Deploy binddns-auth (authoritative BIND cluster) #220
Reference in New Issue
Block a user
Delete Branch "benvin/deploy-binddns-auth"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Part of the bind rollout split. Merge #219 (bind-operator) first — this PR is stacked on it, so its diff will reduce to just the binddns-auth files once #219 merges.
Why
The authoritative masters tier (replaces 3x Puppet authoritative servers): pod-0 primary + 2 secondaries replicating via the catalog zone + AXFR/IXFR.
Changes
apps/base/binddns-auth: authoritativeBindCluster(3 replicas, LoadBalancer/PureLB),BindCatalogZone, transferBindTSIGKey, namespacebinddns-authoverlayDeploy impact
Creates the
binddns-authStatefulSet + LoadBalancer once merged.74e5a95fd4to6e3243abd86e3243abd8to3bcb39fe0aMigrates the 18 zones served by the puppet authoritative masters (profiles::dns::master::zones) as BindZone CRs on the auth cluster: unkin.net, main.unkin.net, and the 198.18.{13-29}.0/24 reverse zones. - add apps/base/ns-auth/zones.yaml (type primary, TTL 600); records are migrated separately (not stored in puppet, generated via PuppetDB)