Module scout 

Bindy Scout — Ingress-to-ARecord controller.

Scout watches Kubernetes Ingresses across all namespaces (except its own and any configured exclusions). When an Ingress is annotated with bindy.firestoned.io/recordKind: "ARecord", Scout creates an ARecord CR in the configured target namespace.

See docs/roadmaps/bindy-scout-ingress-controller.md for the full design.

Phase 1 / 1.5 — Same-cluster mode (current)

Scout uses a single in-cluster client. ARecords are created in the same cluster.

Phase 2 — Remote cluster mode

When BINDY_SCOUT_REMOTE_SECRET is set, Scout reads a kubeconfig from a Kubernetes Secret and builds a second client (remote_client) targeting the dedicated Bindy cluster. The local client still handles Ingress watching and finalizer management. The remote client handles ARecord creation/deletion and DNSZone validation.

Structs

ARecordParams

Parameters for building an ARecord CR.

ScoutContext

Shared context passed to every reconciler invocation.

ScoutError

Reconcile error type — wraps anyhow::Error so that it satisfies the std::error::Error bound required by kube::runtime::Controller::run.

Constants

ANNOTATION_IP

Annotation for explicitly overriding the IP used in the ARecord. When set, takes precedence over the IP resolved from Ingress LoadBalancer status.

ANNOTATION_RECORD_KIND

Annotation specifying the DNS record kind Scout should create for this Ingress. Set to "ARecord" to create an A record. Any other value (or absent) is ignored.

ANNOTATION_SCOUT_ENABLED

Simplified opt-in annotation — set to "true" to enable Scout for this Ingress. Takes precedence over (and is preferred to) ANNOTATION_RECORD_KIND for new users. Both annotations are accepted for backward compatibility.

ANNOTATION_TTL

Annotation for overriding the TTL (in seconds) on the created ARecord. When absent, the ARecord inherits the TTL from the DNSZone spec.

ANNOTATION_ZONE

Annotation specifying which DNS zone owns this Ingress host

DEFAULT_SCOUT_NAMESPACE

Default namespace where ARecords are created when BINDY_SCOUT_NAMESPACE is not set

FINALIZER_SCOUT

Finalizer added to Ingresses managed by Scout to ensure cleanup on deletion

LABEL_MANAGED_BY

Label placed on created ARecords identifying Scout as the manager

LABEL_MANAGED_BY_SCOUT

Label value for ARecords created by Scout

LABEL_SOURCE_CLUSTER

Label identifying the source cluster on created ARecords

LABEL_SOURCE_INGRESS

Label identifying the source Ingress name on created ARecords

LABEL_SOURCE_NAMESPACE

Label identifying the source namespace on created ARecords

LABEL_ZONE

Label carrying the DNS zone name on created ARecords (for DNSZone selector matching)

RECORD_KIND_ARECORD

Expected value of ANNOTATION_RECORD_KIND for A record creation.

Functions

arecord_cr_name

Builds a sanitized Kubernetes resource name for an ARecord CR.

arecord_label_selector

Builds a Kubernetes label selector string matching all ARecords created by Scout for a specific Ingress.

build_arecord

Builds the ARecord CR that Scout will create on the target cluster.

derive_record_name

Derives the DNS record name from a hostname and zone.

get_zone_annotation

Returns the DNS zone specified by the bindy.firestoned.io/zone annotation.

has_finalizer

Returns true if the Scout finalizer is present on the Ingress.

is_arecord_enabled

Returns true if the Ingress is annotated for ARecord creation.

is_being_deleted

Returns true if the Ingress has been marked for deletion.

is_scout_opted_in

Returns true if Scout should manage this Ingress.

resolve_ip_from_annotation

Returns the explicit IP override from bindy.firestoned.io/ip, if present.

resolve_ip_from_lb_status

Resolves the IP to use for an ARecord from the Ingress load-balancer status.

resolve_ips

Resolves the IP address(es) to use for an ARecord, in priority order:

resolve_zone

Resolves the DNS zone for an Ingress, in priority order:

run_scout

Entry point for the bindy scout subcommand.