k-space
/
kube
10
1
Fork 1
Code Issues 17 Pull Requests Projects Activity
kube/bind/README.md

1.1 KiB
Raw Blame History

Bind setup

The Bind primary resides outside Kubernetes at 193.40.103.2 and it's internally reachable via 172.20.0.2

Bind secondaries are hosted inside Kubernetes and load balanced behind 62.65.250.2

Ingresses and DNSEndpoints referring to k-space.ee, kspace.ee, k6.ee are picked up automatically by external-dns and updated on primary.

The primary triggers notification events to 172.20.53.{1..3} which are internally exposed IP-s of the secondaries.

Secrets

To configure TSIG secrets:

kubectl create secret generic -n bind bind-readonly-secret \
  --from-file=readonly.key
kubectl create secret generic -n bind bind-readwrite-secret \
  --from-file=readwrite.key
kubectl create secret generic -n bind external-dns
kubectl -n bind delete secret tsig-secret
kubectl -n bind create secret generic tsig-secret \
    --from-literal=TSIG_SECRET=$(cat readwrite.key | grep secret | cut -d '"' -f 2)
kubectl -n cert-manager delete secret tsig-secret
kubectl -n cert-manager create secret generic tsig-secret \
    --from-literal=TSIG_SECRET=$(cat readwrite.key | grep secret | cut -d '"' -f 2)