Deploy bind-operator + three BIND DNS tiers #216
Reference in New Issue
Block a user
Delete Branch "benvin/add-bind-operator"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
HOLD — do not merge until the operator image
git.unkin.net/unkin/bind-operator:v0.1.0is published (bind-operator PR #1 merged + taggedv0.1.0). On merge the platform ApplicationSet auto-syncs these apps.Why
Migrates the Puppet-managed BIND estate to Kubernetes: three operator-managed
BindClusters replacing 3x authoritative masters, 3x only-resolvers and 3x external-dns servers.Changes
apps/base/bind-system: the 9 bind.unkin.net CRDs, operator Deployment and RBAC (namespacebind-system, matches the*-systemproject destination)apps/base/binddns-auth: authoritativeBindCluster(3 replicas, pod-0 primary) +BindCatalogZone+ transferBindTSIGKeyapps/base/binddns-resolver: recursive-resolverBindClusterwith forwardersapps/base/binddns-externaldns: dynamic (RFC2136 TSIG)BindCluster+BindTSIGKeyargocd/applicationsets/platform.yamlbinddns-*namespaces toargocd/projects/platform.yamldestinationsschemas/bind.unkin.net/*.jsonso kubeconform validates the new CRsNotes
LoadBalancervia PureLB (auth/resolver oncommon, external-dns ondmz); pin addresses viapurelb.io/addressesif fixed resolver IPs are needed.internetsystemsconsortium/bind9:9.20(docker.io, like kanidm).BindZone/DNSRecordCRs (not part of this infra PR).Validated
kubectl kustomizebuilds all four overlays;kubeconformaccepts every BindCluster/BindTSIGKey/BindCatalogZone against the new schemas; pre-commit (yamllint, no-plain-secrets) passes.Superseded by the 4-PR split: #219 (operator) then #220 (binddns-auth), #221 (binddns-resolver), #222 (binddns-externaldns). Closing.
Pull request closed