Commit Graph

3 Commits

Author SHA1 Message Date
unkinben b67d873c66 Consolidate BIND DNS into one bind-internal namespace
ci/woodpecker/pr/kubeconform Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful
Reshapes the three DNS tiers from separate ns-* namespaces into a single
bind-internal namespace and renames the StatefulSets, and scopes the TSIG
keys to their cluster (needs the clusterRef field from operator v0.1.3).

- move the 3 clusters + zones + keys into apps/base/bind-internal:
  BindCluster names bind-authoritative / bind-resolvers / bind-externaldns
  (= StatefulSet names), LBs kept on .6/.7/.8, external-dns hostnames renamed
- add clusterRef to the transfer-key (bind-authoritative) and externaldns-key
  (bind-externaldns) TSIG keys so they no longer leak across clusters
- remove the old ns-auth / ns-resolver / ns-externaldns apps
- ApplicationSet + AppProject: replace the three ns-* entries with bind-internal
- bump bind-system operator to v0.1.3 (CRD install link + image) so the CRDs
  understand the new clusterRef field
- operator stays in bind-system (unchanged)
2026-07-03 23:52:36 +10:00
unkinben de123af1b1 Bump bind-operator image to v0.1.2 (#224)
**HOLD until v0.1.2 is tagged/built** (bind-operator #3 merged + tagged).

Picks up the zone-provisioning fix (seed glue A record + IP-based primaries + Pod watch) so the clusters stop failing to load their zones.

- `apps/base/bind-system/deployment.yaml`: image v0.1.1 -> v0.1.2

Reviewed-on: #224
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 23:03:37 +10:00
unkinben 4b8f9313c8 Deploy bind-operator (operator + CRDs) (#219)
First of a 4-PR split of the bind rollout (was #216). Deploys just the operator control plane so it can be verified before any DNS clusters exist.

## Why
Roll out incrementally: operator + CRDs first, then each BIND tier as its own PR.

## Changes
- `apps/base/bind-system`: operator Deployment (`git.unkin.net/unkin/bind-operator:v0.1.1`), RBAC, namespace; CRDs pulled from the operator repo by raw URL (`config/crd/install.yaml` @ v0.1.1)
- au-syd1 `bind-system` overlay
- register all four bind apps in `argocd/applicationsets/platform.yaml` (DNS overlays instantiate only when their dirs land in the follow-up PRs)
- add `binddns-*` namespaces to `argocd/projects/platform.yaml`
- add `schemas/bind.unkin.net/*.json` for kubeconform

## Deploy impact
Operator pod + CRDs only. No DNS services yet — the operator is idle until BindClusters exist.

## Follow-ups (merge after this)
binddns-auth, binddns-resolver, binddns-externaldns — one PR each.

Reviewed-on: #219
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 20:04:57 +10:00