Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Custom Resource Definitions

Bindy extends Kubernetes with these Custom Resource Definitions (CRDs).

Infrastructure CRDs

Bind9Cluster

Represents cluster-level configuration shared across multiple BIND9 instances.

apiVersion: bindy.firestoned.io/v1beta1
kind: Bind9Cluster
metadata:
  name: production-dns
  namespace: dns-system
spec:
  version: "9.18"
  config:
    recursion: false
    allowQuery:
      - "0.0.0.0/0"
    allowTransfer:
      - "10.0.0.0/8"
    dnssec:
      enabled: true
  rndcSecretRefs:
    - name: transfer-key
      algorithm: hmac-sha256
      secret: "base64-encoded-secret"

Learn more: Bind9Cluster concept documentation

Bind9Instance

Represents a BIND9 DNS server instance that references a Bind9Cluster.

apiVersion: bindy.firestoned.io/v1beta1
kind: Bind9Instance
metadata:
  name: primary-dns
  namespace: dns-system
spec:
  clusterRef: production-dns  # References Bind9Cluster
  replicas: 2

Learn more about Bind9Instance

DNS CRDs

DNSZone

Defines a DNS zone with SOA record and references a Bind9Instance.

apiVersion: bindy.firestoned.io/v1beta1
kind: DNSZone
metadata:
  name: example-com
  namespace: dns-system
spec:
  zoneName: example.com
  clusterRef: primary-dns  # References Bind9Instance
  soaRecord:
    primaryNs: ns1.example.com.
    adminEmail: admin.example.com.  # Note: @ replaced with .
    serial: 2024010101
    refresh: 3600
    retry: 600
    expire: 604800
    negativeTtl: 86400
  ttl: 3600

Learn more about DNSZone

DNS Record Types

Bindy supports all common DNS record types:

  • ARecord - IPv4 addresses
  • AAAARecord - IPv6 addresses
  • CNAMERecord - Canonical name aliases
  • MXRecord - Mail exchange
  • TXTRecord - Text records (SPF, DKIM, etc.)
  • NSRecord - Nameserver delegation
  • SRVRecord - Service discovery
  • CAARecord - Certificate authority authorization

Learn more about DNS Records

Resource Hierarchy

The three-tier resource model:

Bind9Cluster (cluster config)
    ↑
    │ referenced by clusterRef
    │
Bind9Instance (instance deployment)
    ↑
    │ referenced by clusterRef
    │
DNSZone (zone definition)
    ↑
    │ discovered by label selectors (recordsFrom)
    │
DNS Records (A, CNAME, MX, etc.)

Records are associated with zones via label selectors defined in DNSZone.spec.recordsFrom. This allows dynamic, declarative association of records with zones based on labels.

Common Fields

All Bindy CRDs share these common fields:

Metadata

metadata:
  name: resource-name
  namespace: dns-system
  labels:
    key: value
  annotations:
    key: value

Status Subresource

status:
  conditions:
    - type: Ready
      status: "True"
      reason: Synchronized
      message: Resource is synchronized
      lastTransitionTime: "2024-01-01T00:00:00Z"
  observedGeneration: 1

API Group and Versions

All Bindy CRDs belong to the bindy.firestoned.io API group:

  • Current version: v1beta1
  • Previous version: v1alpha1 (deprecated)
  • API stability: Beta (backwards-compatible changes only)

Next Steps