Use externalTrafficPolicy: Local on the DNS services
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline failed

Preserves client source IPs so the authoritative/resolver source-IP ACLs
actually apply to external clients (Cluster SNATs them to node IPs).

- externalTrafficPolicy: Local on bind-authoritative/resolvers/externaldns
- bump operator to v0.1.5 (CRD link + image) for the new service field
This commit is contained in:
2026-07-04 22:16:55 +10:00
parent 3ab8bcc34b
commit 4d1041925c
5 changed files with 5 additions and 2 deletions
+1 -1
View File
@@ -6,6 +6,6 @@ resources:
- namespace.yaml
# CRDs are pulled from the bind-operator repo at the matching tag rather than
# vendored here, so they never drift from the operator.
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.3/config/crd/install.yaml
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.5/config/crd/install.yaml
- rbac.yaml
- deployment.yaml