Consolidate BIND DNS into one bind-internal namespace
ci/woodpecker/pr/kubeconform Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful

Reshapes the three DNS tiers from separate ns-* namespaces into a single
bind-internal namespace and renames the StatefulSets, and scopes the TSIG
keys to their cluster (needs the clusterRef field from operator v0.1.3).

- move the 3 clusters + zones + keys into apps/base/bind-internal:
  BindCluster names bind-authoritative / bind-resolvers / bind-externaldns
  (= StatefulSet names), LBs kept on .6/.7/.8, external-dns hostnames renamed
- add clusterRef to the transfer-key (bind-authoritative) and externaldns-key
  (bind-externaldns) TSIG keys so they no longer leak across clusters
- remove the old ns-auth / ns-resolver / ns-externaldns apps
- ApplicationSet + AppProject: replace the three ns-* entries with bind-internal
- bump bind-system operator to v0.1.3 (CRD install link + image) so the CRDs
  understand the new clusterRef field
- operator stays in bind-system (unchanged)
This commit is contained in:
2026-07-03 23:52:36 +10:00
parent 7c9a697452
commit b67d873c66
20 changed files with 71 additions and 91 deletions
+1 -1
View File
@@ -21,7 +21,7 @@ spec:
runAsNonRoot: true
containers:
- name: operator
image: git.unkin.net/unkin/bind-operator:v0.1.2
image: git.unkin.net/unkin/bind-operator:v0.1.3
args:
- --metrics-bind-address=:8080
- --health-probe-bind-address=:8081
+1 -1
View File
@@ -6,6 +6,6 @@ resources:
- namespace.yaml
# CRDs are pulled from the bind-operator repo at the matching tag rather than
# vendored here, so they never drift from the operator.
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.1/config/crd/install.yaml
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.3/config/crd/install.yaml
- rbac.yaml
- deployment.yaml