SecondaryConfig

bindy::crd

Struct SecondaryConfig 

Source 
pub struct SecondaryConfig {
    pub replicas: Option<i32>,
    pub labels: Option<BTreeMap<String, String>>,
    pub service: Option<ServiceConfig>,
    pub allow_transfer: Option<Vec<String>>,
    pub rndc_secret_ref: Option<RndcSecretRef>,
    pub rndc_key: Option<RndcKeyConfig>,
}
Expand description

Secondary instance configuration

Groups all configuration specific to secondary (replica) DNS instances.

Fields§

§replicas: Option<i32>

Number of secondary instance replicas (default: 1)

This controls how many replicas each secondary instance in this cluster should have. Can be overridden at the instance level.

§labels: Option<BTreeMap<String, String>>

Additional labels to apply to secondary Bind9Instance resources

These labels are propagated from the cluster/provider to all secondary instances. They are merged with standard labels (app.kubernetes.io/*) and can be used for:

  • Instance selection via DNSZone.spec.bind9InstancesFrom label selectors
  • Pod selectors in network policies
  • Monitoring and alerting label filters
  • Custom organizational taxonomy

Example:

secondary:
  labels:
    environment: production
    tier: backend
    region: us-west-2

These labels will appear on the Bind9Instance metadata and can be referenced by DNSZone resources using bind9InstancesFrom.selector.matchLabels.

§service: Option<ServiceConfig>

Custom Kubernetes Service configuration for secondary instances

Allows full customization of the Kubernetes Service created for secondary DNS servers, including both Service spec fields and metadata annotations.

Annotations are commonly used for:

  • MetalLB address pool selection
  • Cloud provider load balancer configuration
  • External DNS integration
  • Linkerd service mesh annotations

Allows different service configurations for primary vs secondary instances. Example: Primaries use LoadBalancer with specific annotations, secondaries use ClusterIP

See PrimaryConfig.service for detailed field documentation.

§allow_transfer: Option<Vec<String>>

Allow-transfer ACL for secondary instances

Overrides the default auto-detected Pod CIDR allow-transfer configuration for all secondary instances in this cluster. Use this to restrict or expand which IP addresses can perform zone transfers from secondary servers.

If not specified, defaults to cluster Pod CIDRs (auto-detected from Kubernetes Nodes).

Examples:

  • ["10.0.0.0/8"] - Allow transfers from entire 10.x network
  • ["any"] - Allow transfers from any IP (public internet)
  • [] - Deny all zone transfers (empty list means “none”)

Can be overridden at the instance level via spec.config.allowTransfer.

§rndc_secret_ref: Option<RndcSecretRef>
👎Deprecated since 0.6.0: Use rndc_key instead. This field will be removed in v1.0.0

Reference to an existing Kubernetes Secret containing RNDC key for all secondary instances.

If specified, all secondary instances in this cluster will use this existing Secret instead of auto-generating individual secrets. This allows sharing the same RNDC key across all secondary instances.

Can be overridden at the instance level via spec.rndcSecretRef.

§rndc_key: Option<RndcKeyConfig>

RNDC key configuration for all secondary instances with lifecycle management.

Supports automatic key rotation, Secret references, and inline Secret specifications. Overrides global RNDC configuration for secondary instances.

Precedence order:

  1. Instance level (spec.rndcKey)
  2. Role level (spec.primary.rndcKey or spec.secondary.rndcKey)
  3. Global level (cluster-wide RNDC configuration)
  4. Auto-generated (default)

Can be overridden at the instance level via spec.rndcKey.

Backward compatibility: If both rndc_key and rndc_secret_ref are specified, rndc_key takes precedence. For smooth migration, rndc_secret_ref will continue to work but is deprecated.

§Example

secondary:
  replicas: 2
  rndcKey:
    autoRotate: true
    rotateAfter: 720h  # 30 days
    algorithm: hmac-sha256

Trait Implementations§

Source§

impl Clone for SecondaryConfig

Source§

fn clone(&self) -> SecondaryConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SecondaryConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for SecondaryConfig

Source§

fn default() -> SecondaryConfig

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for SecondaryConfig

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl JsonSchema for SecondaryConfig

Source§

fn schema_name() -> Cow<'static, str>

The name of the generated JSON Schema. Read more
Source§

fn schema_id() -> Cow<'static, str>

Returns a string that uniquely identifies the schema produced by this type. Read more
Source§

fn json_schema(generator: &mut SchemaGenerator) -> Schema

Generates a JSON Schema for this type. Read more
Source§

fn inline_schema() -> bool

Whether JSON Schemas generated for this type should be included directly in parent schemas, rather than being re-used where possible using the $ref keyword. Read more
Source§

impl PartialEq for SecondaryConfig

Source§

fn eq(&self, other: &SecondaryConfig) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for SecondaryConfig

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for SecondaryConfig

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromRef<T> for T
where T: Clone,

§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> IntoRequest<T> for T

§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<L> LayerExt<L> for L

§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in [Layered].
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
§

impl<T> ServiceExt for T

§

fn map_response_body<F>(self, f: F) -> MapResponseBody<Self, F>
where Self: Sized,

Apply a transformation to the response body. Read more
§

fn trace_for_http(self) -> Trace<Self, SharedClassifier<ServerErrorsAsFailures>>
where Self: Sized,

High level tracing that classifies responses using HTTP status codes. Read more
§

fn trace_for_grpc(self) -> Trace<Self, SharedClassifier<GrpcErrorsAsFailures>>
where Self: Sized,

High level tracing that classifies responses using gRPC headers. Read more
§

fn follow_redirects(self) -> FollowRedirect<Self>
where Self: Sized,

Follow redirect resposes using the Standard policy. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,