diff --git a/apps/base/ns-auth/cluster.yaml b/apps/base/bind-internal/authoritative/cluster.yaml similarity index 76% rename from apps/base/ns-auth/cluster.yaml rename to apps/base/bind-internal/authoritative/cluster.yaml index 0a9b32a..13307d3 100644 --- a/apps/base/ns-auth/cluster.yaml +++ b/apps/base/bind-internal/authoritative/cluster.yaml @@ -4,8 +4,8 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindCluster metadata: - name: auth - namespace: ns-auth + name: bind-authoritative + namespace: bind-internal spec: mode: authoritative replicas: 3 @@ -16,7 +16,7 @@ spec: annotations: purelb.io/service-group: common purelb.io/addresses: 198.18.200.6 - external-dns.alpha.kubernetes.io/hostname: ns-auth.k8s.syd1.au.unkin.net + external-dns.alpha.kubernetes.io/hostname: bind-authoritative.k8s.syd1.au.unkin.net resources: requests: cpu: 100m @@ -29,9 +29,9 @@ spec: apiVersion: bind.unkin.net/v1alpha1 kind: BindCatalogZone metadata: - name: auth-catalog - namespace: ns-auth + name: bind-authoritative-catalog + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: catalog.internal transferKeyRef: transfer-key diff --git a/apps/base/ns-externaldns/kustomization.yaml b/apps/base/bind-internal/authoritative/kustomization.yaml similarity index 87% rename from apps/base/ns-externaldns/kustomization.yaml rename to apps/base/bind-internal/authoritative/kustomization.yaml index b5afd54..d69be1f 100644 --- a/apps/base/ns-externaldns/kustomization.yaml +++ b/apps/base/bind-internal/authoritative/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml - - tsigkey.yaml - cluster.yaml + - tsigkey.yaml - zones.yaml diff --git a/apps/base/ns-auth/tsigkey.yaml b/apps/base/bind-internal/authoritative/tsigkey.yaml similarity index 81% rename from apps/base/ns-auth/tsigkey.yaml rename to apps/base/bind-internal/authoritative/tsigkey.yaml index 8fe5309..dc9b119 100644 --- a/apps/base/ns-auth/tsigkey.yaml +++ b/apps/base/bind-internal/authoritative/tsigkey.yaml @@ -5,6 +5,7 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindTSIGKey metadata: name: transfer-key - namespace: ns-auth + namespace: bind-internal spec: + clusterRef: bind-authoritative algorithm: hmac-sha256 diff --git a/apps/base/ns-auth/zones.yaml b/apps/base/bind-internal/authoritative/zones.yaml similarity index 76% rename from apps/base/ns-auth/zones.yaml rename to apps/base/bind-internal/authoritative/zones.yaml index c738f2c..53b8743 100644 --- a/apps/base/ns-auth/zones.yaml +++ b/apps/base/bind-internal/authoritative/zones.yaml @@ -9,9 +9,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: unkin-net - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: unkin.net type: primary defaultTTL: 600 @@ -20,9 +20,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: main-unkin-net - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: main.unkin.net type: primary defaultTTL: 600 @@ -31,9 +31,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 13-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 13.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -42,9 +42,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 14-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 14.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -53,9 +53,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 15-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 15.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -64,9 +64,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 16-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 16.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -75,9 +75,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 17-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 17.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -86,9 +86,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 19-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 19.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -97,9 +97,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 20-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 20.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -108,9 +108,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 21-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 21.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -119,9 +119,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 22-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 22.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -130,9 +130,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 23-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 23.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -141,9 +141,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 24-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 24.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -152,9 +152,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 25-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 25.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -163,9 +163,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 26-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 26.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -174,9 +174,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 27-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 27.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -185,9 +185,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 28-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 28.18.198.in-addr.arpa type: primary defaultTTL: 600 @@ -196,9 +196,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 29-18-198-in-addr-arpa - namespace: ns-auth + namespace: bind-internal spec: - clusterRef: auth + clusterRef: bind-authoritative zoneName: 29.18.198.in-addr.arpa type: primary defaultTTL: 600 diff --git a/apps/base/ns-externaldns/cluster.yaml b/apps/base/bind-internal/externaldns/cluster.yaml similarity index 80% rename from apps/base/ns-externaldns/cluster.yaml rename to apps/base/bind-internal/externaldns/cluster.yaml index 9bf5f8b..14b0fb5 100644 --- a/apps/base/ns-externaldns/cluster.yaml +++ b/apps/base/bind-internal/externaldns/cluster.yaml @@ -5,8 +5,8 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindCluster metadata: - name: externaldns - namespace: ns-externaldns + name: bind-externaldns + namespace: bind-internal spec: mode: authoritative replicas: 3 @@ -17,7 +17,7 @@ spec: annotations: purelb.io/service-group: common purelb.io/addresses: 198.18.200.8 - external-dns.alpha.kubernetes.io/hostname: ns-externaldns.k8s.syd1.au.unkin.net + external-dns.alpha.kubernetes.io/hostname: bind-externaldns.k8s.syd1.au.unkin.net resources: requests: cpu: 100m @@ -31,9 +31,9 @@ spec: apiVersion: bind.unkin.net/v1alpha1 kind: BindCatalogZone metadata: - name: externaldns-catalog - namespace: ns-externaldns + name: bind-externaldns-catalog + namespace: bind-internal spec: - clusterRef: externaldns + clusterRef: bind-externaldns zoneName: catalog.externaldns.internal transferKeyRef: externaldns-key diff --git a/apps/base/ns-auth/kustomization.yaml b/apps/base/bind-internal/externaldns/kustomization.yaml similarity index 87% rename from apps/base/ns-auth/kustomization.yaml rename to apps/base/bind-internal/externaldns/kustomization.yaml index b5afd54..d69be1f 100644 --- a/apps/base/ns-auth/kustomization.yaml +++ b/apps/base/bind-internal/externaldns/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml - - tsigkey.yaml - cluster.yaml + - tsigkey.yaml - zones.yaml diff --git a/apps/base/ns-externaldns/tsigkey.yaml b/apps/base/bind-internal/externaldns/tsigkey.yaml similarity index 82% rename from apps/base/ns-externaldns/tsigkey.yaml rename to apps/base/bind-internal/externaldns/tsigkey.yaml index 6fc03f8..33ec5ce 100644 --- a/apps/base/ns-externaldns/tsigkey.yaml +++ b/apps/base/bind-internal/externaldns/tsigkey.yaml @@ -5,6 +5,7 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindTSIGKey metadata: name: externaldns-key - namespace: ns-externaldns + namespace: bind-internal spec: + clusterRef: bind-externaldns algorithm: hmac-sha256 diff --git a/apps/base/ns-externaldns/zones.yaml b/apps/base/bind-internal/externaldns/zones.yaml similarity index 87% rename from apps/base/ns-externaldns/zones.yaml rename to apps/base/bind-internal/externaldns/zones.yaml index a0aa2d3..c7eab40 100644 --- a/apps/base/ns-externaldns/zones.yaml +++ b/apps/base/bind-internal/externaldns/zones.yaml @@ -7,9 +7,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: k8s-syd1-au-unkin-net - namespace: ns-externaldns + namespace: bind-internal spec: - clusterRef: externaldns + clusterRef: bind-externaldns zoneName: k8s.syd1.au.unkin.net type: primary defaultTTL: 600 @@ -22,9 +22,9 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindZone metadata: name: 200-18-198-in-addr-arpa - namespace: ns-externaldns + namespace: bind-internal spec: - clusterRef: externaldns + clusterRef: bind-externaldns zoneName: 200.18.198.in-addr.arpa type: primary defaultTTL: 600 diff --git a/apps/overlays/au-syd1/ns-auth/kustomization.yaml b/apps/base/bind-internal/kustomization.yaml similarity index 54% rename from apps/overlays/au-syd1/ns-auth/kustomization.yaml rename to apps/base/bind-internal/kustomization.yaml index e339cb8..3713db0 100644 --- a/apps/overlays/au-syd1/ns-auth/kustomization.yaml +++ b/apps/base/bind-internal/kustomization.yaml @@ -3,4 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../base/ns-auth + - namespace.yaml + - authoritative + - resolvers + - externaldns diff --git a/apps/base/ns-auth/namespace.yaml b/apps/base/bind-internal/namespace.yaml similarity index 67% rename from apps/base/ns-auth/namespace.yaml rename to apps/base/bind-internal/namespace.yaml index 00181bf..c12a29b 100644 --- a/apps/base/ns-auth/namespace.yaml +++ b/apps/base/bind-internal/namespace.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Namespace metadata: - name: ns-auth + name: bind-internal diff --git a/apps/base/ns-resolver/cluster.yaml b/apps/base/bind-internal/resolvers/cluster.yaml similarity index 80% rename from apps/base/ns-resolver/cluster.yaml rename to apps/base/bind-internal/resolvers/cluster.yaml index 3b32cd0..83f9035 100644 --- a/apps/base/ns-resolver/cluster.yaml +++ b/apps/base/bind-internal/resolvers/cluster.yaml @@ -4,8 +4,8 @@ apiVersion: bind.unkin.net/v1alpha1 kind: BindCluster metadata: - name: resolver - namespace: ns-resolver + name: bind-resolvers + namespace: bind-internal spec: mode: resolver replicas: 3 @@ -16,7 +16,7 @@ spec: annotations: purelb.io/service-group: common purelb.io/addresses: 198.18.200.7 - external-dns.alpha.kubernetes.io/hostname: ns-resolver.k8s.syd1.au.unkin.net + external-dns.alpha.kubernetes.io/hostname: bind-resolvers.k8s.syd1.au.unkin.net forwarders: - 1.1.1.1 - 9.9.9.9 diff --git a/apps/base/ns-resolver/kustomization.yaml b/apps/base/bind-internal/resolvers/kustomization.yaml similarity index 83% rename from apps/base/ns-resolver/kustomization.yaml rename to apps/base/bind-internal/resolvers/kustomization.yaml index 4bb26c2..da7cf1f 100644 --- a/apps/base/ns-resolver/kustomization.yaml +++ b/apps/base/bind-internal/resolvers/kustomization.yaml @@ -3,5 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml - cluster.yaml diff --git a/apps/base/bind-system/deployment.yaml b/apps/base/bind-system/deployment.yaml index 7c13a23..e8e5d41 100644 --- a/apps/base/bind-system/deployment.yaml +++ b/apps/base/bind-system/deployment.yaml @@ -21,7 +21,7 @@ spec: runAsNonRoot: true containers: - name: operator - image: git.unkin.net/unkin/bind-operator:v0.1.2 + image: git.unkin.net/unkin/bind-operator:v0.1.3 args: - --metrics-bind-address=:8080 - --health-probe-bind-address=:8081 diff --git a/apps/base/bind-system/kustomization.yaml b/apps/base/bind-system/kustomization.yaml index 332622f..6940615 100644 --- a/apps/base/bind-system/kustomization.yaml +++ b/apps/base/bind-system/kustomization.yaml @@ -6,6 +6,6 @@ resources: - namespace.yaml # CRDs are pulled from the bind-operator repo at the matching tag rather than # vendored here, so they never drift from the operator. - - https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.1/config/crd/install.yaml + - https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.3/config/crd/install.yaml - rbac.yaml - deployment.yaml diff --git a/apps/base/ns-externaldns/namespace.yaml b/apps/base/ns-externaldns/namespace.yaml deleted file mode 100644 index 84587ff..0000000 --- a/apps/base/ns-externaldns/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ns-externaldns diff --git a/apps/base/ns-resolver/namespace.yaml b/apps/base/ns-resolver/namespace.yaml deleted file mode 100644 index 30ad134..0000000 --- a/apps/base/ns-resolver/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ns-resolver diff --git a/apps/overlays/au-syd1/ns-resolver/kustomization.yaml b/apps/overlays/au-syd1/bind-internal/kustomization.yaml similarity index 71% rename from apps/overlays/au-syd1/ns-resolver/kustomization.yaml rename to apps/overlays/au-syd1/bind-internal/kustomization.yaml index 71f958a..21531f9 100644 --- a/apps/overlays/au-syd1/ns-resolver/kustomization.yaml +++ b/apps/overlays/au-syd1/bind-internal/kustomization.yaml @@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../base/ns-resolver + - ../../../base/bind-internal diff --git a/apps/overlays/au-syd1/ns-externaldns/kustomization.yaml b/apps/overlays/au-syd1/ns-externaldns/kustomization.yaml deleted file mode 100644 index 0efb9f9..0000000 --- a/apps/overlays/au-syd1/ns-externaldns/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../../base/ns-externaldns diff --git a/argocd/applicationsets/platform.yaml b/argocd/applicationsets/platform.yaml index dad577c..101655f 100644 --- a/argocd/applicationsets/platform.yaml +++ b/argocd/applicationsets/platform.yaml @@ -13,9 +13,7 @@ spec: - path: apps/overlays/*/authentik - path: apps/overlays/*/artifactapi - path: apps/overlays/*/bind-system - - path: apps/overlays/*/ns-auth - - path: apps/overlays/*/ns-resolver - - path: apps/overlays/*/ns-externaldns + - path: apps/overlays/*/bind-internal - path: apps/overlays/*/age-api - path: apps/overlays/*/cattle-system - path: apps/overlays/*/cert-manager diff --git a/argocd/projects/platform.yaml b/argocd/projects/platform.yaml index 6a76263..05a97d5 100644 --- a/argocd/projects/platform.yaml +++ b/argocd/projects/platform.yaml @@ -21,11 +21,7 @@ spec: server: https://kubernetes.default.svc - namespace: 'authentik' server: https://kubernetes.default.svc - - namespace: 'ns-auth' - server: https://kubernetes.default.svc - - namespace: 'ns-resolver' - server: https://kubernetes.default.svc - - namespace: 'ns-externaldns' + - namespace: 'bind-internal' server: https://kubernetes.default.svc - namespace: 'cert-manager' server: https://kubernetes.default.svc diff --git a/schemas/bind.unkin.net/bindtsigkey_v1alpha1.json b/schemas/bind.unkin.net/bindtsigkey_v1alpha1.json index 1b64e8d..2b3ae33 100644 --- a/schemas/bind.unkin.net/bindtsigkey_v1alpha1.json +++ b/schemas/bind.unkin.net/bindtsigkey_v1alpha1.json @@ -24,6 +24,9 @@ ], "type": "string" }, + "clusterRef": { + "type": "string" + }, "importExisting": { "type": "boolean" },