Files
argocd-apps/apps/base/bind-internal/authoritative/acls.yaml
T
unkinben 3a840b2d04
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
bind-internal: allow admin workstation + router to query authoritative
Adds two /32 host entries to auth-acl-main so the operator's workstation
(10.10.12.200, over wireguard) and router (198.18.21.160) can query the
bind-authoritative servers. The router's /24 (198.18.21.0/24) is not in the
ACL, so an explicit host entry is required.
2026-07-16 22:51:12 +10:00

30 lines
875 B
YAML

---
# Internal client networks allowed to query the authoritative servers,
# mirrored from the puppet authoritative /etc/named/acls.conf
# (acl-main.unkin.net). Named auth-acl-main because the resolver has its own,
# differently-scoped acl-main.unkin.net in the same namespace.
apiVersion: bind.unkin.net/v1alpha1
kind: BindACL
metadata:
name: auth-acl-main
namespace: bind-internal
spec:
clusterRef: bind-authoritative
entries:
- 198.18.13.0/24
- 198.18.14.0/24
- 198.18.15.0/24
- 198.18.16.0/24
- 198.18.17.0/24
- 198.18.19.0/24
- 198.18.20.0/24
- 198.18.24.0/24
- 198.18.25.0/24
- 198.18.26.0/24
- 198.18.27.0/24
- 198.18.28.0/24
- 198.18.29.0/24
# Admin/management access (individual hosts, not whole subnets)
- 10.10.12.200/32 # benvin workstation (wireguard)
- 198.18.21.160/32 # benvin router