Function create_rndc_secret_with_annotations 

pub fn create_rndc_secret_with_annotations(
    namespace: &str,
    name: &str,
    key_data: &RndcKeyData,
    created_at: DateTime<Utc>,
    rotate_after: Option<Duration>,
    rotation_count: u32,
) -> Secret

Create a Kubernetes Secret with RNDC key data and rotation tracking annotations.

This function creates a Secret with the RNDC key data (via create_rndc_secret_data) and adds rotation tracking annotations for automatic key rotation.

Arguments

• namespace - Kubernetes namespace for the Secret
• name - Secret name
• key_data - RNDC key data (name, algorithm, secret)
• created_at - Timestamp when the key was created or last rotated
• rotate_after - Optional duration after which to rotate (None = no rotation)
• rotation_count - Number of times the key has been rotated (0 for new keys)

Returns

A Kubernetes Secret resource with:

• RNDC key data in .data
• Rotation tracking annotations in .metadata.annotations

Annotations

• bindy.firestoned.io/rndc-created-at: ISO 8601 timestamp (always present)
• bindy.firestoned.io/rndc-rotate-at: ISO 8601 timestamp (only if rotate_after is Some)
• bindy.firestoned.io/rndc-rotation-count: Number of rotations (always present)

Examples

use bindy::bind9::rndc::{generate_rndc_key, create_rndc_secret_with_annotations};
use chrono::Utc;
use std::time::Duration;

let key_data = generate_rndc_key();
let created_at = Utc::now();
let rotate_after = Duration::from_secs(30 * 24 * 3600); // 30 days

let secret = create_rndc_secret_with_annotations(
    "bindy-system",
    "bind9-primary-rndc-key",
    &key_data,
    created_at,
    Some(rotate_after),
    0, // First key, not rotated yet
);

Panics

May panic if the rotate_after duration cannot be converted to a chrono Duration. This should not happen for valid rotation intervals (1h - 8760h).