Deploying the Operator¶

The Bindy operator watches for DNS resources and manages BIND9 configurations.

Prerequisites¶

Before deploying the operator:

CRDs must be installed
RBAC must be configured
Namespace must exist (dns-system recommended)

Installation¶

Create Namespace¶

kubectl create namespace dns-system

Install RBAC (Latest Release)¶

Install from the latest stable release:

kubectl apply -f https://github.com/firestoned/bindy/releases/latest/download/rbac/serviceaccount.yaml
kubectl apply -f https://github.com/firestoned/bindy/releases/latest/download/rbac/role.yaml
kubectl apply -f https://github.com/firestoned/bindy/releases/latest/download/rbac/rolebinding.yaml

Or install from a specific version:

kubectl apply -f https://github.com/firestoned/bindy/releases/download/v0.3.0/rbac/serviceaccount.yaml
kubectl apply -f https://github.com/firestoned/bindy/releases/download/v0.3.0/rbac/role.yaml
kubectl apply -f https://github.com/firestoned/bindy/releases/download/v0.3.0/rbac/rolebinding.yaml

This creates: - ServiceAccount for the operator - ClusterRole with required permissions - ClusterRoleBinding to bind them together

Deploy Operator (Latest Release)¶

Install from the latest stable release:

kubectl apply -f https://github.com/firestoned/bindy/releases/latest/download/operator/deployment.yaml

Or install from a specific version:

kubectl apply -f https://github.com/firestoned/bindy/releases/download/v0.3.0/operator/deployment.yaml

Wait for Readiness¶

kubectl wait --for=condition=available --timeout=300s \
  deployment/bind9-operator -n dns-system

Verify Deployment¶

Check operator pod status:

kubectl get pods -n dns-system -l app=bind9-operator

Expected output:

NAME                                READY   STATUS    RESTARTS   AGE
bind9-operator-7d4b8c4f9b-x7k2m   1/1     Running   0          1m

Check operator logs:

kubectl logs -n dns-system -l app=bind9-operator -f

You should see:

{"timestamp":"2024-01-01T00:00:00Z","level":"INFO","message":"Starting Bindy operator"}
{"timestamp":"2024-01-01T00:00:01Z","level":"INFO","message":"Watching DNSZone resources"}
{"timestamp":"2024-01-01T00:00:01Z","level":"INFO","message":"Watching DNS record resources"}

Configuration¶

Environment Variables¶

Configure the operator via environment variables:

Variable	Default	Description
`RUST_LOG`	`info`	Log level (error, warn, info, debug, trace)
`BIND9_ZONES_DIR`	`/etc/bind/zones`	Directory for zone files
`RECONCILE_INTERVAL`	`300`	Reconciliation interval in seconds

Edit the deployment to customize:

env:
  - name: RUST_LOG
    value: "debug"
  - name: BIND9_ZONES_DIR
    value: "/var/lib/bind/zones"

Resource Limits¶

For production, set appropriate resource limits:

resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 500m
    memory: 512Mi

High Availability¶

Run multiple replicas with leader election:

spec:
  replicas: 3

Troubleshooting¶

Operator Not Starting¶

Check pod events:

kubectl describe pod -n dns-system -l app=bind9-operator

Check if CRDs are installed:

kubectl get crd | grep bindy.firestoned.io

Check RBAC permissions:

kubectl auth can-i list dnszones --as=system:serviceaccount:dns-system:bind9-operator

High Memory Usage¶

If the operator uses excessive memory:

Reduce log level: RUST_LOG=warn
Increase resource limits
Check for memory leaks in logs

Next Steps¶

Step-by-Step Guide - Create your first DNS zone
Configuration - Advanced configuration
Monitoring - Set up monitoring