Function for_each_secondary_endpoint 

pub async fn for_each_secondary_endpoint<F, Fut>(
    client: &Client,
    namespace: &str,
    cluster_ref: &str,
    is_cluster_provider: bool,
    with_rndc_key: bool,
    port_name: &str,
    operation: F,
) -> Result<(Option<String>, usize)>
where
    F: Fn(String, String, Option<RndcKeyData>) -> Fut,
    Fut: Future<Output = Result<()>>,

Update lastReconciledAt timestamp for a zone in Bind9Instance.status.selectedZones[].

This function implements the critical Phase 2 completion step: after successfully configuring a zone on an instance, we update the instance’s status to signal that the zone is now reconciled and doesn’t need reconfiguration on future reconciliations.

This prevents infinite reconciliation loops by ensuring the DNSZone watch mapper only triggers reconciliation when lastReconciledAt == None.

Arguments

• client - Kubernetes API client
• instance_name - Name of the Bind9Instance
• instance_namespace - Namespace of the Bind9Instance
• zone_name - Name of the DNSZone resource
• zone_namespace - Namespace of the DNSZone resource

Execute an operation on all SECONDARY endpoints for a cluster.

Similar to for_each_primary_endpoint, but operates on SECONDARY instances. Useful for triggering zone transfers or other secondary-specific operations.

Arguments

• client - Kubernetes API client
• namespace - Namespace to search for instances
• cluster_ref - Cluster reference name
• is_cluster_provider - Whether this is a cluster provider (cluster-scoped)
• with_rndc_key - Whether to load and pass RNDC keys for each instance
• port_name - Port name to use for endpoints (e.g., “rndc-api”, “dns-tcp”)
• operation - Async closure to execute for each endpoint

Returns

• Ok((first_endpoint, total_endpoints)) - First endpoint found and total count

Errors

Returns an error if:

• Failed to find secondary pods
• Failed to load RNDC keys
• Failed to get service endpoints
• The operation closure returns an error for any endpoint