deployments/bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

key changes
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2025-10-27 17:01:42 +01:00
parent e773bca79d
commit 9cb7aae1b9
5 changed files with 15 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
debug-pod.yaml
View File

@@ -21,13 +21,7 @@ spec:
volumeMounts: volumeMounts:
- name: bind-zones - name: bind-zones
mountPath: /mnt/zones mountPath: /mnt/zones
- name: transfer-key-secret
mountPath: /mnt/keys
readOnly: true
volumes: volumes:
- name: bind-zones - name: bind-zones
persistentVolumeClaim: persistentVolumeClaim:
claimName: bind-hidden-primary-zones claimName: bind-hidden-primary-zones
- name: transfer-key-secret
secret:
secretName: transfer-key

6
deployment/deploy-yml.tmpl
View File

@@ -25,9 +25,6 @@ spec:
volumeMounts: volumeMounts:
- name: bind-zones - name: bind-zones
mountPath: /etc/named/zones mountPath: /etc/named/zones
- name: transfer-key-secret
mountPath: /etc/named/keys
readOnly: true
resources: resources:
requests: requests:
memory: "128Mi" memory: "128Mi"
@@ -49,9 +46,6 @@ spec:
- name: bind-zones - name: bind-zones
persistentVolumeClaim: persistentVolumeClaim:
claimName: bind-hidden-primary-zones claimName: bind-hidden-primary-zones
- name: transfer-key-secret
secret:
secretName: transfer-key
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

12
deployment/deploy.sh
View File

@@ -12,23 +12,11 @@ DEPLOYMENT_DIR=$PWD/deployment
pushd $DEPLOYMENT_DIR > /dev/null pushd $DEPLOYMENT_DIR > /dev/null
if [ ! -f transfer-key.conf ]; then
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output transfer-key.conf transfer-key.conf.asc
fi
kubectl create namespace $NAMESPACE \ kubectl create namespace $NAMESPACE \
--dry-run=client \ --dry-run=client \
-o yaml | \ -o yaml | \
kubectl -f - apply kubectl -f - apply
# Create secret for transfer-key
kubectl create secret generic transfer-key \
--from-file=transfer-key.conf=transfer-key.conf \
--namespace=$NAMESPACE \
--dry-run=client \
-o yaml | \
kubectl apply -f -
cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \ cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \
sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \ sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \

14
named.conf
View File

@@ -28,20 +28,10 @@ options {
193.47.99.3; 193.47.99.3;
}; };
// Default transfer to secondary servers only // Default transfer disabled (zone-specific configuration)
allow-transfer { secondaries; }; allow-transfer { none; };
}; };
// TSIG Key for secure transfers (loaded from separate file)
include "/etc/named/keys/transfer-key.conf";
// ACL for secondary servers (key-based only)
acl "secondaries" {
key transfer-key;
};
// Standard zone settings are defined per zone in zones.conf
// Zone configurations (loaded from separate file) // Zone configurations (loaded from separate file)
include "/etc/named/zones/zones.conf"; include "/etc/named/zones/zones.conf";

12
zones.conf
View File

@@ -1,10 +1,22 @@
// Zone Configurations // Zone Configurations
// This file contains all zone definitions // This file contains all zone definitions
// TSIG Key for whiskeylimahotel.de zone transfers
key "whiskeylimahotel.de.93.241.86.156" {
algorithm hmac-sha256;
secret "REPLACE_WITH_YOUR_BASE64_ENCODED_KEY";
};
// ACL for whiskeylimahotel.de zone transfers
acl "whiskeylimahotel-secondaries" {
key "whiskeylimahotel.de.93.241.86.156";
};
// Primary zones // Primary zones
zone "whiskeylimahotel.de" { zone "whiskeylimahotel.de" {
type primary; type primary;
file "whiskeylimahotel.de.zone"; file "whiskeylimahotel.de.zone";
allow-transfer { "whiskeylimahotel-secondaries"; };
}; };
// Add additional zones here following the same pattern: // Add additional zones here following the same pattern: