Expand description
Global constants for the Bindy operator.
This module contains all numeric and string constants used throughout the codebase. Constants are organized by category for easy maintenance.
Constants§
- ALLOWED_
USER_ CONFIGMAP_ PREFIX - Required name prefix for any ConfigMap that the user references via a
configMap:volume. Same rationale asALLOWED_USER_SECRET_PREFIX. - ALLOWED_
USER_ MOUNT_ PREFIXES - Mount-path prefixes allowed for user-supplied
volumeMounts. - ALLOWED_
USER_ PVC_ PREFIX - Required name prefix for any PVC that the user references via a
persistentVolumeClaim:volume. Same rationale asALLOWED_USER_SECRET_PREFIX. - ALLOWED_
USER_ SECRET_ PREFIX - Required name prefix for any Secret that the user references via a
secret:volume. Prevents the user from mounting an arbitrary Secret (including the operator’s own credentials) into the BIND9/bindcar pod. - ALLOW_
ZONE_ NAMESPACES_ WILDCARD - Wildcard value for
ANNOTATION_ALLOW_ZONE_NAMESPACESmeaning “any namespace may target this instance.” Use with care — restores the pre-F-003 cluster-wide behaviour. - ANNOTATION_
ALLOW_ ZONE_ NAMESPACES - Annotation key on
Bind9Instancethat lists namespaces from which aDNSZone(in a different namespace) is permitted to target this instance viaspec.bind9InstancesFromselectors. - ANNOTATION_
RNDC_ CREATED_ AT - Annotation key for RNDC key creation timestamp (ISO 8601 format)
- ANNOTATION_
RNDC_ ROTATED_ AT - Annotation key for tracking pod restarts after RNDC rotation
- ANNOTATION_
RNDC_ ROTATE_ AT - Annotation key for RNDC key rotation timestamp (ISO 8601 format)
- ANNOTATION_
RNDC_ ROTATION_ COUNT - Annotation key for RNDC key rotation count
- ANNOTATION_
ZONE_ OWNER - Annotation key for marking which zone owns a DNS record
- ANNOTATION_
ZONE_ PREVIOUS_ OWNER - Annotation key for marking which zone previously owned a record
- API_
GROUP - API group for all Bindy DNS CRDs
- API_
GROUP_ VERSION - Fully qualified API version (group/version)
- API_
VERSION - API version for all Bindy DNS CRDs
- BIND9_
MALLOC_ CONF MALLOC_CONFenvironment variable value for BIND9 containers- BIND9_
NONROOT_ UID - UID for running BIND9 and bindcar containers as non-root
- BIND9_
SERVICE_ ACCOUNT ServiceAccountname for BIND9 pods- BINDCAR_
API_ PORT - Default bindcar HTTP API container port
- BINDCAR_
SERVICE_ PORT - Default bindcar HTTP API service port (exposed via Kubernetes Service)
- CONTAINER_
NAME_ BIND9 - Name of the BIND9 container in the pod
- CONTAINER_
NAME_ BINDCAR - Name of the bindcar API sidecar container in the pod
- DEFAULT_
BIND9_ VERSION - Default BIND9 version tag
- DEFAULT_
BINDCAR_ IMAGE - Default bindcar sidecar container image
- DEFAULT_
DNS_ RECORD_ TTL_ SECS - Default TTL for DNS records (5 minutes)
- DEFAULT_
LEASE_ DURATION_ SECS - Default leader election lease duration (15 seconds)
- DEFAULT_
LEASE_ RENEW_ DEADLINE_ SECS - Default leader election renew deadline (10 seconds)
- DEFAULT_
LEASE_ RETRY_ PERIOD_ SECS - Default leader election retry period (2 seconds)
- DEFAULT_
ROTATION_ INTERVAL - Default rotation interval (720 hours = 30 days)
- DEFAULT_
SOA_ EXPIRE_ SECS - Default SOA expire time (7 days)
- DEFAULT_
SOA_ NEGATIVE_ TTL_ SECS - Default SOA negative TTL (1 day)
- DEFAULT_
SOA_ REFRESH_ SECS - Default SOA refresh interval (1 hour)
- DEFAULT_
SOA_ RETRY_ SECS - Default SOA retry interval (10 minutes)
- DEFAULT_
ZONE_ TTL_ SECS - Default TTL for zone files (1 hour)
- DNS_
CONTAINER_ PORT - DNS container port (non-privileged port for non-root execution)
- DNS_
PORT - Standard DNS service port exposed externally
- ERROR_
REQUEUE_ DURATION_ SECS - Requeue duration for controller errors (30 seconds)
- KIND_
AAAA_ RECORD - Kind name for
AAAARecordresource - KIND_
A_ RECORD - Kind name for
ARecordresource - KIND_
BIND9_ CLUSTER - Kind name for
Bind9Clusterresource - KIND_
BIND9_ INSTANCE - Kind name for
Bind9Instanceresource - KIND_
CAA_ RECORD - Kind name for
CAARecordresource - KIND_
CLUSTER_ BIND9_ PROVIDER - Kind name for
ClusterBind9Providerresource - KIND_
CNAME_ RECORD - Kind name for
CNAMERecordresource - KIND_
DNS_ ZONE - Kind name for
DNSZoneresource - KIND_
MX_ RECORD - Kind name for
MXRecordresource - KIND_
NS_ RECORD - Kind name for
NSRecordresource - KIND_
SRV_ RECORD - Kind name for
SRVRecordresource - KIND_
TXT_ RECORD - Kind name for
TXTRecordresource - KUBE_
CLIENT_ BURST - Kubernetes API client burst size (max concurrent requests)
- KUBE_
CLIENT_ QPS - Kubernetes API client queries per second (sustained rate)
- KUBE_
LIST_ PAGE_ SIZE - Page size for Kubernetes API list operations
- LIVENESS_
FAILURE_ THRESHOLD - Liveness probe failure threshold
- LIVENESS_
INITIAL_ DELAY_ SECS - Liveness probe initial delay (wait for BIND9 to start)
- LIVENESS_
PERIOD_ SECS - Liveness probe period (how often to check)
- LIVENESS_
TIMEOUT_ SECS - Liveness probe timeout
- MAX_
ROTATION_ INTERVAL_ HOURS - Maximum rotation interval in hours (8760 hours = 365 days = 1 year)
- MAX_
TEST_ REPLICAS - Maximum reasonable number of replicas for testing
- METRICS_
SERVER_ BIND_ ADDRESS - Bind address for metrics HTTP server
- METRICS_
SERVER_ PATH - Path for Prometheus metrics endpoint
- METRICS_
SERVER_ PORT - Port for Prometheus metrics HTTP server
- MIN_
ROTATION_ INTERVAL_ HOURS - Minimum rotation interval in hours (1 hour)
- MIN_
TEST_ REPLICAS - Minimum number of replicas for testing
- MIN_
TIME_ BETWEEN_ ROTATIONS_ HOURS - Minimum time between rotations in hours (1 hour)
- READINESS_
FAILURE_ THRESHOLD - Readiness probe failure threshold
- READINESS_
INITIAL_ DELAY_ SECS - Readiness probe initial delay
- READINESS_
PERIOD_ SECS - Readiness probe period
- READINESS_
TIMEOUT_ SECS - Readiness probe timeout
- RNDC_
PORT - Standard RNDC control port (non-privileged)
- TOKIO_
WORKER_ THREADS - Number of worker threads for Tokio runtime
- TSIG_
FUDGE_ TIME_ SECS - TSIG fudge time in seconds (allows for clock skew)