From d11c2900de4dc7e3906ef5bd35d73e8d667a2f44 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 3 Jul 2026 17:48:45 +1000 Subject: [PATCH] Deploy bind-operator and three BIND DNS tiers Adds the bind-operator and the three BindClusters that replace the Puppet-managed BIND estate (authoritative / resolver / external-dns). - add apps/base/bind-system: 9 CRDs, operator Deployment, RBAC (ns bind-system) - add apps/base/binddns-auth: authoritative BindCluster + catalog zone + TSIG key - add apps/base/binddns-resolver: recursive-resolver BindCluster with forwarders - add apps/base/binddns-externaldns: dynamic (RFC2136) BindCluster + TSIG key - add au-syd1 overlays for all four apps - register the four apps in the platform ApplicationSet - add binddns-* namespaces to the platform AppProject destinations - add schemas/bind.unkin.net/*.json so kubeconform validates the new CRs DNS Services are LoadBalancer via PureLB. TSIG key material is generated by the operator into Secrets at runtime (no plain Secrets in git). --- .../crds/bind.unkin.net_bindacls.yaml | 145 ++ .../crds/bind.unkin.net_bindcatalogzones.yaml | 159 +++ .../crds/bind.unkin.net_bindclusters.yaml | 1251 +++++++++++++++++ .../bind.unkin.net_binddnssecpolicies.yaml | 219 +++ .../crds/bind.unkin.net_bindpolicies.yaml | 203 +++ .../crds/bind.unkin.net_bindtsigkeys.yaml | 165 +++ .../crds/bind.unkin.net_bindviews.yaml | 177 +++ .../crds/bind.unkin.net_bindzones.yaml | 252 ++++ .../crds/bind.unkin.net_dnsrecords.yaml | 165 +++ apps/base/bind-system/deployment.yaml | 57 + apps/base/bind-system/kustomization.yaml | 17 + apps/base/bind-system/namespace.yaml | 5 + apps/base/bind-system/rbac.yaml | 46 + apps/base/binddns-auth/cluster.yaml | 36 + apps/base/binddns-auth/kustomization.yaml | 8 + apps/base/binddns-auth/namespace.yaml | 5 + apps/base/binddns-auth/tsigkey.yaml | 10 + apps/base/binddns-externaldns/cluster.yaml | 25 + .../binddns-externaldns/kustomization.yaml | 8 + apps/base/binddns-externaldns/namespace.yaml | 5 + apps/base/binddns-externaldns/tsigkey.yaml | 10 + apps/base/binddns-resolver/cluster.yaml | 28 + apps/base/binddns-resolver/kustomization.yaml | 7 + apps/base/binddns-resolver/namespace.yaml | 5 + .../au-syd1/bind-system/kustomization.yaml | 6 + .../au-syd1/binddns-auth/kustomization.yaml | 6 + .../binddns-externaldns/kustomization.yaml | 6 + .../binddns-resolver/kustomization.yaml | 6 + argocd/applicationsets/platform.yaml | 4 + argocd/projects/platform.yaml | 6 + schemas/bind.unkin.net/bindacl_v1alpha1.json | 96 ++ .../bindcatalogzone_v1alpha1.json | 106 ++ .../bind.unkin.net/bindcluster_v1alpha1.json | 899 ++++++++++++ .../binddnssecpolicy_v1alpha1.json | 160 +++ .../bind.unkin.net/bindpolicy_v1alpha1.json | 154 ++ .../bind.unkin.net/bindtsigkey_v1alpha1.json | 110 ++ schemas/bind.unkin.net/bindview_v1alpha1.json | 125 ++ schemas/bind.unkin.net/bindzone_v1alpha1.json | 186 +++ .../bind.unkin.net/dnsrecord_v1alpha1.json | 112 ++ 39 files changed, 4990 insertions(+) create mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml create mode 100644 apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml create mode 100644 apps/base/bind-system/deployment.yaml create mode 100644 apps/base/bind-system/kustomization.yaml create mode 100644 apps/base/bind-system/namespace.yaml create mode 100644 apps/base/bind-system/rbac.yaml create mode 100644 apps/base/binddns-auth/cluster.yaml create mode 100644 apps/base/binddns-auth/kustomization.yaml create mode 100644 apps/base/binddns-auth/namespace.yaml create mode 100644 apps/base/binddns-auth/tsigkey.yaml create mode 100644 apps/base/binddns-externaldns/cluster.yaml create mode 100644 apps/base/binddns-externaldns/kustomization.yaml create mode 100644 apps/base/binddns-externaldns/namespace.yaml create mode 100644 apps/base/binddns-externaldns/tsigkey.yaml create mode 100644 apps/base/binddns-resolver/cluster.yaml create mode 100644 apps/base/binddns-resolver/kustomization.yaml create mode 100644 apps/base/binddns-resolver/namespace.yaml create mode 100644 apps/overlays/au-syd1/bind-system/kustomization.yaml create mode 100644 apps/overlays/au-syd1/binddns-auth/kustomization.yaml create mode 100644 apps/overlays/au-syd1/binddns-externaldns/kustomization.yaml create mode 100644 apps/overlays/au-syd1/binddns-resolver/kustomization.yaml create mode 100644 schemas/bind.unkin.net/bindacl_v1alpha1.json create mode 100644 schemas/bind.unkin.net/bindcatalogzone_v1alpha1.json create mode 100644 schemas/bind.unkin.net/bindcluster_v1alpha1.json create mode 100644 schemas/bind.unkin.net/binddnssecpolicy_v1alpha1.json create mode 100644 schemas/bind.unkin.net/bindpolicy_v1alpha1.json create mode 100644 schemas/bind.unkin.net/bindtsigkey_v1alpha1.json create mode 100644 schemas/bind.unkin.net/bindview_v1alpha1.json create mode 100644 schemas/bind.unkin.net/bindzone_v1alpha1.json create mode 100644 schemas/bind.unkin.net/dnsrecord_v1alpha1.json diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml new file mode 100644 index 0000000..3cdcb54 --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_bindacls.yaml @@ -0,0 +1,145 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: bindacls.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindACL + listKind: BindACLList + plural: bindacls + shortNames: + - bacl + singular: bindacl + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterRef + name: Cluster + type: string + - jsonPath: .spec.entries[*] + name: Entries + type: integer + - jsonPath: .status.ready + name: Ready + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + BindACL is a named address-match-list referenced by views, zones and + policies for match-clients / allow-query / allow-transfer / allow-update. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BindACLSpec defines a reusable named address_match_list. + properties: + clusterRef: + description: |- + ClusterRef names the BindCluster whose named.conf this ACL is rendered + into. When empty the ACL is available to every cluster in the namespace. + type: string + entries: + description: |- + Entries are raw BIND address-match-list elements, e.g. "10.0.0.0/8", + "!192.168.1.5", "key transfer-key", "localhost", "any", or the name of + another ACL. + items: + type: string + minItems: 1 + type: array + required: + - entries + type: object + status: + description: BindACLStatus reports observed ACL state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + format: int64 + type: integer + ready: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml new file mode 100644 index 0000000..2f90f1c --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_bindcatalogzones.yaml @@ -0,0 +1,159 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: bindcatalogzones.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindCatalogZone + listKind: BindCatalogZoneList + plural: bindcatalogzones + shortNames: + - bcz + singular: bindcatalogzone + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterRef + name: Cluster + type: string + - jsonPath: .spec.zoneName + name: Zone + type: string + - jsonPath: .status.memberCount + name: Members + type: integer + - jsonPath: .status.ready + name: Ready + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: BindCatalogZone auto-provisions member zones onto cluster secondaries. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + BindCatalogZoneSpec defines a BIND9 catalog zone. The primary publishes it + and secondaries consume it, so member zones are provisioned onto every + secondary automatically without per-zone reconfiguration. + properties: + clusterRef: + description: ClusterRef names the owning BindCluster. + type: string + defaultPrimaries: + description: |- + DefaultPrimaries are the addresses member zones point at on secondaries. + Defaults to the cluster primary Service. + items: + type: string + type: array + transferKeyRef: + description: |- + TransferKeyRef names the BindTSIGKey authenticating catalog + member zone + transfers to secondaries. + type: string + zoneName: + description: ZoneName is the catalog zone's own origin, e.g. "catalog.internal". + type: string + required: + - clusterRef + - zoneName + type: object + status: + description: BindCatalogZoneStatus reports observed catalog state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + memberCount: + description: MemberCount is the number of member zones registered + in the catalog. + format: int32 + type: integer + observedGeneration: + format: int64 + type: integer + ready: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml new file mode 100644 index 0000000..4485e70 --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_bindclusters.yaml @@ -0,0 +1,1251 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: bindclusters.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindCluster + listKind: BindClusterList + plural: bindclusters + shortNames: + - bc + singular: bindcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.mode + name: Mode + type: string + - jsonPath: .spec.replicas + name: Desired + type: integer + - jsonPath: .status.readyReplicas + name: Ready + type: integer + - jsonPath: .status.primaryPod + name: Primary + type: string + - jsonPath: .status.phase + name: Phase + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: BindCluster is a managed set of BIND9 servers. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BindClusterSpec defines the desired state of a BIND cluster. + properties: + affinity: + description: Affinity for the BIND pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + allowNewZones: + default: true + description: |- + AllowNewZones enables the rndc addzone/delzone control path required for + dynamic zone provisioning. Defaults to true. + type: boolean + catalogZoneRef: + description: |- + CatalogZoneRef names a BindCatalogZone that secondaries consume so member + zones are auto-provisioned without per-zone reconfiguration. + type: string + extraOptions: + description: ExtraOptions are raw named.conf `options { ... }` lines + appended verbatim. + items: + type: string + type: array + forwarders: + description: |- + Forwarders is a list of upstream resolvers used by resolver mode (and any + forward zones that do not specify their own). + items: + type: string + type: array + image: + default: internetsystemsconsortium/bind9:9.20 + description: Image is the BIND9 container image. Must ship named, + rndc and nsupdate. + type: string + imagePullPolicy: + description: ImagePullPolicy for the BIND container. + type: string + mode: + default: authoritative + description: Mode selects the cluster role. + enum: + - authoritative + - resolver + - dynamic + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector for the BIND pods. + type: object + recursion: + description: |- + Recursion overrides the default per-mode recursion setting. When nil, + resolver mode enables recursion and the other modes disable it. + type: boolean + replicas: + default: 3 + description: |- + Replicas is the number of BIND pods. Ordinal-0 is the primary for the + authoritative and dynamic modes. + format: int32 + minimum: 1 + type: integer + resources: + description: Resources for the BIND container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + service: + description: Service controls how the cluster is exposed. + properties: + annotations: + additionalProperties: + type: string + description: Annotations added to the client-facing Service (e.g. + PureLB/MetalLB hints). + type: object + loadBalancerIP: + description: LoadBalancerIP requests a specific address when Type + is LoadBalancer. + type: string + type: + description: Type of the client-facing Service. Defaults to ClusterIP. + enum: + - ClusterIP + - LoadBalancer + - NodePort + type: string + type: object + storageClassName: + description: StorageClassName for the per-pod PVC that holds zone + data and journals. + type: string + storageSize: + default: 1Gi + description: StorageSize for the per-pod PVC. Defaults to 1Gi. + type: string + tolerations: + description: Tolerations for the BIND pods. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - mode + type: object + status: + description: BindClusterStatus reports observed cluster state. + properties: + conditions: + description: Conditions represent the latest available observations. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + phase: + description: Phase is a coarse lifecycle summary. + type: string + primaryPod: + description: PrimaryPod is the pod that holds authoritative zone data + (ordinal-0). + type: string + primaryService: + description: PrimaryService is the in-cluster DNS name secondaries + transfer from. + type: string + readyReplicas: + description: ReadyReplicas is the number of BIND pods currently ready. + format: int32 + type: integer + replicas: + description: Replicas is the number of BIND pods requested. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml b/apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml new file mode 100644 index 0000000..ba2a775 --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_binddnssecpolicies.yaml @@ -0,0 +1,219 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: binddnssecpolicies.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindDNSSECPolicy + listKind: BindDNSSECPolicyList + plural: binddnssecpolicies + shortNames: + - bdp + singular: binddnssecpolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterRef + name: Cluster + type: string + - jsonPath: .spec.algorithm + name: Algorithm + type: string + - jsonPath: .status.zoneCount + name: Zones + type: integer + - jsonPath: .status.ready + name: Ready + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: BindDNSSECPolicy is a reusable DNSSEC signing policy. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + BindDNSSECPolicySpec mirrors a BIND9 dnssec-policy. Zones referencing it are + signed with inline-signing and automated key management. + properties: + algorithm: + default: ecdsap256sha256 + description: Algorithm for signing. Defaults to ecdsap256sha256. + type: string + clusterRef: + description: ClusterRef names the owning BindCluster. + type: string + csk: + description: CSK, when set, uses a Combined Signing Key instead of + split KSK/ZSK. + properties: + algorithm: + description: Algorithm overrides the policy algorithm for this + key. + type: string + keySize: + description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA). + format: int32 + type: integer + lifetime: + description: |- + Lifetime is how long the key is used before rollover, e.g. "P30D" or + "unlimited". Empty means unlimited. + type: string + type: object + extraOptions: + description: ExtraOptions are raw named.conf lines appended inside + the policy block. + items: + type: string + type: array + ksk: + description: KSK is the Key Signing Key configuration (ignored when + CSK is set). + properties: + algorithm: + description: Algorithm overrides the policy algorithm for this + key. + type: string + keySize: + description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA). + format: int32 + type: integer + lifetime: + description: |- + Lifetime is how long the key is used before rollover, e.g. "P30D" or + "unlimited". Empty means unlimited. + type: string + type: object + maxZoneTTL: + description: MaxZoneTTL, e.g. "P1D". + type: string + nsec3: + description: NSEC3 enables NSEC3 hashing instead of NSEC. + type: boolean + policyName: + description: |- + PolicyName is the dnssec-policy name in named.conf. Defaults to the object + name. + type: string + signaturesValidity: + description: SignaturesValidity, e.g. "P14D". + type: string + zsk: + description: ZSK is the Zone Signing Key configuration (ignored when + CSK is set). + properties: + algorithm: + description: Algorithm overrides the policy algorithm for this + key. + type: string + keySize: + description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA). + format: int32 + type: integer + lifetime: + description: |- + Lifetime is how long the key is used before rollover, e.g. "P30D" or + "unlimited". Empty means unlimited. + type: string + type: object + required: + - clusterRef + type: object + status: + description: BindDNSSECPolicyStatus reports observed policy state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + format: int64 + type: integer + ready: + type: boolean + zoneCount: + description: ZoneCount is the number of zones signed with this policy. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml new file mode 100644 index 0000000..c653031 --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_bindpolicies.yaml @@ -0,0 +1,203 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: bindpolicies.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindPolicy + listKind: BindPolicyList + plural: bindpolicies + shortNames: + - bp + singular: bindpolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterRef + name: Cluster + type: string + - jsonPath: .spec.zoneName + name: Zone + type: string + - jsonPath: .status.ruleCount + name: Rules + type: integer + - jsonPath: .status.ready + name: Ready + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: BindPolicy is a Response Policy Zone (RPZ) applied to a cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + BindPolicySpec defines a Response Policy Zone (RPZ) — a DNS firewall applied + to a resolver cluster. + properties: + clusterRef: + description: ClusterRef names the owning BindCluster (typically a + resolver). + type: string + order: + default: 100 + description: Order controls this policy's position in the response-policy + clause. + format: int32 + type: integer + primaries: + description: |- + Primaries lets the RPZ zone be transferred from an external feed instead + of being locally populated. + items: + type: string + type: array + rules: + description: Rules are the inline policy triggers. + items: + description: RPZRule is a single response-policy rule. + properties: + action: + default: nxdomain + description: Action taken when the rule matches. + enum: + - nxdomain + - nodata + - passthru + - drop + - tcp-only + - cname + type: string + match: + description: Match is the trigger value, e.g. a domain "bad.example." + or CIDR. + type: string + target: + description: Target is the rewrite target when Action is cname. + type: string + trigger: + default: qname + description: Trigger selects what the Match is compared against. + enum: + - qname + - client-ip + - ip + - nsdname + - nsip + type: string + required: + - match + type: object + type: array + transferKeyRef: + description: TransferKeyRef names the BindTSIGKey used to pull from + Primaries. + type: string + viewRef: + description: ViewRef optionally scopes the policy to a single view. + type: string + zoneName: + description: ZoneName is the RPZ zone origin, e.g. "rpz.internal". + type: string + required: + - clusterRef + - zoneName + type: object + status: + description: BindPolicyStatus reports observed policy state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + format: int64 + type: integer + ready: + type: boolean + ruleCount: + description: RuleCount is the number of active rules. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml new file mode 100644 index 0000000..e51cccc --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_bindtsigkeys.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: bindtsigkeys.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindTSIGKey + listKind: BindTSIGKeyList + plural: bindtsigkeys + shortNames: + - btk + singular: bindtsigkey + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.algorithm + name: Algorithm + type: string + - jsonPath: .status.secretName + name: Secret + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + BindTSIGKey is a TSIG key backing zone transfers, dynamic updates and view + matching. The key material lives in a Kubernetes Secret, never in the CR. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + BindTSIGKeySpec defines a TSIG key. If no existing key material is imported, + the operator generates a random key and stores it in a Secret. + properties: + algorithm: + default: hmac-sha256 + description: Algorithm is the HMAC algorithm. Defaults to hmac-sha256. + enum: + - hmac-sha256 + - hmac-sha512 + - hmac-sha384 + - hmac-sha224 + - hmac-sha1 + - hmac-md5 + type: string + importExisting: + description: |- + ImportExisting, when true, means the referenced Secret already contains a + `secret` key and the operator will not generate new material. + type: boolean + keyName: + description: |- + KeyName is the TSIG key name emitted into named.conf. Defaults to the + object name. + type: string + secretName: + description: |- + SecretName is the Secret the key material is written to (or read from when + ImportExisting is set). Defaults to "-tsig". + type: string + type: object + status: + description: BindTSIGKeyStatus reports observed TSIG key state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + keyName: + description: KeyName as used in named.conf. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + ready: + description: Ready is true once the key Secret exists. + type: boolean + secretName: + description: SecretName holds the generated/managed key material. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml new file mode 100644 index 0000000..c607569 --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_bindviews.yaml @@ -0,0 +1,177 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: bindviews.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindView + listKind: BindViewList + plural: bindviews + shortNames: + - bv + singular: bindview + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterRef + name: Cluster + type: string + - jsonPath: .spec.order + name: Order + type: integer + - jsonPath: .status.zoneCount + name: Zones + type: integer + - jsonPath: .status.ready + name: Ready + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: BindView is a split-horizon view on a BindCluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + BindViewSpec defines a split-horizon view. View ordering is significant in + BIND; use Order to control the sequence in named.conf. + properties: + allowQuery: + description: AllowQuery is an address-match-list restricting queries + into this view. + items: + type: string + type: array + clusterRef: + description: ClusterRef names the owning BindCluster. + type: string + extraOptions: + description: ExtraOptions are raw named.conf lines appended inside + the view block. + items: + type: string + type: array + matchClients: + description: |- + MatchClients is an address-match-list (inline entries and/or ACL names) + selecting which clients this view answers. Defaults to "any". + items: + type: string + type: array + matchDestinations: + description: MatchDestinations is an optional destination address-match-list. + items: + type: string + type: array + order: + default: 100 + description: |- + Order controls the position of this view in named.conf (ascending). The + first view whose match-clients matches a query wins. + format: int32 + type: integer + recursion: + description: Recursion overrides the cluster recursion setting for + this view. + type: boolean + required: + - clusterRef + type: object + status: + description: BindViewStatus reports observed view state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + format: int64 + type: integer + ready: + type: boolean + zoneCount: + description: ZoneCount is the number of zones currently bound to this + view. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml b/apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml new file mode 100644 index 0000000..4e9a960 --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_bindzones.yaml @@ -0,0 +1,252 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: bindzones.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: BindZone + listKind: BindZoneList + plural: bindzones + shortNames: + - bz + singular: bindzone + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.zoneName + name: Zone + type: string + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .spec.clusterRef + name: Cluster + type: string + - jsonPath: .status.serial + name: Serial + type: integer + - jsonPath: .status.phase + name: Phase + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: BindZone is a forward or reverse DNS zone. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BindZoneSpec defines a DNS zone managed on a BindCluster's + primary. + properties: + allowTransfer: + description: |- + AllowTransfer is an address-match-list (inline entries and/or ACL/key + names) permitted to AXFR/IXFR this zone. + items: + type: string + type: array + catalog: + default: true + description: |- + Catalog, when true, registers this zone as a member of the cluster's + catalog zone so secondaries auto-provision it. + type: boolean + clusterRef: + description: ClusterRef names the owning BindCluster. + type: string + defaultTTL: + default: 3600 + description: DefaultTTL for records that do not set their own TTL. + Defaults to 3600. + format: int32 + type: integer + dnssecPolicyRef: + description: DNSSECPolicyRef names a BindDNSSECPolicy to sign this + zone with. + type: string + dynamicUpdate: + description: |- + DynamicUpdate enables RFC2136 updates for this zone (external-dns style). + When true, UpdateKeyRef must reference a BindTSIGKey. + type: boolean + forwarders: + description: Forwarders lists upstreams for a forward-type zone. + items: + type: string + type: array + primaries: + description: Primaries lists source servers for a secondary/stub-type + zone. + items: + type: string + type: array + records: + description: Records are static record sets seeded into a primary + zone. + items: + description: |- + Record is a single resource record set seeded into a primary zone via + dynamic update (nsupdate). Ongoing changes may also arrive from DNSRecord + objects or external RFC2136 clients. + properties: + name: + default: '@' + description: |- + Name is the owner name, relative to the zone apex or fully qualified. + Use "@" for the apex. + type: string + ttl: + description: TTL for the record set in seconds. Falls back to + the zone default TTL. + format: int32 + type: integer + type: + description: Type is the RR type, e.g. A, AAAA, CNAME, MX, TXT, + SRV, NS, PTR, CAA. + type: string + values: + description: |- + Values are the RDATA entries, e.g. ["10 mail.example.com."] for an MX or + ["192.0.2.1","192.0.2.2"] for an A round-robin. + items: + type: string + minItems: 1 + type: array + required: + - type + - values + type: object + type: array + transferKeyRef: + description: |- + TransferKeyRef names the BindTSIGKey used to authenticate transfers from + Primaries for a secondary zone. + type: string + type: + default: primary + description: Type is the zone type. Defaults to primary. + enum: + - primary + - secondary + - forward + - stub + type: string + updateKeyRef: + description: UpdateKeyRef names the BindTSIGKey permitted to send + dynamic updates. + type: string + viewRef: + description: ViewRef optionally binds this zone to a BindView. + type: string + zoneName: + description: ZoneName is the DNS origin, e.g. "example.com" or "2.0.192.in-addr.arpa". + type: string + required: + - clusterRef + - zoneName + type: object + status: + description: BindZoneStatus reports observed zone state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + format: int64 + type: integer + phase: + description: Phase is a coarse lifecycle summary (Pending/Ready/Error). + type: string + recordCount: + description: RecordCount is the number of managed record sets applied. + format: int32 + type: integer + serial: + description: Serial is the last observed SOA serial on the primary. + format: int64 + type: integer + signed: + description: Signed reports whether DNSSEC signing is active. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml b/apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml new file mode 100644 index 0000000..18ddaeb --- /dev/null +++ b/apps/base/bind-system/crds/bind.unkin.net_dnsrecords.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: dnsrecords.bind.unkin.net +spec: + group: bind.unkin.net + names: + kind: DNSRecord + listKind: DNSRecordList + plural: dnsrecords + shortNames: + - dnsr + singular: dnsrecord + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.zoneRef + name: Zone + type: string + - jsonPath: .spec.name + name: Name + type: string + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .status.phase + name: Phase + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DNSRecord is an individually-managed record set applied to a + BindZone. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DNSRecordSpec defines a single record set applied to a zone via TSIG dynamic + update (nsupdate) — the external-dns write path expressed as a CRD. + properties: + name: + default: '@' + description: Name is the owner name, relative to the zone apex or + fully qualified. + type: string + ttl: + description: TTL for the record set in seconds. Falls back to the + zone default TTL. + format: int32 + type: integer + type: + description: Type is the RR type, e.g. A, AAAA, CNAME, TXT, SRV, MX. + type: string + values: + description: Values are the RDATA entries. + items: + type: string + minItems: 1 + type: array + zoneRef: + description: |- + ZoneRef names the BindZone this record belongs to. The cluster, view and + update key are derived from the referenced zone. + type: string + required: + - type + - values + - zoneRef + type: object + status: + description: DNSRecordStatus reports observed record state. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + fqdn: + description: FQDN is the fully-qualified owner name that was applied. + type: string + observedGeneration: + format: int64 + type: integer + phase: + description: Phase is a coarse lifecycle summary (Pending/Applied/Error). + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apps/base/bind-system/deployment.yaml b/apps/base/bind-system/deployment.yaml new file mode 100644 index 0000000..4df43e9 --- /dev/null +++ b/apps/base/bind-system/deployment.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bind-operator + namespace: bind-system + labels: + app.kubernetes.io/name: bind-operator +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: bind-operator + template: + metadata: + labels: + app.kubernetes.io/name: bind-operator + spec: + serviceAccountName: bind-operator + securityContext: + runAsNonRoot: true + containers: + - name: operator + image: git.unkin.net/unkin/bind-operator:v0.1.0 + args: + - --metrics-bind-address=:8080 + - --health-probe-bind-address=:8081 + - --leader-elect + ports: + - containerPort: 8080 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: ["ALL"] + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 500m + memory: 256Mi diff --git a/apps/base/bind-system/kustomization.yaml b/apps/base/bind-system/kustomization.yaml new file mode 100644 index 0000000..960ad46 --- /dev/null +++ b/apps/base/bind-system/kustomization.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - crds/bind.unkin.net_bindclusters.yaml + - crds/bind.unkin.net_bindzones.yaml + - crds/bind.unkin.net_bindviews.yaml + - crds/bind.unkin.net_bindtsigkeys.yaml + - crds/bind.unkin.net_bindacls.yaml + - crds/bind.unkin.net_bindcatalogzones.yaml + - crds/bind.unkin.net_bindpolicies.yaml + - crds/bind.unkin.net_binddnssecpolicies.yaml + - crds/bind.unkin.net_dnsrecords.yaml + - rbac.yaml + - deployment.yaml diff --git a/apps/base/bind-system/namespace.yaml b/apps/base/bind-system/namespace.yaml new file mode 100644 index 0000000..f342864 --- /dev/null +++ b/apps/base/bind-system/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bind-system diff --git a/apps/base/bind-system/rbac.yaml b/apps/base/bind-system/rbac.yaml new file mode 100644 index 0000000..628c3ed --- /dev/null +++ b/apps/base/bind-system/rbac.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bind-operator + namespace: bind-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: bind-operator +rules: + - apiGroups: ["bind.unkin.net"] + resources: ["*"] + verbs: ["*"] + - apiGroups: [""] + resources: ["services", "configmaps", "secrets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create", "get"] + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: bind-operator +subjects: + - kind: ServiceAccount + name: bind-operator + namespace: bind-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: bind-operator diff --git a/apps/base/binddns-auth/cluster.yaml b/apps/base/binddns-auth/cluster.yaml new file mode 100644 index 0000000..ffe0280 --- /dev/null +++ b/apps/base/binddns-auth/cluster.yaml @@ -0,0 +1,36 @@ +--- +# Authoritative masters (replaces the 3x Puppet authoritative servers). +# pod-0 is the primary; pods 1-2 replicate via the catalog zone + AXFR/IXFR. +apiVersion: bind.unkin.net/v1alpha1 +kind: BindCluster +metadata: + name: auth + namespace: binddns-auth +spec: + mode: authoritative + replicas: 3 + storageClassName: cephrbd-fast-delete + storageSize: 2Gi + service: + type: LoadBalancer + annotations: + purelb.io/service-group: common + external-dns.alpha.kubernetes.io/hostname: ns-auth.k8s.syd1.au.unkin.net + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "1" + memory: 512Mi +--- +# Catalog zone so new BindZones auto-provision onto the secondaries. +apiVersion: bind.unkin.net/v1alpha1 +kind: BindCatalogZone +metadata: + name: auth-catalog + namespace: binddns-auth +spec: + clusterRef: auth + zoneName: catalog.internal + transferKeyRef: transfer-key diff --git a/apps/base/binddns-auth/kustomization.yaml b/apps/base/binddns-auth/kustomization.yaml new file mode 100644 index 0000000..753cb3f --- /dev/null +++ b/apps/base/binddns-auth/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - tsigkey.yaml + - cluster.yaml diff --git a/apps/base/binddns-auth/namespace.yaml b/apps/base/binddns-auth/namespace.yaml new file mode 100644 index 0000000..e0c7b2d --- /dev/null +++ b/apps/base/binddns-auth/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: binddns-auth diff --git a/apps/base/binddns-auth/tsigkey.yaml b/apps/base/binddns-auth/tsigkey.yaml new file mode 100644 index 0000000..89fe560 --- /dev/null +++ b/apps/base/binddns-auth/tsigkey.yaml @@ -0,0 +1,10 @@ +--- +# Zone-transfer / catalog key. The operator generates the material into a +# Secret (transfer-key-tsig); nothing sensitive is committed to git. +apiVersion: bind.unkin.net/v1alpha1 +kind: BindTSIGKey +metadata: + name: transfer-key + namespace: binddns-auth +spec: + algorithm: hmac-sha256 diff --git a/apps/base/binddns-externaldns/cluster.yaml b/apps/base/binddns-externaldns/cluster.yaml new file mode 100644 index 0000000..280f5df --- /dev/null +++ b/apps/base/binddns-externaldns/cluster.yaml @@ -0,0 +1,25 @@ +--- +# external-dns tier (replaces the 3x Puppet external-dns servers). The primary +# accepts RFC2136 TSIG updates from external-dns; secondaries replicate. +apiVersion: bind.unkin.net/v1alpha1 +kind: BindCluster +metadata: + name: externaldns + namespace: binddns-externaldns +spec: + mode: dynamic + replicas: 3 + storageClassName: cephrbd-fast-delete + storageSize: 1Gi + service: + type: LoadBalancer + annotations: + purelb.io/service-group: dmz + external-dns.alpha.kubernetes.io/hostname: ns-ext.k8s.syd1.au.unkin.net + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "1" + memory: 512Mi diff --git a/apps/base/binddns-externaldns/kustomization.yaml b/apps/base/binddns-externaldns/kustomization.yaml new file mode 100644 index 0000000..753cb3f --- /dev/null +++ b/apps/base/binddns-externaldns/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - tsigkey.yaml + - cluster.yaml diff --git a/apps/base/binddns-externaldns/namespace.yaml b/apps/base/binddns-externaldns/namespace.yaml new file mode 100644 index 0000000..5157ac4 --- /dev/null +++ b/apps/base/binddns-externaldns/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: binddns-externaldns diff --git a/apps/base/binddns-externaldns/tsigkey.yaml b/apps/base/binddns-externaldns/tsigkey.yaml new file mode 100644 index 0000000..8a1b375 --- /dev/null +++ b/apps/base/binddns-externaldns/tsigkey.yaml @@ -0,0 +1,10 @@ +--- +# Key that external-dns (and DNSRecord objects) use to send RFC2136 dynamic +# updates to the primary. The operator generates the material into a Secret. +apiVersion: bind.unkin.net/v1alpha1 +kind: BindTSIGKey +metadata: + name: externaldns-key + namespace: binddns-externaldns +spec: + algorithm: hmac-sha256 diff --git a/apps/base/binddns-resolver/cluster.yaml b/apps/base/binddns-resolver/cluster.yaml new file mode 100644 index 0000000..a0cb345 --- /dev/null +++ b/apps/base/binddns-resolver/cluster.yaml @@ -0,0 +1,28 @@ +--- +# Recursive resolvers (replaces the 3x Puppet only-resolver servers). +# Three identical recursive servers; no zone replication. +apiVersion: bind.unkin.net/v1alpha1 +kind: BindCluster +metadata: + name: resolver + namespace: binddns-resolver +spec: + mode: resolver + replicas: 3 + storageClassName: cephrbd-fast-delete + storageSize: 1Gi + service: + type: LoadBalancer + annotations: + purelb.io/service-group: common + external-dns.alpha.kubernetes.io/hostname: resolver.k8s.syd1.au.unkin.net + forwarders: + - 1.1.1.1 + - 9.9.9.9 + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "1" + memory: 512Mi diff --git a/apps/base/binddns-resolver/kustomization.yaml b/apps/base/binddns-resolver/kustomization.yaml new file mode 100644 index 0000000..4bb26c2 --- /dev/null +++ b/apps/base/binddns-resolver/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - cluster.yaml diff --git a/apps/base/binddns-resolver/namespace.yaml b/apps/base/binddns-resolver/namespace.yaml new file mode 100644 index 0000000..d10b502 --- /dev/null +++ b/apps/base/binddns-resolver/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: binddns-resolver diff --git a/apps/overlays/au-syd1/bind-system/kustomization.yaml b/apps/overlays/au-syd1/bind-system/kustomization.yaml new file mode 100644 index 0000000..1737624 --- /dev/null +++ b/apps/overlays/au-syd1/bind-system/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/bind-system diff --git a/apps/overlays/au-syd1/binddns-auth/kustomization.yaml b/apps/overlays/au-syd1/binddns-auth/kustomization.yaml new file mode 100644 index 0000000..9ef4b94 --- /dev/null +++ b/apps/overlays/au-syd1/binddns-auth/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/binddns-auth diff --git a/apps/overlays/au-syd1/binddns-externaldns/kustomization.yaml b/apps/overlays/au-syd1/binddns-externaldns/kustomization.yaml new file mode 100644 index 0000000..a3098b0 --- /dev/null +++ b/apps/overlays/au-syd1/binddns-externaldns/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/binddns-externaldns diff --git a/apps/overlays/au-syd1/binddns-resolver/kustomization.yaml b/apps/overlays/au-syd1/binddns-resolver/kustomization.yaml new file mode 100644 index 0000000..d57c83d --- /dev/null +++ b/apps/overlays/au-syd1/binddns-resolver/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/binddns-resolver diff --git a/argocd/applicationsets/platform.yaml b/argocd/applicationsets/platform.yaml index 1a3bb85..9595164 100644 --- a/argocd/applicationsets/platform.yaml +++ b/argocd/applicationsets/platform.yaml @@ -12,6 +12,10 @@ spec: directories: - path: apps/overlays/*/authentik - path: apps/overlays/*/artifactapi + - path: apps/overlays/*/bind-system + - path: apps/overlays/*/binddns-auth + - path: apps/overlays/*/binddns-resolver + - path: apps/overlays/*/binddns-externaldns - path: apps/overlays/*/age-api - path: apps/overlays/*/cattle-system - path: apps/overlays/*/cert-manager diff --git a/argocd/projects/platform.yaml b/argocd/projects/platform.yaml index 6e21f68..4553acc 100644 --- a/argocd/projects/platform.yaml +++ b/argocd/projects/platform.yaml @@ -21,6 +21,12 @@ spec: server: https://kubernetes.default.svc - namespace: 'authentik' server: https://kubernetes.default.svc + - namespace: 'binddns-auth' + server: https://kubernetes.default.svc + - namespace: 'binddns-resolver' + server: https://kubernetes.default.svc + - namespace: 'binddns-externaldns' + server: https://kubernetes.default.svc - namespace: 'cert-manager' server: https://kubernetes.default.svc - namespace: 'certificates' diff --git a/schemas/bind.unkin.net/bindacl_v1alpha1.json b/schemas/bind.unkin.net/bindacl_v1alpha1.json new file mode 100644 index 0000000..91579a9 --- /dev/null +++ b/schemas/bind.unkin.net/bindacl_v1alpha1.json @@ -0,0 +1,96 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterRef": { + "type": "string" + }, + "entries": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "entries" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "ready": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/bindcatalogzone_v1alpha1.json b/schemas/bind.unkin.net/bindcatalogzone_v1alpha1.json new file mode 100644 index 0000000..d3f06b9 --- /dev/null +++ b/schemas/bind.unkin.net/bindcatalogzone_v1alpha1.json @@ -0,0 +1,106 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterRef": { + "type": "string" + }, + "defaultPrimaries": { + "items": { + "type": "string" + }, + "type": "array" + }, + "transferKeyRef": { + "type": "string" + }, + "zoneName": { + "type": "string" + } + }, + "required": [ + "clusterRef", + "zoneName" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "memberCount": { + "format": "int32", + "type": "integer" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "ready": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/bindcluster_v1alpha1.json b/schemas/bind.unkin.net/bindcluster_v1alpha1.json new file mode 100644 index 0000000..9565ab8 --- /dev/null +++ b/schemas/bind.unkin.net/bindcluster_v1alpha1.json @@ -0,0 +1,899 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "allowNewZones": { + "default": true, + "type": "boolean" + }, + "catalogZoneRef": { + "type": "string" + }, + "extraOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forwarders": { + "items": { + "type": "string" + }, + "type": "array" + }, + "image": { + "default": "internetsystemsconsortium/bind9:9.20", + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "mode": { + "default": "authoritative", + "enum": [ + "authoritative", + "resolver", + "dynamic" + ], + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "recursion": { + "type": "boolean" + }, + "replicas": { + "default": 3, + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "loadBalancerIP": { + "type": "string" + }, + "type": { + "enum": [ + "ClusterIP", + "LoadBalancer", + "NodePort" + ], + "type": "string" + } + }, + "type": "object" + }, + "storageClassName": { + "type": "string" + }, + "storageSize": { + "default": "1Gi", + "type": "string" + }, + "tolerations": { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "phase": { + "type": "string" + }, + "primaryPod": { + "type": "string" + }, + "primaryService": { + "type": "string" + }, + "readyReplicas": { + "format": "int32", + "type": "integer" + }, + "replicas": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/binddnssecpolicy_v1alpha1.json b/schemas/bind.unkin.net/binddnssecpolicy_v1alpha1.json new file mode 100644 index 0000000..8a31fd8 --- /dev/null +++ b/schemas/bind.unkin.net/binddnssecpolicy_v1alpha1.json @@ -0,0 +1,160 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "algorithm": { + "default": "ecdsap256sha256", + "type": "string" + }, + "clusterRef": { + "type": "string" + }, + "csk": { + "properties": { + "algorithm": { + "type": "string" + }, + "keySize": { + "format": "int32", + "type": "integer" + }, + "lifetime": { + "type": "string" + } + }, + "type": "object" + }, + "extraOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ksk": { + "properties": { + "algorithm": { + "type": "string" + }, + "keySize": { + "format": "int32", + "type": "integer" + }, + "lifetime": { + "type": "string" + } + }, + "type": "object" + }, + "maxZoneTTL": { + "type": "string" + }, + "nsec3": { + "type": "boolean" + }, + "policyName": { + "type": "string" + }, + "signaturesValidity": { + "type": "string" + }, + "zsk": { + "properties": { + "algorithm": { + "type": "string" + }, + "keySize": { + "format": "int32", + "type": "integer" + }, + "lifetime": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "clusterRef" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "ready": { + "type": "boolean" + }, + "zoneCount": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/bindpolicy_v1alpha1.json b/schemas/bind.unkin.net/bindpolicy_v1alpha1.json new file mode 100644 index 0000000..947d200 --- /dev/null +++ b/schemas/bind.unkin.net/bindpolicy_v1alpha1.json @@ -0,0 +1,154 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterRef": { + "type": "string" + }, + "order": { + "default": 100, + "format": "int32", + "type": "integer" + }, + "primaries": { + "items": { + "type": "string" + }, + "type": "array" + }, + "rules": { + "items": { + "properties": { + "action": { + "default": "nxdomain", + "enum": [ + "nxdomain", + "nodata", + "passthru", + "drop", + "tcp-only", + "cname" + ], + "type": "string" + }, + "match": { + "type": "string" + }, + "target": { + "type": "string" + }, + "trigger": { + "default": "qname", + "enum": [ + "qname", + "client-ip", + "ip", + "nsdname", + "nsip" + ], + "type": "string" + } + }, + "required": [ + "match" + ], + "type": "object" + }, + "type": "array" + }, + "transferKeyRef": { + "type": "string" + }, + "viewRef": { + "type": "string" + }, + "zoneName": { + "type": "string" + } + }, + "required": [ + "clusterRef", + "zoneName" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "ready": { + "type": "boolean" + }, + "ruleCount": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/bindtsigkey_v1alpha1.json b/schemas/bind.unkin.net/bindtsigkey_v1alpha1.json new file mode 100644 index 0000000..1b64e8d --- /dev/null +++ b/schemas/bind.unkin.net/bindtsigkey_v1alpha1.json @@ -0,0 +1,110 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "algorithm": { + "default": "hmac-sha256", + "enum": [ + "hmac-sha256", + "hmac-sha512", + "hmac-sha384", + "hmac-sha224", + "hmac-sha1", + "hmac-md5" + ], + "type": "string" + }, + "importExisting": { + "type": "boolean" + }, + "keyName": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "keyName": { + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "ready": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/bindview_v1alpha1.json b/schemas/bind.unkin.net/bindview_v1alpha1.json new file mode 100644 index 0000000..b3749d6 --- /dev/null +++ b/schemas/bind.unkin.net/bindview_v1alpha1.json @@ -0,0 +1,125 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "allowQuery": { + "items": { + "type": "string" + }, + "type": "array" + }, + "clusterRef": { + "type": "string" + }, + "extraOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "matchClients": { + "items": { + "type": "string" + }, + "type": "array" + }, + "matchDestinations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "order": { + "default": 100, + "format": "int32", + "type": "integer" + }, + "recursion": { + "type": "boolean" + } + }, + "required": [ + "clusterRef" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "ready": { + "type": "boolean" + }, + "zoneCount": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/bindzone_v1alpha1.json b/schemas/bind.unkin.net/bindzone_v1alpha1.json new file mode 100644 index 0000000..8d51423 --- /dev/null +++ b/schemas/bind.unkin.net/bindzone_v1alpha1.json @@ -0,0 +1,186 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "allowTransfer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "catalog": { + "default": true, + "type": "boolean" + }, + "clusterRef": { + "type": "string" + }, + "defaultTTL": { + "default": 3600, + "format": "int32", + "type": "integer" + }, + "dnssecPolicyRef": { + "type": "string" + }, + "dynamicUpdate": { + "type": "boolean" + }, + "forwarders": { + "items": { + "type": "string" + }, + "type": "array" + }, + "primaries": { + "items": { + "type": "string" + }, + "type": "array" + }, + "records": { + "items": { + "properties": { + "name": { + "default": "@", + "type": "string" + }, + "ttl": { + "format": "int32", + "type": "integer" + }, + "type": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "type", + "values" + ], + "type": "object" + }, + "type": "array" + }, + "transferKeyRef": { + "type": "string" + }, + "type": { + "default": "primary", + "enum": [ + "primary", + "secondary", + "forward", + "stub" + ], + "type": "string" + }, + "updateKeyRef": { + "type": "string" + }, + "viewRef": { + "type": "string" + }, + "zoneName": { + "type": "string" + } + }, + "required": [ + "clusterRef", + "zoneName" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "phase": { + "type": "string" + }, + "recordCount": { + "format": "int32", + "type": "integer" + }, + "serial": { + "format": "int64", + "type": "integer" + }, + "signed": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/schemas/bind.unkin.net/dnsrecord_v1alpha1.json b/schemas/bind.unkin.net/dnsrecord_v1alpha1.json new file mode 100644 index 0000000..7854afb --- /dev/null +++ b/schemas/bind.unkin.net/dnsrecord_v1alpha1.json @@ -0,0 +1,112 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "name": { + "default": "@", + "type": "string" + }, + "ttl": { + "format": "int32", + "type": "integer" + }, + "type": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "zoneRef": { + "type": "string" + } + }, + "required": [ + "type", + "values", + "zoneRef" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "fqdn": { + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "phase": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" +}