From c57b115400a7d6a38f92b75c5b670ef4e512f041 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 3 Jul 2026 18:32:46 +1000 Subject: [PATCH] Make external-dns tier authoritative (drop dynamic mode) The dynamic cluster mode was removed from the operator; RFC2136 update capability is a per-zone property, not a cluster role. The external-dns tier is an authoritative cluster whose zones set dynamicUpdate. - switch binddns-externaldns BindCluster to mode authoritative - regenerate bindcluster schema (enum: authoritative, resolver) --- apps/base/binddns-externaldns/cluster.yaml | 7 ++++--- schemas/bind.unkin.net/bindcluster_v1alpha1.json | 3 +-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/base/binddns-externaldns/cluster.yaml b/apps/base/binddns-externaldns/cluster.yaml index 280f5df..bccde08 100644 --- a/apps/base/binddns-externaldns/cluster.yaml +++ b/apps/base/binddns-externaldns/cluster.yaml @@ -1,13 +1,14 @@ --- -# external-dns tier (replaces the 3x Puppet external-dns servers). The primary -# accepts RFC2136 TSIG updates from external-dns; secondaries replicate. +# external-dns tier (replaces the 3x Puppet external-dns servers). An ordinary +# authoritative cluster; external-dns writes to its zones via RFC2136 because +# those BindZones set dynamicUpdate (allow-update { key externaldns-key; }). apiVersion: bind.unkin.net/v1alpha1 kind: BindCluster metadata: name: externaldns namespace: binddns-externaldns spec: - mode: dynamic + mode: authoritative replicas: 3 storageClassName: cephrbd-fast-delete storageSize: 1Gi diff --git a/schemas/bind.unkin.net/bindcluster_v1alpha1.json b/schemas/bind.unkin.net/bindcluster_v1alpha1.json index 9565ab8..1aaa072 100644 --- a/schemas/bind.unkin.net/bindcluster_v1alpha1.json +++ b/schemas/bind.unkin.net/bindcluster_v1alpha1.json @@ -682,8 +682,7 @@ "default": "authoritative", "enum": [ "authoritative", - "resolver", - "dynamic" + "resolver" ], "type": "string" },