649ed07ab0
Part of the bind rollout split. **Merge #219 (bind-operator) first** — this PR is stacked on it, so its diff will reduce to just the binddns-auth files once #219 merges. ## Why The authoritative masters tier (replaces 3x Puppet authoritative servers): pod-0 primary + 2 secondaries replicating via the catalog zone + AXFR/IXFR. ## Changes - `apps/base/binddns-auth`: authoritative `BindCluster` (3 replicas, LoadBalancer/PureLB), `BindCatalogZone`, transfer `BindTSIGKey`, namespace - au-syd1 `binddns-auth` overlay ## Deploy impact Creates the `binddns-auth` StatefulSet + LoadBalancer once merged. Reviewed-on: #220 Co-authored-by: Ben Vincent <ben@unkin.net> Co-committed-by: Ben Vincent <ben@unkin.net>
11 lines
284 B
YAML
11 lines
284 B
YAML
---
|
|
# Zone-transfer / catalog key. The operator generates the material into a
|
|
# Secret (transfer-key-tsig); nothing sensitive is committed to git.
|
|
apiVersion: bind.unkin.net/v1alpha1
|
|
kind: BindTSIGKey
|
|
metadata:
|
|
name: transfer-key
|
|
namespace: ns-auth
|
|
spec:
|
|
algorithm: hmac-sha256
|