1
0
forked from k-space/kube
kube/bind
2023-08-19 23:39:13 +03:00
..
.gitignore Update whole Bind setup 2023-08-19 23:39:13 +03:00
bind-secondary.yaml Update whole Bind setup 2023-08-19 23:39:13 +03:00
external-dns-k6.yaml Update whole Bind setup 2023-08-19 23:39:13 +03:00
external-dns-k-space.yaml Update whole Bind setup 2023-08-19 23:39:13 +03:00
external-dns-kspace.yaml Update whole Bind setup 2023-08-19 23:39:13 +03:00
external-dns.yaml Update whole Bind setup 2023-08-19 23:39:13 +03:00
README.md Update whole Bind setup 2023-08-19 23:39:13 +03:00

Bind setup

The Bind primary resides outside Kubernetes at 193.40.103.2 and it's internally reachable via 172.20.0.2

Bind secondaries are hosted inside Kubernetes and load balanced behind 62.65.250.2

Ingresses and DNSEndpoints referring to k-space.ee, kspace.ee, k6.ee are picked up automatically by external-dns and updated on primary.

The primary triggers notification events to 172.20.53.{1..3} which are internally exposed IP-s of the secondaries.

Secrets

To configure TSIG secrets:

kubectl create secret generic -n bind bind-readonly-secret \
  --from-file=readonly.key
kubectl create secret generic -n bind bind-readwrite-secret \
  --from-file=readwrite.key
kubectl create secret generic -n bind external-dns
kubectl -n bind delete secret tsig-secret
kubectl -n bind create secret generic tsig-secret \
    --from-literal=TSIG_SECRET=$(cat readwrite.key | grep secret | cut -d '"' -f 2)
kubectl -n cert-manager delete secret tsig-secret
kubectl -n cert-manager create secret generic tsig-secret \
    --from-literal=TSIG_SECRET=$(cat readwrite.key | grep secret | cut -d '"' -f 2)