Files
argocd-apps/apps/base/ns-auth/tsigkey.yaml
T
unkinben 649ed07ab0 Deploy binddns-auth (authoritative BIND cluster) (#220)
Part of the bind rollout split. **Merge #219 (bind-operator) first** — this PR is stacked on it, so its diff will reduce to just the binddns-auth files once #219 merges.

## Why
The authoritative masters tier (replaces 3x Puppet authoritative servers): pod-0 primary + 2 secondaries replicating via the catalog zone + AXFR/IXFR.

## Changes
- `apps/base/binddns-auth`: authoritative `BindCluster` (3 replicas, LoadBalancer/PureLB), `BindCatalogZone`, transfer `BindTSIGKey`, namespace
- au-syd1 `binddns-auth` overlay

## Deploy impact
Creates the `binddns-auth` StatefulSet + LoadBalancer once merged.

Reviewed-on: #220
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
2026-07-03 21:23:25 +10:00

11 lines
284 B
YAML

---
# Zone-transfer / catalog key. The operator generates the material into a
# Secret (transfer-key-tsig); nothing sensitive is committed to git.
apiVersion: bind.unkin.net/v1alpha1
kind: BindTSIGKey
metadata:
name: transfer-key
namespace: ns-auth
spec:
algorithm: hmac-sha256