Deploy binddns-externaldns (RFC2136 dynamic cluster) #222

Merged
benvin merged 2 commits from benvin/deploy-binddns-externaldns into main 2026-07-03 23:09:36 +10:00
Owner

Part of the bind rollout split. Merge #219 (bind-operator) first — stacked on it; diff reduces to the binddns-externaldns files once #219 merges.

Why

The external-dns tier (replaces 3x Puppet external-dns servers): an authoritative cluster whose zones accept RFC2136 TSIG updates from external-dns.

Changes

  • apps/base/binddns-externaldns: authoritative BindCluster (3 replicas, LoadBalancer/PureLB), BindTSIGKey for RFC2136, namespace
  • au-syd1 binddns-externaldns overlay

Deploy impact

Creates the binddns-externaldns StatefulSet + LoadBalancer once merged.

Part of the bind rollout split. **Merge #219 (bind-operator) first** — stacked on it; diff reduces to the binddns-externaldns files once #219 merges. ## Why The external-dns tier (replaces 3x Puppet external-dns servers): an authoritative cluster whose zones accept RFC2136 TSIG updates from external-dns. ## Changes - `apps/base/binddns-externaldns`: authoritative `BindCluster` (3 replicas, LoadBalancer/PureLB), `BindTSIGKey` for RFC2136, namespace - au-syd1 `binddns-externaldns` overlay ## Deploy impact Creates the `binddns-externaldns` StatefulSet + LoadBalancer once merged.
unkinben force-pushed benvin/deploy-binddns-externaldns from 4c9553ce14 to 11ba99f4ae 2026-07-03 20:29:21 +10:00 Compare
unkinben added 1 commit 2026-07-03 20:52:29 +10:00
Deploy ns-externaldns BIND cluster
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
50ea9376f1
unkinben force-pushed benvin/deploy-binddns-externaldns from 11ba99f4ae to 50ea9376f1 2026-07-03 20:52:29 +10:00 Compare
unkinben added 1 commit 2026-07-03 21:19:38 +10:00
Add k8s external-dns zones from puppet-prod
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
0f8592cb72
Migrates the two zones the puppet external-dns instances serve
(externaldns::k8s_zones) as dynamic BindZone CRs on the externaldns
cluster, plus a catalog zone so they replicate to the secondaries.

- add apps/base/ns-externaldns/zones.yaml: k8s.syd1.au.unkin.net and
  200.18.198.in-addr.arpa (primary, dynamicUpdate via externaldns-key)
- add a BindCatalogZone so external-dns writes to the primary replicate
benvin merged commit 7c9a697452 into main 2026-07-03 23:09:36 +10:00
benvin deleted branch benvin/deploy-binddns-externaldns 2026-07-03 23:09:36 +10:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/argocd-apps#222