Add primary (write) Services to authoritative + externaldns #229
Reference in New Issue
Block a user
Delete Branch "benvin/wire-primary-service"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Stacked on #228 (needs operator v0.1.5). Merge #228 first; the diff collapses to just this after.
Why
Writes (RFC2136/nsupdate) must go to pod-0 — the round-robin read Service would land them on a secondary (rejected). Adds a dedicated write endpoint per cluster (operator v0.1.5
primaryService).Changes
bind-authoritative: LoadBalancer write endpoint on 198.18.200.9 (bind-authoritative-primary)bind-externaldns: ClusterIP write endpoint (bind-externaldns-primary, for in-cluster writers)Deferred
external-dns is not repointed at
bind-externaldns-primaryyet: it authenticates with the existing TSIG key, which the operator-generated key won't match until the planned Vault-sync + secret-reflection features exist. Until then external-dns keeps writing to the puppet externaldns.Validated
kustomize build + kubeconform (3 BindClusters valid against the v0.1.5 schema).