--- # Authoritative masters (replaces the 3x Puppet authoritative servers). # pod-0 is the primary; pods 1-2 replicate via the catalog zone + AXFR/IXFR. apiVersion: bind.unkin.net/v1alpha1 kind: BindCluster metadata: name: bind-authoritative namespace: bind-internal spec: mode: authoritative replicas: 3 storageClassName: cephrbd-fast-delete storageSize: 2Gi # Restrict queries to internal networks (puppet acl-main.unkin.net). # 10.42.0.0/16 (pod net) is required so secondaries can SOA-refresh # from the primary during catalog replication. extraOptions: - "allow-query { auth-acl-main; 10.42.0.0/16; }" service: type: LoadBalancer externalTrafficPolicy: Local annotations: purelb.io/service-group: common purelb.io/addresses: 198.18.200.6 external-dns.alpha.kubernetes.io/hostname: bind-authoritative.k8s.syd1.au.unkin.net resources: requests: cpu: 100m memory: 128Mi limits: cpu: "1" memory: 512Mi --- # Catalog zone so new BindZones auto-provision onto the secondaries. apiVersion: bind.unkin.net/v1alpha1 kind: BindCatalogZone metadata: name: bind-authoritative-catalog namespace: bind-internal spec: clusterRef: bind-authoritative zoneName: catalog.internal transferKeyRef: transfer-key