32 lines
1.1 KiB
Markdown
32 lines
1.1 KiB
Markdown
|
# Bind setup
|
||
|
|
|
||
|
|
The Bind primary resides outside Kubernetes at `193.40.103.2` and
|
||
|
|
it's internally reachable via `172.20.0.2`
|
||
|
|
|
||
|
|
Bind secondaries are hosted inside Kubernetes and load balanced behind `62.65.250.2`
|
||
|
|
|
||
|
|
Ingresses and DNSEndpoints referring to `k-space.ee`, `kspace.ee`, `k6.ee`
|
||
|
|
are picked up automatically by `external-dns` and updated on primary.
|
||
|
|
|
||
|
|
The primary triggers notification events to `172.20.53.{1..3}`
|
||
|
|
which are internally exposed IP-s of the secondaries.
|
||
|
|
|
||
|
|
# Secrets
|
||
|
|
|
||
|
|
To configure TSIG secrets:
|
||
|
|
|
||
|
|
```
|
||
|
|
kubectl create secret generic -n bind bind-readonly-secret \
|
||
|
|
--from-file=readonly.key
|
||
|
|
kubectl create secret generic -n bind bind-readwrite-secret \
|
||
|
|
--from-file=readwrite.key
|
||
|
|
kubectl create secret generic -n bind external-dns
|
||
|
|
kubectl -n bind delete secret tsig-secret
|
||
|
|
kubectl -n bind create secret generic tsig-secret \
|
||
|
|
--from-literal=TSIG_SECRET=$(cat readwrite.key | grep secret | cut -d '"' -f 2)
|
||
|
|
kubectl -n cert-manager delete secret tsig-secret
|
||
|
|
kubectl -n cert-manager create secret generic tsig-secret \
|
||
|
|
--from-literal=TSIG_SECRET=$(cat readwrite.key | grep secret | cut -d '"' -f 2)
|
||
|
|
```
|
||
|
|
|