Consolidate BIND DNS into one bind-internal namespace
Reshapes the three DNS tiers from separate ns-* namespaces into a single bind-internal namespace and renames the StatefulSets, and scopes the TSIG keys to their cluster (needs the clusterRef field from operator v0.1.3). - move the 3 clusters + zones + keys into apps/base/bind-internal: BindCluster names bind-authoritative / bind-resolvers / bind-externaldns (= StatefulSet names), LBs kept on .6/.7/.8, external-dns hostnames renamed - add clusterRef to the transfer-key (bind-authoritative) and externaldns-key (bind-externaldns) TSIG keys so they no longer leak across clusters - remove the old ns-auth / ns-resolver / ns-externaldns apps - ApplicationSet + AppProject: replace the three ns-* entries with bind-internal - bump bind-system operator to v0.1.3 (CRD install link + image) so the CRDs understand the new clusterRef field - operator stays in bind-system (unchanged)
This commit is contained in:
@@ -21,7 +21,7 @@ spec:
|
||||
runAsNonRoot: true
|
||||
containers:
|
||||
- name: operator
|
||||
image: git.unkin.net/unkin/bind-operator:v0.1.2
|
||||
image: git.unkin.net/unkin/bind-operator:v0.1.3
|
||||
args:
|
||||
- --metrics-bind-address=:8080
|
||||
- --health-probe-bind-address=:8081
|
||||
|
||||
@@ -6,6 +6,6 @@ resources:
|
||||
- namespace.yaml
|
||||
# CRDs are pulled from the bind-operator repo at the matching tag rather than
|
||||
# vendored here, so they never drift from the operator.
|
||||
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.1/config/crd/install.yaml
|
||||
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.3/config/crd/install.yaml
|
||||
- rbac.yaml
|
||||
- deployment.yaml
|
||||
|
||||
Reference in New Issue
Block a user