fix: allow transfer for external-dns #456

Merged
unkinben merged 1 commits from benvin/allow_axfr_k8s_bind into develop 2026-03-18 20:00:23 +11:00
Owner

external-dns required axfr support to remove old records. add the
capability for the externaldns tsig key.

external-dns required axfr support to remove old records. add the capability for the externaldns tsig key.
unkinben added 1 commit 2026-03-18 15:42:30 +11:00
fix: allow transfer for external-dns
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
0d0182c9ad
external-dns required axfr support to remove old records. add the
capability for the externaldns tsig key.
Author
Owner

apply against master successfully

ben@metabox ~/s/p/puppet-prod> ./deploy.py ausyd1nxvm2127 --noop                                                                                                    benvin/allow_axfr_k8s_bind?
Reading inline script metadata from `./deploy.py`
[2026-03-18 19:59:17] Current branch: benvin/allow_axfr_k8s_bind
[2026-03-18 19:59:17] Restarting puppet-g10k.service on puppetca.query.consul...
[2026-03-18 19:59:18] Running puppet agent on ausyd1nxvm2127 with environment benvin/allow_axfr_k8s_bind...
[2026-03-18 19:59:20] Info: Using environment 'benvin_allow_axfr_k8s_bind'
[2026-03-18 19:59:20] Info: Retrieving pluginfacts
[2026-03-18 19:59:20] Info: Retrieving plugin
[2026-03-18 19:59:21] Info: Loading facts
[2026-03-18 19:59:24] Notice: Requesting catalog from puppetca.query.consul:8140 (198.18.29.239)
[2026-03-18 19:59:27] Notice: Catalog compiled by ausyd1nxvm2097.main.unkin.net
[2026-03-18 19:59:28] Info: Applying configuration version '0d0182c9ad2ea358d40e3a85148cf98e7c0873a4'
[2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[k8s.syd1.au.unkin.net]/File[/etc/named/zones/k8s.syd1.au.unkin.net.conf]/content:
[2026-03-18 19:59:30] --- /etc/named/zones/k8s.syd1.au.unkin.net.conf   2025-11-22 10:08:04.733042443 +1100
[2026-03-18 19:59:30] +++ /tmp/puppet-file20260318-1698412-1qjosiv      2026-03-18 19:59:30.468792776 +1100
[2026-03-18 19:59:30] @@ -12,6 +12,7 @@
[2026-03-18 19:59:30]           key externaldns-key;
[2026-03-18 19:59:30]   };
[2026-03-18 19:59:30]   allow-transfer {
[2026-03-18 19:59:30] +         key externaldns-key;
[2026-03-18 19:59:30]           dns-slaves;
[2026-03-18 19:59:30]   };
[2026-03-18 19:59:30]  };
[2026-03-18 19:59:30] 
[2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[k8s.syd1.au.unkin.net]/File[/etc/named/zones/k8s.syd1.au.unkin.net.conf]/content: current_value '{sha256}13fe8534e8cb1
cb5733c3a53ac7f4038deb5af43654090b711b622ad14961aee', should be '{sha256}083c9393c66aa4583e7c15147161bcecb65535d5de2431e6e50d639598654e6a' (noop)
[2026-03-18 19:59:30] Info: /Stage[main]/Externaldns::Master/Bind::Zone[k8s.syd1.au.unkin.net]/File[/etc/named/zones/k8s.syd1.au.unkin.net.conf]: Scheduling refresh of Service[bind]
[2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[200.18.198.in-addr.arpa]/File[/etc/named/zones/200.18.198.in-addr.arpa.conf]/content:
[2026-03-18 19:59:30] --- /etc/named/zones/200.18.198.in-addr.arpa.conf 2025-11-22 10:08:04.789042689 +1100
[2026-03-18 19:59:30] +++ /tmp/puppet-file20260318-1698412-wwgx7j       2026-03-18 19:59:30.515792847 +1100
[2026-03-18 19:59:30] @@ -12,6 +12,7 @@
[2026-03-18 19:59:30]           key externaldns-key;
[2026-03-18 19:59:30]   };
[2026-03-18 19:59:30]   allow-transfer {
[2026-03-18 19:59:30] +         key externaldns-key;
[2026-03-18 19:59:30]           dns-slaves;
[2026-03-18 19:59:30]   };
[2026-03-18 19:59:30]  };
[2026-03-18 19:59:30] 
[2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[200.18.198.in-addr.arpa]/File[/etc/named/zones/200.18.198.in-addr.arpa.conf]/content: current_value '{sha256}1b0b507ca
72c4b4ab3c1dd0d6e5fa6958ef775d4ae305417bd8a987871970dad', should be '{sha256}31a11e56d7cc3c679bfffbe6dcf9cb4254445ec14cde3d403057dd22f10294e3' (noop)
[2026-03-18 19:59:30] Info: /Stage[main]/Externaldns::Master/Bind::Zone[200.18.198.in-addr.arpa]/File[/etc/named/zones/200.18.198.in-addr.arpa.conf]: Scheduling refresh of Service[bind]
[2026-03-18 19:59:30] Notice: /Stage[main]/Bind/Service[bind]: Would have triggered 'refresh' from 2 events
[2026-03-18 19:59:30] Notice: Class[Bind]: Would have triggered 'refresh' from 1 event
[2026-03-18 19:59:30] Notice: Bind::Zone[k8s.syd1.au.unkin.net]: Would have triggered 'refresh' from 1 event
[2026-03-18 19:59:30] Notice: Bind::Zone[200.18.198.in-addr.arpa]: Would have triggered 'refresh' from 1 event
[2026-03-18 19:59:30] Notice: Class[Externaldns::Master]: Would have triggered 'refresh' from 2 events
[2026-03-18 19:59:30] Notice: Stage[main]: Would have triggered 'refresh' from 2 events
[2026-03-18 19:59:30] Notice: Applied catalog in 2.42 seconds
apply against master successfully ``` ben@metabox ~/s/p/puppet-prod> ./deploy.py ausyd1nxvm2127 --noop benvin/allow_axfr_k8s_bind? Reading inline script metadata from `./deploy.py` [2026-03-18 19:59:17] Current branch: benvin/allow_axfr_k8s_bind [2026-03-18 19:59:17] Restarting puppet-g10k.service on puppetca.query.consul... [2026-03-18 19:59:18] Running puppet agent on ausyd1nxvm2127 with environment benvin/allow_axfr_k8s_bind... [2026-03-18 19:59:20] Info: Using environment 'benvin_allow_axfr_k8s_bind' [2026-03-18 19:59:20] Info: Retrieving pluginfacts [2026-03-18 19:59:20] Info: Retrieving plugin [2026-03-18 19:59:21] Info: Loading facts [2026-03-18 19:59:24] Notice: Requesting catalog from puppetca.query.consul:8140 (198.18.29.239) [2026-03-18 19:59:27] Notice: Catalog compiled by ausyd1nxvm2097.main.unkin.net [2026-03-18 19:59:28] Info: Applying configuration version '0d0182c9ad2ea358d40e3a85148cf98e7c0873a4' [2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[k8s.syd1.au.unkin.net]/File[/etc/named/zones/k8s.syd1.au.unkin.net.conf]/content: [2026-03-18 19:59:30] --- /etc/named/zones/k8s.syd1.au.unkin.net.conf 2025-11-22 10:08:04.733042443 +1100 [2026-03-18 19:59:30] +++ /tmp/puppet-file20260318-1698412-1qjosiv 2026-03-18 19:59:30.468792776 +1100 [2026-03-18 19:59:30] @@ -12,6 +12,7 @@ [2026-03-18 19:59:30] key externaldns-key; [2026-03-18 19:59:30] }; [2026-03-18 19:59:30] allow-transfer { [2026-03-18 19:59:30] + key externaldns-key; [2026-03-18 19:59:30] dns-slaves; [2026-03-18 19:59:30] }; [2026-03-18 19:59:30] }; [2026-03-18 19:59:30] [2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[k8s.syd1.au.unkin.net]/File[/etc/named/zones/k8s.syd1.au.unkin.net.conf]/content: current_value '{sha256}13fe8534e8cb1 cb5733c3a53ac7f4038deb5af43654090b711b622ad14961aee', should be '{sha256}083c9393c66aa4583e7c15147161bcecb65535d5de2431e6e50d639598654e6a' (noop) [2026-03-18 19:59:30] Info: /Stage[main]/Externaldns::Master/Bind::Zone[k8s.syd1.au.unkin.net]/File[/etc/named/zones/k8s.syd1.au.unkin.net.conf]: Scheduling refresh of Service[bind] [2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[200.18.198.in-addr.arpa]/File[/etc/named/zones/200.18.198.in-addr.arpa.conf]/content: [2026-03-18 19:59:30] --- /etc/named/zones/200.18.198.in-addr.arpa.conf 2025-11-22 10:08:04.789042689 +1100 [2026-03-18 19:59:30] +++ /tmp/puppet-file20260318-1698412-wwgx7j 2026-03-18 19:59:30.515792847 +1100 [2026-03-18 19:59:30] @@ -12,6 +12,7 @@ [2026-03-18 19:59:30] key externaldns-key; [2026-03-18 19:59:30] }; [2026-03-18 19:59:30] allow-transfer { [2026-03-18 19:59:30] + key externaldns-key; [2026-03-18 19:59:30] dns-slaves; [2026-03-18 19:59:30] }; [2026-03-18 19:59:30] }; [2026-03-18 19:59:30] [2026-03-18 19:59:30] Notice: /Stage[main]/Externaldns::Master/Bind::Zone[200.18.198.in-addr.arpa]/File[/etc/named/zones/200.18.198.in-addr.arpa.conf]/content: current_value '{sha256}1b0b507ca 72c4b4ab3c1dd0d6e5fa6958ef775d4ae305417bd8a987871970dad', should be '{sha256}31a11e56d7cc3c679bfffbe6dcf9cb4254445ec14cde3d403057dd22f10294e3' (noop) [2026-03-18 19:59:30] Info: /Stage[main]/Externaldns::Master/Bind::Zone[200.18.198.in-addr.arpa]/File[/etc/named/zones/200.18.198.in-addr.arpa.conf]: Scheduling refresh of Service[bind] [2026-03-18 19:59:30] Notice: /Stage[main]/Bind/Service[bind]: Would have triggered 'refresh' from 2 events [2026-03-18 19:59:30] Notice: Class[Bind]: Would have triggered 'refresh' from 1 event [2026-03-18 19:59:30] Notice: Bind::Zone[k8s.syd1.au.unkin.net]: Would have triggered 'refresh' from 1 event [2026-03-18 19:59:30] Notice: Bind::Zone[200.18.198.in-addr.arpa]: Would have triggered 'refresh' from 1 event [2026-03-18 19:59:30] Notice: Class[Externaldns::Master]: Would have triggered 'refresh' from 2 events [2026-03-18 19:59:30] Notice: Stage[main]: Would have triggered 'refresh' from 2 events [2026-03-18 19:59:30] Notice: Applied catalog in 2.42 seconds ```
unkinben merged commit 1d41d07b2d into develop 2026-03-18 20:00:23 +11:00
unkinben deleted branch benvin/allow_axfr_k8s_bind 2026-03-18 20:00:23 +11:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/puppet-prod#456