||
- clusterRef
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: BindDNSSECPolicyStatus reports observed policy state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
observedGeneration:
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
ready:
|
|
||||||
type: boolean
|
|
||||||
zoneCount:
|
|
||||||
description: ZoneCount is the number of zones signed with this policy.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
@@ -1,203 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: bindpolicies.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: BindPolicy
|
|
||||||
listKind: BindPolicyList
|
|
||||||
plural: bindpolicies
|
|
||||||
shortNames:
|
|
||||||
- bp
|
|
||||||
singular: bindpolicy
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.clusterRef
|
|
||||||
name: Cluster
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.zoneName
|
|
||||||
name: Zone
|
|
||||||
type: string
|
|
||||||
- jsonPath: .status.ruleCount
|
|
||||||
name: Rules
|
|
||||||
type: integer
|
|
||||||
- jsonPath: .status.ready
|
|
||||||
name: Ready
|
|
||||||
type: boolean
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: BindPolicy is a Response Policy Zone (RPZ) applied to a cluster.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: |-
|
|
||||||
BindPolicySpec defines a Response Policy Zone (RPZ) — a DNS firewall applied
|
|
||||||
to a resolver cluster.
|
|
||||||
properties:
|
|
||||||
clusterRef:
|
|
||||||
description: ClusterRef names the owning BindCluster (typically a
|
|
||||||
resolver).
|
|
||||||
type: string
|
|
||||||
order:
|
|
||||||
default: 100
|
|
||||||
description: Order controls this policy's position in the response-policy
|
|
||||||
clause.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
primaries:
|
|
||||||
description: |-
|
|
||||||
Primaries lets the RPZ zone be transferred from an external feed instead
|
|
||||||
of being locally populated.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
rules:
|
|
||||||
description: Rules are the inline policy triggers.
|
|
||||||
items:
|
|
||||||
description: RPZRule is a single response-policy rule.
|
|
||||||
properties:
|
|
||||||
action:
|
|
||||||
default: nxdomain
|
|
||||||
description: Action taken when the rule matches.
|
|
||||||
enum:
|
|
||||||
- nxdomain
|
|
||||||
- nodata
|
|
||||||
- passthru
|
|
||||||
- drop
|
|
||||||
- tcp-only
|
|
||||||
- cname
|
|
||||||
type: string
|
|
||||||
match:
|
|
||||||
description: Match is the trigger value, e.g. a domain "bad.example."
|
|
||||||
or CIDR.
|
|
||||||
type: string
|
|
||||||
target:
|
|
||||||
description: Target is the rewrite target when Action is cname.
|
|
||||||
type: string
|
|
||||||
trigger:
|
|
||||||
default: qname
|
|
||||||
description: Trigger selects what the Match is compared against.
|
|
||||||
enum:
|
|
||||||
- qname
|
|
||||||
- client-ip
|
|
||||||
- ip
|
|
||||||
- nsdname
|
|
||||||
- nsip
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- match
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
transferKeyRef:
|
|
||||||
description: TransferKeyRef names the BindTSIGKey used to pull from
|
|
||||||
Primaries.
|
|
||||||
type: string
|
|
||||||
viewRef:
|
|
||||||
description: ViewRef optionally scopes the policy to a single view.
|
|
||||||
type: string
|
|
||||||
zoneName:
|
|
||||||
description: ZoneName is the RPZ zone origin, e.g. "rpz.internal".
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- clusterRef
|
|
||||||
- zoneName
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: BindPolicyStatus reports observed policy state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
observedGeneration:
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
ready:
|
|
||||||
type: boolean
|
|
||||||
ruleCount:
|
|
||||||
description: RuleCount is the number of active rules.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
@@ -1,165 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: bindtsigkeys.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: BindTSIGKey
|
|
||||||
listKind: BindTSIGKeyList
|
|
||||||
plural: bindtsigkeys
|
|
||||||
shortNames:
|
|
||||||
- btk
|
|
||||||
singular: bindtsigkey
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.algorithm
|
|
||||||
name: Algorithm
|
|
||||||
type: string
|
|
||||||
- jsonPath: .status.secretName
|
|
||||||
name: Secret
|
|
||||||
type: string
|
|
||||||
- jsonPath: .status.ready
|
|
||||||
name: Ready
|
|
||||||
type: boolean
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: |-
|
|
||||||
BindTSIGKey is a TSIG key backing zone transfers, dynamic updates and view
|
|
||||||
matching. The key material lives in a Kubernetes Secret, never in the CR.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: |-
|
|
||||||
BindTSIGKeySpec defines a TSIG key. If no existing key material is imported,
|
|
||||||
the operator generates a random key and stores it in a Secret.
|
|
||||||
properties:
|
|
||||||
algorithm:
|
|
||||||
default: hmac-sha256
|
|
||||||
description: Algorithm is the HMAC algorithm. Defaults to hmac-sha256.
|
|
||||||
enum:
|
|
||||||
- hmac-sha256
|
|
||||||
- hmac-sha512
|
|
||||||
- hmac-sha384
|
|
||||||
- hmac-sha224
|
|
||||||
- hmac-sha1
|
|
||||||
- hmac-md5
|
|
||||||
type: string
|
|
||||||
importExisting:
|
|
||||||
description: |-
|
|
||||||
ImportExisting, when true, means the referenced Secret already contains a
|
|
||||||
`secret` key and the operator will not generate new material.
|
|
||||||
type: boolean
|
|
||||||
keyName:
|
|
||||||
description: |-
|
|
||||||
KeyName is the TSIG key name emitted into named.conf. Defaults to the
|
|
||||||
object name.
|
|
||||||
type: string
|
|
||||||
secretName:
|
|
||||||
description: |-
|
|
||||||
SecretName is the Secret the key material is written to (or read from when
|
|
||||||
ImportExisting is set). Defaults to "<name>-tsig".
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: BindTSIGKeyStatus reports observed TSIG key state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
keyName:
|
|
||||||
description: KeyName as used in named.conf.
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: ObservedGeneration is the last reconciled generation.
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
ready:
|
|
||||||
description: Ready is true once the key Secret exists.
|
|
||||||
type: boolean
|
|
||||||
secretName:
|
|
||||||
description: SecretName holds the generated/managed key material.
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
@@ -1,177 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: bindviews.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: BindView
|
|
||||||
listKind: BindViewList
|
|
||||||
plural: bindviews
|
|
||||||
shortNames:
|
|
||||||
- bv
|
|
||||||
singular: bindview
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.clusterRef
|
|
||||||
name: Cluster
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.order
|
|
||||||
name: Order
|
|
||||||
type: integer
|
|
||||||
- jsonPath: .status.zoneCount
|
|
||||||
name: Zones
|
|
||||||
type: integer
|
|
||||||
- jsonPath: .status.ready
|
|
||||||
name: Ready
|
|
||||||
type: boolean
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: BindView is a split-horizon view on a BindCluster.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: |-
|
|
||||||
BindViewSpec defines a split-horizon view. View ordering is significant in
|
|
||||||
BIND; use Order to control the sequence in named.conf.
|
|
||||||
properties:
|
|
||||||
allowQuery:
|
|
||||||
description: AllowQuery is an address-match-list restricting queries
|
|
||||||
into this view.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
clusterRef:
|
|
||||||
description: ClusterRef names the owning BindCluster.
|
|
||||||
type: string
|
|
||||||
extraOptions:
|
|
||||||
description: ExtraOptions are raw named.conf lines appended inside
|
|
||||||
the view block.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
matchClients:
|
|
||||||
description: |-
|
|
||||||
MatchClients is an address-match-list (inline entries and/or ACL names)
|
|
||||||
selecting which clients this view answers. Defaults to "any".
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
matchDestinations:
|
|
||||||
description: MatchDestinations is an optional destination address-match-list.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
order:
|
|
||||||
default: 100
|
|
||||||
description: |-
|
|
||||||
Order controls the position of this view in named.conf (ascending). The
|
|
||||||
first view whose match-clients matches a query wins.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
recursion:
|
|
||||||
description: Recursion overrides the cluster recursion setting for
|
|
||||||
this view.
|
|
||||||
type: boolean
|
|
||||||
required:
|
|
||||||
- clusterRef
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: BindViewStatus reports observed view state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
observedGeneration:
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
ready:
|
|
||||||
type: boolean
|
|
||||||
zoneCount:
|
|
||||||
description: ZoneCount is the number of zones currently bound to this
|
|
||||||
view.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
@@ -1,252 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: bindzones.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: BindZone
|
|
||||||
listKind: BindZoneList
|
|
||||||
plural: bindzones
|
|
||||||
shortNames:
|
|
||||||
- bz
|
|
||||||
singular: bindzone
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.zoneName
|
|
||||||
name: Zone
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.type
|
|
||||||
name: Type
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.clusterRef
|
|
||||||
name: Cluster
|
|
||||||
type: string
|
|
||||||
- jsonPath: .status.serial
|
|
||||||
name: Serial
|
|
||||||
type: integer
|
|
||||||
- jsonPath: .status.phase
|
|
||||||
name: Phase
|
|
||||||
type: string
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: BindZone is a forward or reverse DNS zone.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: BindZoneSpec defines a DNS zone managed on a BindCluster's
|
|
||||||
primary.
|
|
||||||
properties:
|
|
||||||
allowTransfer:
|
|
||||||
description: |-
|
|
||||||
AllowTransfer is an address-match-list (inline entries and/or ACL/key
|
|
||||||
names) permitted to AXFR/IXFR this zone.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
catalog:
|
|
||||||
default: true
|
|
||||||
description: |-
|
|
||||||
Catalog, when true, registers this zone as a member of the cluster's
|
|
||||||
catalog zone so secondaries auto-provision it.
|
|
||||||
type: boolean
|
|
||||||
clusterRef:
|
|
||||||
description: ClusterRef names the owning BindCluster.
|
|
||||||
type: string
|
|
||||||
defaultTTL:
|
|
||||||
default: 3600
|
|
||||||
description: DefaultTTL for records that do not set their own TTL.
|
|
||||||
Defaults to 3600.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
dnssecPolicyRef:
|
|
||||||
description: DNSSECPolicyRef names a BindDNSSECPolicy to sign this
|
|
||||||
zone with.
|
|
||||||
type: string
|
|
||||||
dynamicUpdate:
|
|
||||||
description: |-
|
|
||||||
DynamicUpdate enables RFC2136 updates for this zone (external-dns style).
|
|
||||||
When true, UpdateKeyRef must reference a BindTSIGKey.
|
|
||||||
type: boolean
|
|
||||||
forwarders:
|
|
||||||
description: Forwarders lists upstreams for a forward-type zone.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
primaries:
|
|
||||||
description: Primaries lists source servers for a secondary/stub-type
|
|
||||||
zone.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
records:
|
|
||||||
description: Records are static record sets seeded into a primary
|
|
||||||
zone.
|
|
||||||
items:
|
|
||||||
description: |-
|
|
||||||
Record is a single resource record set seeded into a primary zone via
|
|
||||||
dynamic update (nsupdate). Ongoing changes may also arrive from DNSRecord
|
|
||||||
objects or external RFC2136 clients.
|
|
||||||
properties:
|
|
||||||
name:
|
|
||||||
default: '@'
|
|
||||||
description: |-
|
|
||||||
Name is the owner name, relative to the zone apex or fully qualified.
|
|
||||||
Use "@" for the apex.
|
|
||||||
type: string
|
|
||||||
ttl:
|
|
||||||
description: TTL for the record set in seconds. Falls back to
|
|
||||||
the zone default TTL.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
type:
|
|
||||||
description: Type is the RR type, e.g. A, AAAA, CNAME, MX, TXT,
|
|
||||||
SRV, NS, PTR, CAA.
|
|
||||||
type: string
|
|
||||||
values:
|
|
||||||
description: |-
|
|
||||||
Values are the RDATA entries, e.g. ["10 mail.example.com."] for an MX or
|
|
||||||
["192.0.2.1","192.0.2.2"] for an A round-robin.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
minItems: 1
|
|
||||||
type: array
|
|
||||||
required:
|
|
||||||
- type
|
|
||||||
- values
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
transferKeyRef:
|
|
||||||
description: |-
|
|
||||||
TransferKeyRef names the BindTSIGKey used to authenticate transfers from
|
|
||||||
Primaries for a secondary zone.
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
default: primary
|
|
||||||
description: Type is the zone type. Defaults to primary.
|
|
||||||
enum:
|
|
||||||
- primary
|
|
||||||
- secondary
|
|
||||||
- forward
|
|
||||||
- stub
|
|
||||||
type: string
|
|
||||||
updateKeyRef:
|
|
||||||
description: UpdateKeyRef names the BindTSIGKey permitted to send
|
|
||||||
dynamic updates.
|
|
||||||
type: string
|
|
||||||
viewRef:
|
|
||||||
description: ViewRef optionally binds this zone to a BindView.
|
|
||||||
type: string
|
|
||||||
zoneName:
|
|
||||||
description: ZoneName is the DNS origin, e.g. "example.com" or "2.0.192.in-addr.arpa".
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- clusterRef
|
|
||||||
- zoneName
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: BindZoneStatus reports observed zone state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
observedGeneration:
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
phase:
|
|
||||||
description: Phase is a coarse lifecycle summary (Pending/Ready/Error).
|
|
||||||
type: string
|
|
||||||
recordCount:
|
|
||||||
description: RecordCount is the number of managed record sets applied.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
serial:
|
|
||||||
description: Serial is the last observed SOA serial on the primary.
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
signed:
|
|
||||||
description: Signed reports whether DNSSEC signing is active.
|
|
||||||
type: boolean
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
@@ -1,165 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
controller-gen.kubebuilder.io/version: v0.17.3
|
|
||||||
name: dnsrecords.bind.unkin.net
|
|
||||||
spec:
|
|
||||||
group: bind.unkin.net
|
|
||||||
names:
|
|
||||||
kind: DNSRecord
|
|
||||||
listKind: DNSRecordList
|
|
||||||
plural: dnsrecords
|
|
||||||
shortNames:
|
|
||||||
- dnsr
|
|
||||||
singular: dnsrecord
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- additionalPrinterColumns:
|
|
||||||
- jsonPath: .spec.zoneRef
|
|
||||||
name: Zone
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.name
|
|
||||||
name: Name
|
|
||||||
type: string
|
|
||||||
- jsonPath: .spec.type
|
|
||||||
name: Type
|
|
||||||
type: string
|
|
||||||
- jsonPath: .status.phase
|
|
||||||
name: Phase
|
|
||||||
type: string
|
|
||||||
name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: DNSRecord is an individually-managed record set applied to a
|
|
||||||
BindZone.
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: |-
|
|
||||||
APIVersion defines the versioned schema of this representation of an object.
|
|
||||||
Servers should convert recognized schemas to the latest internal value, and
|
|
||||||
may reject unrecognized values.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: |-
|
|
||||||
Kind is a string value representing the REST resource this object represents.
|
|
||||||
Servers may infer this from the endpoint the client submits requests to.
|
|
||||||
Cannot be updated.
|
|
||||||
In CamelCase.
|
|
||||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: |-
|
|
||||||
DNSRecordSpec defines a single record set applied to a zone via TSIG dynamic
|
|
||||||
update (nsupdate) — the external-dns write path expressed as a CRD.
|
|
||||||
properties:
|
|
||||||
name:
|
|
||||||
default: '@'
|
|
||||||
description: Name is the owner name, relative to the zone apex or
|
|
||||||
fully qualified.
|
|
||||||
type: string
|
|
||||||
ttl:
|
|
||||||
description: TTL for the record set in seconds. Falls back to the
|
|
||||||
zone default TTL.
|
|
||||||
format: int32
|
|
||||||
type: integer
|
|
||||||
type:
|
|
||||||
description: Type is the RR type, e.g. A, AAAA, CNAME, TXT, SRV, MX.
|
|
||||||
type: string
|
|
||||||
values:
|
|
||||||
description: Values are the RDATA entries.
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
minItems: 1
|
|
||||||
type: array
|
|
||||||
zoneRef:
|
|
||||||
description: |-
|
|
||||||
ZoneRef names the BindZone this record belongs to. The cluster, view and
|
|
||||||
update key are derived from the referenced zone.
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- type
|
|
||||||
- values
|
|
||||||
- zoneRef
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: DNSRecordStatus reports observed record state.
|
|
||||||
properties:
|
|
||||||
conditions:
|
|
||||||
items:
|
|
||||||
description: Condition contains details for one aspect of the current
|
|
||||||
state of this API Resource.
|
|
||||||
properties:
|
|
||||||
lastTransitionTime:
|
|
||||||
description: |-
|
|
||||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
format: date-time
|
|
||||||
type: string
|
|
||||||
message:
|
|
||||||
description: |-
|
|
||||||
message is a human readable message indicating details about the transition.
|
|
||||||
This may be an empty string.
|
|
||||||
maxLength: 32768
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
description: |-
|
|
||||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
with respect to the current state of the instance.
|
|
||||||
format: int64
|
|
||||||
minimum: 0
|
|
||||||
type: integer
|
|
||||||
reason:
|
|
||||||
description: |-
|
|
||||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
and whether the values are considered a guaranteed API.
|
|
||||||
The value should be a CamelCase string.
|
|
||||||
This field may not be empty.
|
|
||||||
maxLength: 1024
|
|
||||||
minLength: 1
|
|
||||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
||||||
type: string
|
|
||||||
status:
|
|
||||||
description: status of the condition, one of True, False, Unknown.
|
|
||||||
enum:
|
|
||||||
- "True"
|
|
||||||
- "False"
|
|
||||||
- Unknown
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
maxLength: 316
|
|
||||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
||||||
type: string
|
|
||||||
required:
|
|
||||||
- lastTransitionTime
|
|
||||||
- message
|
|
||||||
- reason
|
|
||||||
- status
|
|
||||||
- type
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
x-kubernetes-list-map-keys:
|
|
||||||
- type
|
|
||||||
x-kubernetes-list-type: map
|
|
||||||
fqdn:
|
|
||||||
description: FQDN is the fully-qualified owner name that was applied.
|
|
||||||
type: string
|
|
||||||
observedGeneration:
|
|
||||||
format: int64
|
|
||||||
type: integer
|
|
||||||
phase:
|
|
||||||
description: Phase is a coarse lifecycle summary (Pending/Applied/Error).
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
@@ -21,7 +21,7 @@ spec:
|
|||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
containers:
|
containers:
|
||||||
- name: operator
|
- name: operator
|
||||||
image: git.unkin.net/unkin/bind-operator:v0.1.0
|
image: git.unkin.net/unkin/bind-operator:v0.1.1
|
||||||
args:
|
args:
|
||||||
- --metrics-bind-address=:8080
|
- --metrics-bind-address=:8080
|
||||||
- --health-probe-bind-address=:8081
|
- --health-probe-bind-address=:8081
|
||||||
|
|||||||
@@ -4,14 +4,8 @@ kind: Kustomization
|
|||||||
|
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- crds/bind.unkin.net_bindclusters.yaml
|
# CRDs are pulled from the bind-operator repo at the matching tag rather than
|
||||||
- crds/bind.unkin.net_bindzones.yaml
|
# vendored here, so they never drift from the operator.
|
||||||
- crds/bind.unkin.net_bindviews.yaml
|
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.1/config/crd/install.yaml
|
||||||
- crds/bind.unkin.net_bindtsigkeys.yaml
|
|
||||||
- crds/bind.unkin.net_bindacls.yaml
|
|
||||||
- crds/bind.unkin.net_bindcatalogzones.yaml
|
|
||||||
- crds/bind.unkin.net_bindpolicies.yaml
|
|
||||||
- crds/bind.unkin.net_binddnssecpolicies.yaml
|
|
||||||
- crds/bind.unkin.net_dnsrecords.yaml
|
|
||||||
- rbac.yaml
|
- rbac.yaml
|
||||||
- deployment.yaml
|
- deployment.yaml
|
||||||
|
|||||||
Reference in New Issue
Block a user