Use externalTrafficPolicy: Local on the DNS services
Preserves client source IPs so the authoritative/resolver source-IP ACLs actually apply to external clients (Cluster SNATs them to node IPs). - externalTrafficPolicy: Local on bind-authoritative/resolvers/externaldns - bump operator to v0.1.5 (CRD link + image) for the new service field
This commit is contained in:
@@ -6,6 +6,6 @@ resources:
|
||||
- namespace.yaml
|
||||
# CRDs are pulled from the bind-operator repo at the matching tag rather than
|
||||
# vendored here, so they never drift from the operator.
|
||||
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.3/config/crd/install.yaml
|
||||
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.5/config/crd/install.yaml
|
||||
- rbac.yaml
|
||||
- deployment.yaml
|
||||
|
||||
Reference in New Issue
Block a user