This commit is contained in:
@@ -21,13 +21,7 @@ spec:
|
||||
volumeMounts:
|
||||
- name: bind-zones
|
||||
mountPath: /mnt/zones
|
||||
- name: transfer-key-secret
|
||||
mountPath: /mnt/keys
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: bind-zones
|
||||
persistentVolumeClaim:
|
||||
claimName: bind-hidden-primary-zones
|
||||
- name: transfer-key-secret
|
||||
secret:
|
||||
secretName: transfer-key
|
||||
@@ -25,9 +25,6 @@ spec:
|
||||
volumeMounts:
|
||||
- name: bind-zones
|
||||
mountPath: /etc/named/zones
|
||||
- name: transfer-key-secret
|
||||
mountPath: /etc/named/keys
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
@@ -49,9 +46,6 @@ spec:
|
||||
- name: bind-zones
|
||||
persistentVolumeClaim:
|
||||
claimName: bind-hidden-primary-zones
|
||||
- name: transfer-key-secret
|
||||
secret:
|
||||
secretName: transfer-key
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
||||
@@ -12,23 +12,11 @@ DEPLOYMENT_DIR=$PWD/deployment
|
||||
|
||||
pushd $DEPLOYMENT_DIR > /dev/null
|
||||
|
||||
if [ ! -f transfer-key.conf ]; then
|
||||
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output transfer-key.conf transfer-key.conf.asc
|
||||
fi
|
||||
|
||||
kubectl create namespace $NAMESPACE \
|
||||
--dry-run=client \
|
||||
-o yaml | \
|
||||
kubectl -f - apply
|
||||
|
||||
# Create secret for transfer-key
|
||||
kubectl create secret generic transfer-key \
|
||||
--from-file=transfer-key.conf=transfer-key.conf \
|
||||
--namespace=$NAMESPACE \
|
||||
--dry-run=client \
|
||||
-o yaml | \
|
||||
kubectl apply -f -
|
||||
|
||||
|
||||
cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \
|
||||
sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \
|
||||
|
||||
14
named.conf
14
named.conf
@@ -28,20 +28,10 @@ options {
|
||||
193.47.99.3;
|
||||
};
|
||||
|
||||
// Default transfer to secondary servers only
|
||||
allow-transfer { secondaries; };
|
||||
// Default transfer disabled (zone-specific configuration)
|
||||
allow-transfer { none; };
|
||||
};
|
||||
|
||||
// TSIG Key for secure transfers (loaded from separate file)
|
||||
include "/etc/named/keys/transfer-key.conf";
|
||||
|
||||
// ACL for secondary servers (key-based only)
|
||||
acl "secondaries" {
|
||||
key transfer-key;
|
||||
};
|
||||
|
||||
// Standard zone settings are defined per zone in zones.conf
|
||||
|
||||
// Zone configurations (loaded from separate file)
|
||||
include "/etc/named/zones/zones.conf";
|
||||
|
||||
|
||||
12
zones.conf
12
zones.conf
@@ -1,10 +1,22 @@
|
||||
// Zone Configurations
|
||||
// This file contains all zone definitions
|
||||
|
||||
// TSIG Key for whiskeylimahotel.de zone transfers
|
||||
key "whiskeylimahotel.de.93.241.86.156" {
|
||||
algorithm hmac-sha256;
|
||||
secret "REPLACE_WITH_YOUR_BASE64_ENCODED_KEY";
|
||||
};
|
||||
|
||||
// ACL for whiskeylimahotel.de zone transfers
|
||||
acl "whiskeylimahotel-secondaries" {
|
||||
key "whiskeylimahotel.de.93.241.86.156";
|
||||
};
|
||||
|
||||
// Primary zones
|
||||
zone "whiskeylimahotel.de" {
|
||||
type primary;
|
||||
file "whiskeylimahotel.de.zone";
|
||||
allow-transfer { "whiskeylimahotel-secondaries"; };
|
||||
};
|
||||
|
||||
// Add additional zones here following the same pattern:
|
||||
|
||||
Reference in New Issue
Block a user