Consolidate BIND DNS into one bind-internal namespace
ci/woodpecker/pr/kubeconform Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful

Reshapes the three DNS tiers from separate ns-* namespaces into a single
bind-internal namespace and renames the StatefulSets, and scopes the TSIG
keys to their cluster (needs the clusterRef field from operator v0.1.3).

- move the 3 clusters + zones + keys into apps/base/bind-internal:
  BindCluster names bind-authoritative / bind-resolvers / bind-externaldns
  (= StatefulSet names), LBs kept on .6/.7/.8, external-dns hostnames renamed
- add clusterRef to the transfer-key (bind-authoritative) and externaldns-key
  (bind-externaldns) TSIG keys so they no longer leak across clusters
- remove the old ns-auth / ns-resolver / ns-externaldns apps
- ApplicationSet + AppProject: replace the three ns-* entries with bind-internal
- bump bind-system operator to v0.1.3 (CRD install link + image) so the CRDs
  understand the new clusterRef field
- operator stays in bind-system (unchanged)
This commit is contained in:
2026-07-03 23:52:36 +10:00
parent 7c9a697452
commit b67d873c66
20 changed files with 71 additions and 91 deletions
+1 -3
View File
@@ -13,9 +13,7 @@ spec:
- path: apps/overlays/*/authentik
- path: apps/overlays/*/artifactapi
- path: apps/overlays/*/bind-system
- path: apps/overlays/*/ns-auth
- path: apps/overlays/*/ns-resolver
- path: apps/overlays/*/ns-externaldns
- path: apps/overlays/*/bind-internal
- path: apps/overlays/*/age-api
- path: apps/overlays/*/cattle-system
- path: apps/overlays/*/cert-manager
+1 -5
View File
@@ -21,11 +21,7 @@ spec:
server: https://kubernetes.default.svc
- namespace: 'authentik'
server: https://kubernetes.default.svc
- namespace: 'ns-auth'
server: https://kubernetes.default.svc
- namespace: 'ns-resolver'
server: https://kubernetes.default.svc
- namespace: 'ns-externaldns'
- namespace: 'bind-internal'
server: https://kubernetes.default.svc
- namespace: 'cert-manager'
server: https://kubernetes.default.svc