Use externalTrafficPolicy: Local on the DNS services
Preserves client source IPs so the authoritative/resolver source-IP ACLs actually apply to external clients (Cluster SNATs them to node IPs). - externalTrafficPolicy: Local on bind-authoritative/resolvers/externaldns - bump operator to v0.1.5 (CRD link + image) for the new service field
This commit is contained in:
@@ -21,7 +21,7 @@ spec:
|
||||
runAsNonRoot: true
|
||||
containers:
|
||||
- name: operator
|
||||
image: git.unkin.net/unkin/bind-operator:v0.1.4
|
||||
image: git.unkin.net/unkin/bind-operator:v0.1.5
|
||||
args:
|
||||
- --metrics-bind-address=:8080
|
||||
- --health-probe-bind-address=:8081
|
||||
|
||||
Reference in New Issue
Block a user