Custom Resource Definitions¶

Bindy extends Kubernetes with these Custom Resource Definitions (CRDs).

Infrastructure CRDs¶

Bind9Cluster¶

Represents cluster-level configuration shared across multiple BIND9 instances.

apiVersion: bindy.firestoned.io/v1beta1
kind: Bind9Cluster
metadata:
  name: production-dns
  namespace: dns-system
spec:
  version: "9.18"
  config:
    recursion: false
    allowQuery:
      - "0.0.0.0/0"
    allowTransfer:
      - "10.0.0.0/8"
    dnssec:
      enabled: true
  rndcSecretRefs:
    - name: transfer-key
      algorithm: hmac-sha256
      secret: "base64-encoded-secret"

Learn more: Bind9Cluster concept documentation

Bind9Instance¶

Represents a BIND9 DNS server instance that references a Bind9Cluster.

apiVersion: bindy.firestoned.io/v1beta1
kind: Bind9Instance
metadata:
  name: primary-dns
  namespace: dns-system
spec:
  clusterRef: production-dns  # References Bind9Cluster
  replicas: 2

Learn more about Bind9Instance

DNS CRDs¶

DNSZone¶

Defines a DNS zone with SOA record and references a Bind9Instance.

apiVersion: bindy.firestoned.io/v1beta1
kind: DNSZone
metadata:
  name: example-com
  namespace: dns-system
spec:
  zoneName: example.com
  clusterRef: primary-dns  # References Bind9Instance
  soaRecord:
    primaryNs: ns1.example.com.
    adminEmail: admin.example.com.  # Note: @ replaced with .
    serial: 2024010101
    refresh: 3600
    retry: 600
    expire: 604800
    negativeTtl: 86400
  ttl: 3600

Learn more about DNSZone

DNS Record Types¶

Bindy supports all common DNS record types:

ARecord - IPv4 addresses
AAAARecord - IPv6 addresses
CNAMERecord - Canonical name aliases
MXRecord - Mail exchange
TXTRecord - Text records (SPF, DKIM, etc.)
NSRecord - Nameserver delegation
SRVRecord - Service discovery
CAARecord - Certificate authority authorization

Learn more about DNS Records

Resource Hierarchy¶

The three-tier resource model:

Bind9Cluster (cluster config)
    ↑
    │ referenced by clusterRef
    │
Bind9Instance (instance deployment)
    ↑
    │ referenced by clusterRef
    │
DNSZone (zone definition)
    ↑
    │ discovered by label selectors (recordsFrom)
    │
DNS Records (A, CNAME, MX, etc.)

Records are associated with zones via label selectors defined in DNSZone.spec.recordsFrom. This allows dynamic, declarative association of records with zones based on labels.

Common Fields¶

All Bindy CRDs share these common fields:

Metadata¶

metadata:
  name: resource-name
  namespace: dns-system
  labels:
    key: value
  annotations:
    key: value

Status Subresource¶

status:
  conditions:
    - type: Ready
      status: "True"
      reason: Synchronized
      message: Resource is synchronized
      lastTransitionTime: "2024-01-01T00:00:00Z"
  observedGeneration: 1

API Group and Versions¶

All Bindy CRDs belong to the bindy.firestoned.io API group:

Current version: v1beta1
Previous version: v1alpha1 (deprecated)
API stability: Beta (backwards-compatible changes only)

Next Steps¶

Bind9Instance Details
DNSZone Details
DNS Record Details
Protocol Reference - RNDC and HTTP API protocols
API Reference