diff --git a/apps/base/ns-externaldns/cluster.yaml b/apps/base/ns-externaldns/cluster.yaml index cdc6422..9bf5f8b 100644 --- a/apps/base/ns-externaldns/cluster.yaml +++ b/apps/base/ns-externaldns/cluster.yaml @@ -25,3 +25,15 @@ spec: limits: cpu: "1" memory: 512Mi +--- +# Catalog zone so the dynamic zones replicate onto the cluster's secondaries +# (external-dns writes to the primary; secondaries IXFR the result). +apiVersion: bind.unkin.net/v1alpha1 +kind: BindCatalogZone +metadata: + name: externaldns-catalog + namespace: ns-externaldns +spec: + clusterRef: externaldns + zoneName: catalog.externaldns.internal + transferKeyRef: externaldns-key diff --git a/apps/base/ns-externaldns/kustomization.yaml b/apps/base/ns-externaldns/kustomization.yaml index 753cb3f..b5afd54 100644 --- a/apps/base/ns-externaldns/kustomization.yaml +++ b/apps/base/ns-externaldns/kustomization.yaml @@ -6,3 +6,4 @@ resources: - namespace.yaml - tsigkey.yaml - cluster.yaml + - zones.yaml diff --git a/apps/base/ns-externaldns/zones.yaml b/apps/base/ns-externaldns/zones.yaml new file mode 100644 index 0000000..a0aa2d3 --- /dev/null +++ b/apps/base/ns-externaldns/zones.yaml @@ -0,0 +1,34 @@ +# k8s external-dns zones migrated from puppet-prod +# (externaldns::k8s_zones in hieradata/roles/infra/dns/externaldns.yaml). +# Primary + dynamicUpdate: the Kubernetes external-dns controller writes +# records here via RFC2136 authenticated with externaldns-key. +--- +apiVersion: bind.unkin.net/v1alpha1 +kind: BindZone +metadata: + name: k8s-syd1-au-unkin-net + namespace: ns-externaldns +spec: + clusterRef: externaldns + zoneName: k8s.syd1.au.unkin.net + type: primary + defaultTTL: 600 + dynamicUpdate: true + updateKeyRef: externaldns-key + allowTransfer: + - key externaldns-key +--- +apiVersion: bind.unkin.net/v1alpha1 +kind: BindZone +metadata: + name: 200-18-198-in-addr-arpa + namespace: ns-externaldns +spec: + clusterRef: externaldns + zoneName: 200.18.198.in-addr.arpa + type: primary + defaultTTL: 600 + dynamicUpdate: true + updateKeyRef: externaldns-key + allowTransfer: + - key externaldns-key