Deploy binddns-auth (authoritative BIND cluster) #220

Merged
benvin merged 2 commits from benvin/deploy-binddns-auth into main 2026-07-03 21:23:26 +10:00
Owner

Part of the bind rollout split. Merge #219 (bind-operator) first — this PR is stacked on it, so its diff will reduce to just the binddns-auth files once #219 merges.

Why

The authoritative masters tier (replaces 3x Puppet authoritative servers): pod-0 primary + 2 secondaries replicating via the catalog zone + AXFR/IXFR.

Changes

  • apps/base/binddns-auth: authoritative BindCluster (3 replicas, LoadBalancer/PureLB), BindCatalogZone, transfer BindTSIGKey, namespace
  • au-syd1 binddns-auth overlay

Deploy impact

Creates the binddns-auth StatefulSet + LoadBalancer once merged.

Part of the bind rollout split. **Merge #219 (bind-operator) first** — this PR is stacked on it, so its diff will reduce to just the binddns-auth files once #219 merges. ## Why The authoritative masters tier (replaces 3x Puppet authoritative servers): pod-0 primary + 2 secondaries replicating via the catalog zone + AXFR/IXFR. ## Changes - `apps/base/binddns-auth`: authoritative `BindCluster` (3 replicas, LoadBalancer/PureLB), `BindCatalogZone`, transfer `BindTSIGKey`, namespace - au-syd1 `binddns-auth` overlay ## Deploy impact Creates the `binddns-auth` StatefulSet + LoadBalancer once merged.
unkinben force-pushed benvin/deploy-binddns-auth from 74e5a95fd4 to 6e3243abd8 2026-07-03 20:25:31 +10:00 Compare
unkinben added 1 commit 2026-07-03 20:52:21 +10:00
Deploy ns-auth BIND cluster
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
3bcb39fe0a
unkinben force-pushed benvin/deploy-binddns-auth from 6e3243abd8 to 3bcb39fe0a 2026-07-03 20:52:21 +10:00 Compare
unkinben added 1 commit 2026-07-03 21:18:04 +10:00
Add authoritative zones from puppet-prod master nameservers
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
e8f68b5e75
Migrates the 18 zones served by the puppet authoritative masters
(profiles::dns::master::zones) as BindZone CRs on the auth cluster:
unkin.net, main.unkin.net, and the 198.18.{13-29}.0/24 reverse zones.

- add apps/base/ns-auth/zones.yaml (type primary, TTL 600); records are
  migrated separately (not stored in puppet, generated via PuppetDB)
benvin merged commit 649ed07ab0 into main 2026-07-03 21:23:26 +10:00
benvin deleted branch benvin/deploy-binddns-auth 2026-07-03 21:23:26 +10:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/argocd-apps#220