Consolidate BIND DNS into one bind-internal namespace #225

Merged
benvin merged 2 commits from benvin/bind-internal-reshape into main 2026-07-04 00:35:44 +10:00

2 Commits

Author SHA1 Message Date
unkinben b59ede1a1d Update kubeconform schema for BindTSIGKey clusterRef
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
Regenerates schemas/bind.unkin.net/bindtsigkey_v1alpha1.json from the
operator v0.1.3 CRDs so the new spec.clusterRef field validates.
2026-07-04 00:09:05 +10:00
unkinben b67d873c66 Consolidate BIND DNS into one bind-internal namespace
ci/woodpecker/pr/kubeconform Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful
Reshapes the three DNS tiers from separate ns-* namespaces into a single
bind-internal namespace and renames the StatefulSets, and scopes the TSIG
keys to their cluster (needs the clusterRef field from operator v0.1.3).

- move the 3 clusters + zones + keys into apps/base/bind-internal:
  BindCluster names bind-authoritative / bind-resolvers / bind-externaldns
  (= StatefulSet names), LBs kept on .6/.7/.8, external-dns hostnames renamed
- add clusterRef to the transfer-key (bind-authoritative) and externaldns-key
  (bind-externaldns) TSIG keys so they no longer leak across clusters
- remove the old ns-auth / ns-resolver / ns-externaldns apps
- ApplicationSet + AppProject: replace the three ns-* entries with bind-internal
- bump bind-system operator to v0.1.3 (CRD install link + image) so the CRDs
  understand the new clusterRef field
- operator stays in bind-system (unchanged)
2026-07-03 23:52:36 +10:00