Deploy bind-operator + three BIND DNS tiers #216
@@ -1,145 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: bindacls.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: BindACL
|
||||
listKind: BindACLList
|
||||
plural: bindacls
|
||||
shortNames:
|
||||
- bacl
|
||||
singular: bindacl
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.clusterRef
|
||||
name: Cluster
|
||||
type: string
|
||||
- jsonPath: .spec.entries[*]
|
||||
name: Entries
|
||||
type: integer
|
||||
- jsonPath: .status.ready
|
||||
name: Ready
|
||||
type: boolean
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
BindACL is a named address-match-list referenced by views, zones and
|
||||
policies for match-clients / allow-query / allow-transfer / allow-update.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: BindACLSpec defines a reusable named address_match_list.
|
||||
properties:
|
||||
clusterRef:
|
||||
description: |-
|
||||
ClusterRef names the BindCluster whose named.conf this ACL is rendered
|
||||
into. When empty the ACL is available to every cluster in the namespace.
|
||||
type: string
|
||||
entries:
|
||||
description: |-
|
||||
Entries are raw BIND address-match-list elements, e.g. "10.0.0.0/8",
|
||||
"!192.168.1.5", "key transfer-key", "localhost", "any", or the name of
|
||||
another ACL.
|
||||
items:
|
||||
type: string
|
||||
minItems: 1
|
||||
type: array
|
||||
required:
|
||||
- entries
|
||||
type: object
|
||||
status:
|
||||
description: BindACLStatus reports observed ACL state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
observedGeneration:
|
||||
format: int64
|
||||
type: integer
|
||||
ready:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -1,159 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: bindcatalogzones.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: BindCatalogZone
|
||||
listKind: BindCatalogZoneList
|
||||
plural: bindcatalogzones
|
||||
shortNames:
|
||||
- bcz
|
||||
singular: bindcatalogzone
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.clusterRef
|
||||
name: Cluster
|
||||
type: string
|
||||
- jsonPath: .spec.zoneName
|
||||
name: Zone
|
||||
type: string
|
||||
- jsonPath: .status.memberCount
|
||||
name: Members
|
||||
type: integer
|
||||
- jsonPath: .status.ready
|
||||
name: Ready
|
||||
type: boolean
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: BindCatalogZone auto-provisions member zones onto cluster secondaries.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: |-
|
||||
BindCatalogZoneSpec defines a BIND9 catalog zone. The primary publishes it
|
||||
and secondaries consume it, so member zones are provisioned onto every
|
||||
secondary automatically without per-zone reconfiguration.
|
||||
properties:
|
||||
clusterRef:
|
||||
description: ClusterRef names the owning BindCluster.
|
||||
type: string
|
||||
defaultPrimaries:
|
||||
description: |-
|
||||
DefaultPrimaries are the addresses member zones point at on secondaries.
|
||||
Defaults to the cluster primary Service.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
transferKeyRef:
|
||||
description: |-
|
||||
TransferKeyRef names the BindTSIGKey authenticating catalog + member zone
|
||||
transfers to secondaries.
|
||||
type: string
|
||||
zoneName:
|
||||
description: ZoneName is the catalog zone's own origin, e.g. "catalog.internal".
|
||||
type: string
|
||||
required:
|
||||
- clusterRef
|
||||
- zoneName
|
||||
type: object
|
||||
status:
|
||||
description: BindCatalogZoneStatus reports observed catalog state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
memberCount:
|
||||
description: MemberCount is the number of member zones registered
|
||||
in the catalog.
|
||||
format: int32
|
||||
type: integer
|
||||
observedGeneration:
|
||||
format: int64
|
||||
type: integer
|
||||
ready:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,219 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: binddnssecpolicies.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: BindDNSSECPolicy
|
||||
listKind: BindDNSSECPolicyList
|
||||
plural: binddnssecpolicies
|
||||
shortNames:
|
||||
- bdp
|
||||
singular: binddnssecpolicy
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.clusterRef
|
||||
name: Cluster
|
||||
type: string
|
||||
- jsonPath: .spec.algorithm
|
||||
name: Algorithm
|
||||
type: string
|
||||
- jsonPath: .status.zoneCount
|
||||
name: Zones
|
||||
type: integer
|
||||
- jsonPath: .status.ready
|
||||
name: Ready
|
||||
type: boolean
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: BindDNSSECPolicy is a reusable DNSSEC signing policy.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: |-
|
||||
BindDNSSECPolicySpec mirrors a BIND9 dnssec-policy. Zones referencing it are
|
||||
signed with inline-signing and automated key management.
|
||||
properties:
|
||||
algorithm:
|
||||
default: ecdsap256sha256
|
||||
description: Algorithm for signing. Defaults to ecdsap256sha256.
|
||||
type: string
|
||||
clusterRef:
|
||||
description: ClusterRef names the owning BindCluster.
|
||||
type: string
|
||||
csk:
|
||||
description: CSK, when set, uses a Combined Signing Key instead of
|
||||
split KSK/ZSK.
|
||||
properties:
|
||||
algorithm:
|
||||
description: Algorithm overrides the policy algorithm for this
|
||||
key.
|
||||
type: string
|
||||
keySize:
|
||||
description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA).
|
||||
format: int32
|
||||
type: integer
|
||||
lifetime:
|
||||
description: |-
|
||||
Lifetime is how long the key is used before rollover, e.g. "P30D" or
|
||||
"unlimited". Empty means unlimited.
|
||||
type: string
|
||||
type: object
|
||||
extraOptions:
|
||||
description: ExtraOptions are raw named.conf lines appended inside
|
||||
the policy block.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ksk:
|
||||
description: KSK is the Key Signing Key configuration (ignored when
|
||||
CSK is set).
|
||||
properties:
|
||||
algorithm:
|
||||
description: Algorithm overrides the policy algorithm for this
|
||||
key.
|
||||
type: string
|
||||
keySize:
|
||||
description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA).
|
||||
format: int32
|
||||
type: integer
|
||||
lifetime:
|
||||
description: |-
|
||||
Lifetime is how long the key is used before rollover, e.g. "P30D" or
|
||||
"unlimited". Empty means unlimited.
|
||||
type: string
|
||||
type: object
|
||||
maxZoneTTL:
|
||||
description: MaxZoneTTL, e.g. "P1D".
|
||||
type: string
|
||||
nsec3:
|
||||
description: NSEC3 enables NSEC3 hashing instead of NSEC.
|
||||
type: boolean
|
||||
policyName:
|
||||
description: |-
|
||||
PolicyName is the dnssec-policy name in named.conf. Defaults to the object
|
||||
name.
|
||||
type: string
|
||||
signaturesValidity:
|
||||
description: SignaturesValidity, e.g. "P14D".
|
||||
type: string
|
||||
zsk:
|
||||
description: ZSK is the Zone Signing Key configuration (ignored when
|
||||
CSK is set).
|
||||
properties:
|
||||
algorithm:
|
||||
description: Algorithm overrides the policy algorithm for this
|
||||
key.
|
||||
type: string
|
||||
keySize:
|
||||
description: KeySize in bits for RSA algorithms (ignored for ECDSA/EdDSA).
|
||||
format: int32
|
||||
type: integer
|
||||
lifetime:
|
||||
description: |-
|
||||
Lifetime is how long the key is used before rollover, e.g. "P30D" or
|
||||
"unlimited". Empty means unlimited.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- clusterRef
|
||||
type: object
|
||||
status:
|
||||
description: BindDNSSECPolicyStatus reports observed policy state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
observedGeneration:
|
||||
format: int64
|
||||
type: integer
|
||||
ready:
|
||||
type: boolean
|
||||
zoneCount:
|
||||
description: ZoneCount is the number of zones signed with this policy.
|
||||
format: int32
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -1,203 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: bindpolicies.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: BindPolicy
|
||||
listKind: BindPolicyList
|
||||
plural: bindpolicies
|
||||
shortNames:
|
||||
- bp
|
||||
singular: bindpolicy
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.clusterRef
|
||||
name: Cluster
|
||||
type: string
|
||||
- jsonPath: .spec.zoneName
|
||||
name: Zone
|
||||
type: string
|
||||
- jsonPath: .status.ruleCount
|
||||
name: Rules
|
||||
type: integer
|
||||
- jsonPath: .status.ready
|
||||
name: Ready
|
||||
type: boolean
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: BindPolicy is a Response Policy Zone (RPZ) applied to a cluster.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: |-
|
||||
BindPolicySpec defines a Response Policy Zone (RPZ) — a DNS firewall applied
|
||||
to a resolver cluster.
|
||||
properties:
|
||||
clusterRef:
|
||||
description: ClusterRef names the owning BindCluster (typically a
|
||||
resolver).
|
||||
type: string
|
||||
order:
|
||||
default: 100
|
||||
description: Order controls this policy's position in the response-policy
|
||||
clause.
|
||||
format: int32
|
||||
type: integer
|
||||
primaries:
|
||||
description: |-
|
||||
Primaries lets the RPZ zone be transferred from an external feed instead
|
||||
of being locally populated.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
rules:
|
||||
description: Rules are the inline policy triggers.
|
||||
items:
|
||||
description: RPZRule is a single response-policy rule.
|
||||
properties:
|
||||
action:
|
||||
default: nxdomain
|
||||
description: Action taken when the rule matches.
|
||||
enum:
|
||||
- nxdomain
|
||||
- nodata
|
||||
- passthru
|
||||
- drop
|
||||
- tcp-only
|
||||
- cname
|
||||
type: string
|
||||
match:
|
||||
description: Match is the trigger value, e.g. a domain "bad.example."
|
||||
or CIDR.
|
||||
type: string
|
||||
target:
|
||||
description: Target is the rewrite target when Action is cname.
|
||||
type: string
|
||||
trigger:
|
||||
default: qname
|
||||
description: Trigger selects what the Match is compared against.
|
||||
enum:
|
||||
- qname
|
||||
- client-ip
|
||||
- ip
|
||||
- nsdname
|
||||
- nsip
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
transferKeyRef:
|
||||
description: TransferKeyRef names the BindTSIGKey used to pull from
|
||||
Primaries.
|
||||
type: string
|
||||
viewRef:
|
||||
description: ViewRef optionally scopes the policy to a single view.
|
||||
type: string
|
||||
zoneName:
|
||||
description: ZoneName is the RPZ zone origin, e.g. "rpz.internal".
|
||||
type: string
|
||||
required:
|
||||
- clusterRef
|
||||
- zoneName
|
||||
type: object
|
||||
status:
|
||||
description: BindPolicyStatus reports observed policy state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
observedGeneration:
|
||||
format: int64
|
||||
type: integer
|
||||
ready:
|
||||
type: boolean
|
||||
ruleCount:
|
||||
description: RuleCount is the number of active rules.
|
||||
format: int32
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -1,165 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: bindtsigkeys.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: BindTSIGKey
|
||||
listKind: BindTSIGKeyList
|
||||
plural: bindtsigkeys
|
||||
shortNames:
|
||||
- btk
|
||||
singular: bindtsigkey
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.algorithm
|
||||
name: Algorithm
|
||||
type: string
|
||||
- jsonPath: .status.secretName
|
||||
name: Secret
|
||||
type: string
|
||||
- jsonPath: .status.ready
|
||||
name: Ready
|
||||
type: boolean
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
BindTSIGKey is a TSIG key backing zone transfers, dynamic updates and view
|
||||
matching. The key material lives in a Kubernetes Secret, never in the CR.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: |-
|
||||
BindTSIGKeySpec defines a TSIG key. If no existing key material is imported,
|
||||
the operator generates a random key and stores it in a Secret.
|
||||
properties:
|
||||
algorithm:
|
||||
default: hmac-sha256
|
||||
description: Algorithm is the HMAC algorithm. Defaults to hmac-sha256.
|
||||
enum:
|
||||
- hmac-sha256
|
||||
- hmac-sha512
|
||||
- hmac-sha384
|
||||
- hmac-sha224
|
||||
- hmac-sha1
|
||||
- hmac-md5
|
||||
type: string
|
||||
importExisting:
|
||||
description: |-
|
||||
ImportExisting, when true, means the referenced Secret already contains a
|
||||
`secret` key and the operator will not generate new material.
|
||||
type: boolean
|
||||
keyName:
|
||||
description: |-
|
||||
KeyName is the TSIG key name emitted into named.conf. Defaults to the
|
||||
object name.
|
||||
type: string
|
||||
secretName:
|
||||
description: |-
|
||||
SecretName is the Secret the key material is written to (or read from when
|
||||
ImportExisting is set). Defaults to "<name>-tsig".
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: BindTSIGKeyStatus reports observed TSIG key state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
keyName:
|
||||
description: KeyName as used in named.conf.
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: ObservedGeneration is the last reconciled generation.
|
||||
format: int64
|
||||
type: integer
|
||||
ready:
|
||||
description: Ready is true once the key Secret exists.
|
||||
type: boolean
|
||||
secretName:
|
||||
description: SecretName holds the generated/managed key material.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -1,177 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: bindviews.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: BindView
|
||||
listKind: BindViewList
|
||||
plural: bindviews
|
||||
shortNames:
|
||||
- bv
|
||||
singular: bindview
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.clusterRef
|
||||
name: Cluster
|
||||
type: string
|
||||
- jsonPath: .spec.order
|
||||
name: Order
|
||||
type: integer
|
||||
- jsonPath: .status.zoneCount
|
||||
name: Zones
|
||||
type: integer
|
||||
- jsonPath: .status.ready
|
||||
name: Ready
|
||||
type: boolean
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: BindView is a split-horizon view on a BindCluster.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: |-
|
||||
BindViewSpec defines a split-horizon view. View ordering is significant in
|
||||
BIND; use Order to control the sequence in named.conf.
|
||||
properties:
|
||||
allowQuery:
|
||||
description: AllowQuery is an address-match-list restricting queries
|
||||
into this view.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clusterRef:
|
||||
description: ClusterRef names the owning BindCluster.
|
||||
type: string
|
||||
extraOptions:
|
||||
description: ExtraOptions are raw named.conf lines appended inside
|
||||
the view block.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
matchClients:
|
||||
description: |-
|
||||
MatchClients is an address-match-list (inline entries and/or ACL names)
|
||||
selecting which clients this view answers. Defaults to "any".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
matchDestinations:
|
||||
description: MatchDestinations is an optional destination address-match-list.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
order:
|
||||
default: 100
|
||||
description: |-
|
||||
Order controls the position of this view in named.conf (ascending). The
|
||||
first view whose match-clients matches a query wins.
|
||||
format: int32
|
||||
type: integer
|
||||
recursion:
|
||||
description: Recursion overrides the cluster recursion setting for
|
||||
this view.
|
||||
type: boolean
|
||||
required:
|
||||
- clusterRef
|
||||
type: object
|
||||
status:
|
||||
description: BindViewStatus reports observed view state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
observedGeneration:
|
||||
format: int64
|
||||
type: integer
|
||||
ready:
|
||||
type: boolean
|
||||
zoneCount:
|
||||
description: ZoneCount is the number of zones currently bound to this
|
||||
view.
|
||||
format: int32
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -1,252 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: bindzones.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: BindZone
|
||||
listKind: BindZoneList
|
||||
plural: bindzones
|
||||
shortNames:
|
||||
- bz
|
||||
singular: bindzone
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.zoneName
|
||||
name: Zone
|
||||
type: string
|
||||
- jsonPath: .spec.type
|
||||
name: Type
|
||||
type: string
|
||||
- jsonPath: .spec.clusterRef
|
||||
name: Cluster
|
||||
type: string
|
||||
- jsonPath: .status.serial
|
||||
name: Serial
|
||||
type: integer
|
||||
- jsonPath: .status.phase
|
||||
name: Phase
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: BindZone is a forward or reverse DNS zone.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: BindZoneSpec defines a DNS zone managed on a BindCluster's
|
||||
primary.
|
||||
properties:
|
||||
allowTransfer:
|
||||
description: |-
|
||||
AllowTransfer is an address-match-list (inline entries and/or ACL/key
|
||||
names) permitted to AXFR/IXFR this zone.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
catalog:
|
||||
default: true
|
||||
description: |-
|
||||
Catalog, when true, registers this zone as a member of the cluster's
|
||||
catalog zone so secondaries auto-provision it.
|
||||
type: boolean
|
||||
clusterRef:
|
||||
description: ClusterRef names the owning BindCluster.
|
||||
type: string
|
||||
defaultTTL:
|
||||
default: 3600
|
||||
description: DefaultTTL for records that do not set their own TTL.
|
||||
Defaults to 3600.
|
||||
format: int32
|
||||
type: integer
|
||||
dnssecPolicyRef:
|
||||
description: DNSSECPolicyRef names a BindDNSSECPolicy to sign this
|
||||
zone with.
|
||||
type: string
|
||||
dynamicUpdate:
|
||||
description: |-
|
||||
DynamicUpdate enables RFC2136 updates for this zone (external-dns style).
|
||||
When true, UpdateKeyRef must reference a BindTSIGKey.
|
||||
type: boolean
|
||||
forwarders:
|
||||
description: Forwarders lists upstreams for a forward-type zone.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
primaries:
|
||||
description: Primaries lists source servers for a secondary/stub-type
|
||||
zone.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
records:
|
||||
description: Records are static record sets seeded into a primary
|
||||
zone.
|
||||
items:
|
||||
description: |-
|
||||
Record is a single resource record set seeded into a primary zone via
|
||||
dynamic update (nsupdate). Ongoing changes may also arrive from DNSRecord
|
||||
objects or external RFC2136 clients.
|
||||
properties:
|
||||
name:
|
||||
default: '@'
|
||||
description: |-
|
||||
Name is the owner name, relative to the zone apex or fully qualified.
|
||||
Use "@" for the apex.
|
||||
type: string
|
||||
ttl:
|
||||
description: TTL for the record set in seconds. Falls back to
|
||||
the zone default TTL.
|
||||
format: int32
|
||||
type: integer
|
||||
type:
|
||||
description: Type is the RR type, e.g. A, AAAA, CNAME, MX, TXT,
|
||||
SRV, NS, PTR, CAA.
|
||||
type: string
|
||||
values:
|
||||
description: |-
|
||||
Values are the RDATA entries, e.g. ["10 mail.example.com."] for an MX or
|
||||
["192.0.2.1","192.0.2.2"] for an A round-robin.
|
||||
items:
|
||||
type: string
|
||||
minItems: 1
|
||||
type: array
|
||||
required:
|
||||
- type
|
||||
- values
|
||||
type: object
|
||||
type: array
|
||||
transferKeyRef:
|
||||
description: |-
|
||||
TransferKeyRef names the BindTSIGKey used to authenticate transfers from
|
||||
Primaries for a secondary zone.
|
||||
type: string
|
||||
type:
|
||||
default: primary
|
||||
description: Type is the zone type. Defaults to primary.
|
||||
enum:
|
||||
- primary
|
||||
- secondary
|
||||
- forward
|
||||
- stub
|
||||
type: string
|
||||
updateKeyRef:
|
||||
description: UpdateKeyRef names the BindTSIGKey permitted to send
|
||||
dynamic updates.
|
||||
type: string
|
||||
viewRef:
|
||||
description: ViewRef optionally binds this zone to a BindView.
|
||||
type: string
|
||||
zoneName:
|
||||
description: ZoneName is the DNS origin, e.g. "example.com" or "2.0.192.in-addr.arpa".
|
||||
type: string
|
||||
required:
|
||||
- clusterRef
|
||||
- zoneName
|
||||
type: object
|
||||
status:
|
||||
description: BindZoneStatus reports observed zone state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
observedGeneration:
|
||||
format: int64
|
||||
type: integer
|
||||
phase:
|
||||
description: Phase is a coarse lifecycle summary (Pending/Ready/Error).
|
||||
type: string
|
||||
recordCount:
|
||||
description: RecordCount is the number of managed record sets applied.
|
||||
format: int32
|
||||
type: integer
|
||||
serial:
|
||||
description: Serial is the last observed SOA serial on the primary.
|
||||
format: int64
|
||||
type: integer
|
||||
signed:
|
||||
description: Signed reports whether DNSSEC signing is active.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -1,165 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.17.3
|
||||
name: dnsrecords.bind.unkin.net
|
||||
spec:
|
||||
group: bind.unkin.net
|
||||
names:
|
||||
kind: DNSRecord
|
||||
listKind: DNSRecordList
|
||||
plural: dnsrecords
|
||||
shortNames:
|
||||
- dnsr
|
||||
singular: dnsrecord
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.zoneRef
|
||||
name: Zone
|
||||
type: string
|
||||
- jsonPath: .spec.name
|
||||
name: Name
|
||||
type: string
|
||||
- jsonPath: .spec.type
|
||||
name: Type
|
||||
type: string
|
||||
- jsonPath: .status.phase
|
||||
name: Phase
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: DNSRecord is an individually-managed record set applied to a
|
||||
BindZone.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: |-
|
||||
DNSRecordSpec defines a single record set applied to a zone via TSIG dynamic
|
||||
update (nsupdate) — the external-dns write path expressed as a CRD.
|
||||
properties:
|
||||
name:
|
||||
default: '@'
|
||||
description: Name is the owner name, relative to the zone apex or
|
||||
fully qualified.
|
||||
type: string
|
||||
ttl:
|
||||
description: TTL for the record set in seconds. Falls back to the
|
||||
zone default TTL.
|
||||
format: int32
|
||||
type: integer
|
||||
type:
|
||||
description: Type is the RR type, e.g. A, AAAA, CNAME, TXT, SRV, MX.
|
||||
type: string
|
||||
values:
|
||||
description: Values are the RDATA entries.
|
||||
items:
|
||||
type: string
|
||||
minItems: 1
|
||||
type: array
|
||||
zoneRef:
|
||||
description: |-
|
||||
ZoneRef names the BindZone this record belongs to. The cluster, view and
|
||||
update key are derived from the referenced zone.
|
||||
type: string
|
||||
required:
|
||||
- type
|
||||
- values
|
||||
- zoneRef
|
||||
type: object
|
||||
status:
|
||||
description: DNSRecordStatus reports observed record state.
|
||||
properties:
|
||||
conditions:
|
||||
items:
|
||||
description: Condition contains details for one aspect of the current
|
||||
state of this API Resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: |-
|
||||
lastTransitionTime is the last time the condition transitioned from one status to another.
|
||||
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: |-
|
||||
message is a human readable message indicating details about the transition.
|
||||
This may be an empty string.
|
||||
maxLength: 32768
|
||||
type: string
|
||||
observedGeneration:
|
||||
description: |-
|
||||
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
||||
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
||||
with respect to the current state of the instance.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
reason:
|
||||
description: |-
|
||||
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
||||
Producers of specific condition types may define expected values and meanings for this field,
|
||||
and whether the values are considered a guaranteed API.
|
||||
The value should be a CamelCase string.
|
||||
This field may not be empty.
|
||||
maxLength: 1024
|
||||
minLength: 1
|
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
||||
type: string
|
||||
status:
|
||||
description: status of the condition, one of True, False, Unknown.
|
||||
enum:
|
||||
- "True"
|
||||
- "False"
|
||||
- Unknown
|
||||
type: string
|
||||
type:
|
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
||||
maxLength: 316
|
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
- message
|
||||
- reason
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- type
|
||||
x-kubernetes-list-type: map
|
||||
fqdn:
|
||||
description: FQDN is the fully-qualified owner name that was applied.
|
||||
type: string
|
||||
observedGeneration:
|
||||
format: int64
|
||||
type: integer
|
||||
phase:
|
||||
description: Phase is a coarse lifecycle summary (Pending/Applied/Error).
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -21,7 +21,7 @@ spec:
|
||||
runAsNonRoot: true
|
||||
containers:
|
||||
- name: operator
|
||||
image: git.unkin.net/unkin/bind-operator:v0.1.0
|
||||
image: git.unkin.net/unkin/bind-operator:v0.1.1
|
||||
args:
|
||||
- --metrics-bind-address=:8080
|
||||
- --health-probe-bind-address=:8081
|
||||
|
||||
@@ -4,14 +4,8 @@ kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- crds/bind.unkin.net_bindclusters.yaml
|
||||
- crds/bind.unkin.net_bindzones.yaml
|
||||
- crds/bind.unkin.net_bindviews.yaml
|
||||
- crds/bind.unkin.net_bindtsigkeys.yaml
|
||||
- crds/bind.unkin.net_bindacls.yaml
|
||||
- crds/bind.unkin.net_bindcatalogzones.yaml
|
||||
- crds/bind.unkin.net_bindpolicies.yaml
|
||||
- crds/bind.unkin.net_binddnssecpolicies.yaml
|
||||
- crds/bind.unkin.net_dnsrecords.yaml
|
||||
# CRDs are pulled from the bind-operator repo at the matching tag rather than
|
||||
# vendored here, so they never drift from the operator.
|
||||
- https://git.unkin.net/unkin/bind-operator/raw/tag/v0.1.1/config/crd/install.yaml
|
||||
- rbac.yaml
|
||||
- deployment.yaml
|
||||
|
||||
Reference in New Issue
Block a user