Consolidate BIND DNS into one bind-internal namespace #225

Merged
benvin merged 2 commits from benvin/bind-internal-reshape into main 2026-07-04 00:35:44 +10:00
Owner

HOLD until v0.1.3 is tagged/built (operator #4 merged + tagged) — this PR bumps the operator to v0.1.3, whose CRD adds the clusterRef field these keys use.

Why

Put all BIND DNS services in one bind-internal namespace and name the StatefulSets clearly.

Changes

  • 3 clusters consolidated into bind-internal, StatefulSets renamed bind-authoritative / bind-resolvers / bind-externaldns; LBs kept on 198.18.200.6/.7/.8; external-dns hostnames renamed to match
  • clusterRef added to transfer-key (→ bind-authoritative) and externaldns-key (→ bind-externaldns) so keys are scoped per cluster
  • removed the old ns-auth/ns-resolver/ns-externaldns apps; ApplicationSet + AppProject now list bind-internal
  • bumped bind-system operator to v0.1.3 (CRD link + image)
  • operator stays in bind-system

Deploy impact

ArgoCD prunes the old ns-* namespaces (StatefulSets/PVCs — data is only seed SOA+NS, no migrated records yet) and creates the renamed clusters in bind-internal.

Validated

kustomize build → 28 docs (3 BindCluster, 20 BindZone, 2 catalog, 2 keys, ns); kubeconform clean.

**HOLD until v0.1.3 is tagged/built** (operator #4 merged + tagged) — this PR bumps the operator to v0.1.3, whose CRD adds the `clusterRef` field these keys use. ## Why Put all BIND DNS services in one `bind-internal` namespace and name the StatefulSets clearly. ## Changes - 3 clusters consolidated into `bind-internal`, StatefulSets renamed **bind-authoritative** / **bind-resolvers** / **bind-externaldns**; LBs kept on 198.18.200.6/.7/.8; external-dns hostnames renamed to match - `clusterRef` added to `transfer-key` (→ bind-authoritative) and `externaldns-key` (→ bind-externaldns) so keys are scoped per cluster - removed the old `ns-auth`/`ns-resolver`/`ns-externaldns` apps; ApplicationSet + AppProject now list `bind-internal` - bumped `bind-system` operator to **v0.1.3** (CRD link + image) - operator stays in `bind-system` ## Deploy impact ArgoCD prunes the old ns-* namespaces (StatefulSets/PVCs — data is only seed SOA+NS, no migrated records yet) and creates the renamed clusters in bind-internal. ## Validated `kustomize build` → 28 docs (3 BindCluster, 20 BindZone, 2 catalog, 2 keys, ns); kubeconform clean.
unkinben added 1 commit 2026-07-03 23:52:39 +10:00
Consolidate BIND DNS into one bind-internal namespace
ci/woodpecker/pr/kubeconform Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful
b67d873c66
Reshapes the three DNS tiers from separate ns-* namespaces into a single
bind-internal namespace and renames the StatefulSets, and scopes the TSIG
keys to their cluster (needs the clusterRef field from operator v0.1.3).

- move the 3 clusters + zones + keys into apps/base/bind-internal:
  BindCluster names bind-authoritative / bind-resolvers / bind-externaldns
  (= StatefulSet names), LBs kept on .6/.7/.8, external-dns hostnames renamed
- add clusterRef to the transfer-key (bind-authoritative) and externaldns-key
  (bind-externaldns) TSIG keys so they no longer leak across clusters
- remove the old ns-auth / ns-resolver / ns-externaldns apps
- ApplicationSet + AppProject: replace the three ns-* entries with bind-internal
- bump bind-system operator to v0.1.3 (CRD install link + image) so the CRDs
  understand the new clusterRef field
- operator stays in bind-system (unchanged)
unkinben added 1 commit 2026-07-04 00:09:09 +10:00
Update kubeconform schema for BindTSIGKey clusterRef
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
b59ede1a1d
Regenerates schemas/bind.unkin.net/bindtsigkey_v1alpha1.json from the
operator v0.1.3 CRDs so the new spec.clusterRef field validates.
benvin merged commit ce8ebc71ce into main 2026-07-04 00:35:44 +10:00
benvin deleted branch benvin/bind-internal-reshape 2026-07-04 00:35:44 +10:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/argocd-apps#225