Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
named_conf_template.yml 2.05 KB
Newer Older
torgiren's avatar
deploy named - closes #178  
torgiren committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75 
apiVersion: exphost.pl/v1
kind: Template
metadata:
  name: named-conf
  namespace: named
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
  templates:
    named.conf: |
      key "cert-manager-key" {
              algorithm hmac-sha256;
              secret "{{ "{{" }} cert_manager_key {{ "}}" }}";
      };
      
      key "external-dns-key" {
              algorithm hmac-sha256;
              secret "{{ "{{" }} external_dns_key {{ "}}" }}";
      };

      key "local-key" {
              algorithm hmac-sha256;
              secret "{{ "{{" }} local_key {{ "}}" }}";
      };
      
      controls {
              inet 127.0.0.1 port 953
                      allow { 127.0.0.1; } keys { "local-key";};
      };
      
      options {
              directory "/var/cache/bind";
              listen-on { any; };
              listen-on-v6 { any; };
              recursion no; 
              allow-recursion {
                      none;
              };
              allow-transfer {
                      key "external-dns-key";
                      key "cert-manager-key";
                      key "local-key";
              };
              allow-update {
                      key "external-dns-key";
                      key "cert-manager-key";
                      key "local-key";
              };
      };
      
      zone "{{ .Values.domain }}." {
              type primary;
              file "/var/lib/bind/db.{{ .Values.domain }}";
      };
    rndc.key: |
      key "rndc-key" {
        algorithm hmac-sha256;
        secret "{{ "{{" }} local_key {{ "}}" }}";
      };

  destination_name: named-conf
  destination_type: Secret
  values:
    - name: cert_manager_key
      source_name: password-cert-manager-key-from-named
      source_type: Secret
      source_key: base64
    - name: external_dns_key
      source_name: password-external-dns-key-from-named
      source_type: Secret
      source_key: base64
    - name: local_key
      source_name: password-local-key-from-named
      source_type: Secret
      source_key: base64