diff --git a/apps/base/binddns-externaldns/cluster.yaml b/apps/base/binddns-externaldns/cluster.yaml new file mode 100644 index 0000000..bccde08 --- /dev/null +++ b/apps/base/binddns-externaldns/cluster.yaml @@ -0,0 +1,26 @@ +--- +# external-dns tier (replaces the 3x Puppet external-dns servers). An ordinary +# authoritative cluster; external-dns writes to its zones via RFC2136 because +# those BindZones set dynamicUpdate (allow-update { key externaldns-key; }). +apiVersion: bind.unkin.net/v1alpha1 +kind: BindCluster +metadata: + name: externaldns + namespace: binddns-externaldns +spec: + mode: authoritative + replicas: 3 + storageClassName: cephrbd-fast-delete + storageSize: 1Gi + service: + type: LoadBalancer + annotations: + purelb.io/service-group: dmz + external-dns.alpha.kubernetes.io/hostname: ns-ext.k8s.syd1.au.unkin.net + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "1" + memory: 512Mi diff --git a/apps/base/binddns-externaldns/kustomization.yaml b/apps/base/binddns-externaldns/kustomization.yaml new file mode 100644 index 0000000..753cb3f --- /dev/null +++ b/apps/base/binddns-externaldns/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - tsigkey.yaml + - cluster.yaml diff --git a/apps/base/binddns-externaldns/namespace.yaml b/apps/base/binddns-externaldns/namespace.yaml new file mode 100644 index 0000000..5157ac4 --- /dev/null +++ b/apps/base/binddns-externaldns/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: binddns-externaldns diff --git a/apps/base/binddns-externaldns/tsigkey.yaml b/apps/base/binddns-externaldns/tsigkey.yaml new file mode 100644 index 0000000..8a1b375 --- /dev/null +++ b/apps/base/binddns-externaldns/tsigkey.yaml @@ -0,0 +1,10 @@ +--- +# Key that external-dns (and DNSRecord objects) use to send RFC2136 dynamic +# updates to the primary. The operator generates the material into a Secret. +apiVersion: bind.unkin.net/v1alpha1 +kind: BindTSIGKey +metadata: + name: externaldns-key + namespace: binddns-externaldns +spec: + algorithm: hmac-sha256 diff --git a/apps/overlays/au-syd1/binddns-externaldns/kustomization.yaml b/apps/overlays/au-syd1/binddns-externaldns/kustomization.yaml new file mode 100644 index 0000000..a3098b0 --- /dev/null +++ b/apps/overlays/au-syd1/binddns-externaldns/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/binddns-externaldns