Expand description
Bindy Scout — Ingress-to-ARecord controller.
Scout watches Kubernetes Ingresses across all namespaces (except its own and any
configured exclusions). When an Ingress is annotated with
bindy.firestoned.io/recordKind: "ARecord", Scout creates an ARecord CR in the
configured target namespace.
See docs/roadmaps/bindy-scout-ingress-controller.md for the full design.
§Phase 1 / 1.5 — Same-cluster mode (current)
Scout uses a single in-cluster client. ARecords are created in the same cluster.
§Phase 2 — Remote cluster mode
When BINDY_SCOUT_REMOTE_SECRET is set, Scout reads a kubeconfig from a Kubernetes
Secret and builds a second client (remote_client) targeting the dedicated Bindy cluster.
The local client still handles Ingress watching and finalizer management.
The remote client handles ARecord creation/deletion and DNSZone validation.
Structs§
- ARecord
Params - Parameters for building an ARecord CR.
- HTTP
Route - Minimal HTTPRoute definition for Scout’s use case.
- HTTP
RouteA Record Params - Parameters for building an ARecord CR from an HTTPRoute.
- HTTP
Route Spec - Minimal HTTPRoute spec for Scout’s use case.
- Scout
Context - Shared context passed to every reconciler invocation.
- Scout
Error - Reconcile error type — wraps
anyhow::Errorso that it satisfies thestd::error::Errorbound required bykube::runtime::Controller::run. - ServiceA
Record Params - Parameters for building a Service-sourced ARecord CR.
- TLSRoute
- Minimal TLSRoute definition for Scout’s use case.
- TLSRouteA
Record Params - Parameters for building an ARecord CR from a TLSRoute.
- TLSRoute
Spec - Minimal TLSRoute spec for Scout’s use case.
Constants§
- ANNOTATION_
IP - Annotation for explicitly overriding the IP(s) used in the ARecord.
- ANNOTATION_
RECORD_ KIND - Annotation specifying the DNS record kind Scout should create for this Ingress.
Set to
"ARecord"to create an A record. Any other value (or absent) is ignored. - ANNOTATION_
RECORD_ NAME - Annotation for overriding the DNS record name (
spec.name) on the created ARecord. - ANNOTATION_
SCOUT_ ENABLED - Simplified opt-in annotation — set to
"true"to enable Scout for this Ingress. Takes precedence over (and is preferred to)ANNOTATION_RECORD_KINDfor new users. Both annotations are accepted for backward compatibility. - ANNOTATION_
TTL - Annotation for overriding the TTL (in seconds) on the created ARecord. When absent, the ARecord inherits the TTL from the DNSZone spec.
- ANNOTATION_
ZONE - Annotation specifying which DNS zone owns this Ingress host
- DEFAULT_
SCOUT_ NAMESPACE - Default namespace where ARecords are created when
BINDY_SCOUT_NAMESPACEis not set - FINALIZER_
SCOUT - Finalizer added to Ingresses managed by Scout to ensure cleanup on deletion
- LABEL_
MANAGED_ BY - Label placed on created ARecords identifying Scout as the manager
- LABEL_
MANAGED_ BY_ SCOUT - Label value for ARecords created by Scout
- LABEL_
SOURCE_ CLUSTER - Label identifying the source cluster on created ARecords
- LABEL_
SOURCE_ NAME - Label identifying the source resource name on created ARecords. Used for all resource kinds (Ingress, Service, HTTPRoute, TLSRoute).
- LABEL_
SOURCE_ NAMESPACE - Label identifying the source namespace on created ARecords
- LABEL_
ZONE - Label carrying the DNS zone name on created ARecords (for DNSZone selector matching)
- RECORD_
KIND_ ARECORD - Expected value of
ANNOTATION_RECORD_KINDfor A record creation.
Functions§
- arecord_
cr_ name - Builds a sanitized Kubernetes resource name for an ARecord CR.
- arecord_
label_ selector - Builds a Kubernetes label selector string matching all ARecords created by Scout for a specific Ingress.
- build_
arecord - Builds the ARecord CR that Scout will create on the target cluster.
- build_
httproute_ arecord - Builds the ARecord CR that Scout will create for an HTTPRoute.
- build_
service_ arecord - Builds the ARecord CR that Scout will create for a
LoadBalancerService. - build_
tlsroute_ arecord - Builds the ARecord CR that Scout will create for a TLSRoute.
- derive_
record_ name - Derives the DNS record name from a hostname and zone.
- get_
record_ name_ annotation - Returns the explicit DNS record name override from
bindy.firestoned.io/record-name. - get_
zone_ annotation - Returns the DNS zone specified by the
bindy.firestoned.io/zoneannotation. - has_
finalizer - Returns
trueif the Scout finalizer is present on the Ingress. - httproute_
arecord_ cr_ name - Derives the ARecord CR name for an HTTPRoute.
- httproute_
arecord_ label_ selector - Builds a Kubernetes label selector matching all ARecords created by Scout for a specific HTTPRoute.
- is_
arecord_ enabled - Returns
trueif the Ingress is annotated for ARecord creation. - is_
being_ deleted - Returns
trueif the Ingress has been marked for deletion. - is_
loadbalancer_ service - Returns
trueif the Service is of typeLoadBalancer. - is_
scout_ opted_ in - Returns
trueif Scout should manage this Ingress. - resolve_
ip_ from_ lb_ status - Resolves the IP to use for an ARecord from the Ingress load-balancer status.
- resolve_
ip_ from_ service_ lb_ status - Extracts the first non-empty IP from the Service’s LoadBalancer status.
- resolve_
ips - Resolves the IP address(es) to use for an ARecord, in priority order:
- resolve_
ips_ from_ annotation - Returns the explicit IP overrides from the
bindy.firestoned.io/ipannotation. - resolve_
record_ name - Resolves the DNS record name for an ARecord, in priority order:
- resolve_
zone - Resolves the DNS zone for an Ingress, in priority order:
- run_
scout - Entry point for the
bindy scoutsubcommand. - service_
arecord_ cr_ name - Derives the ARecord CR name for a Service.
- service_
arecord_ label_ selector - Builds a Kubernetes label selector matching all ARecords created by Scout for a specific Service.
- stale_
arecord_ label_ selector - Builds a label selector string matching ARecords for the given Ingress that
belong to any cluster other than
current_cluster. - stale_
httproute_ arecord_ label_ selector - Builds a label selector string matching ARecords for the given HTTPRoute that
belong to any cluster other than
current_cluster. - stale_
tlsroute_ arecord_ label_ selector - Builds a label selector string matching ARecords for the given TLSRoute that
belong to any cluster other than
current_cluster. - tlsroute_
arecord_ cr_ name - Derives the ARecord CR name for a TLSRoute.
- tlsroute_
arecord_ label_ selector - Builds a Kubernetes label selector matching all ARecords created by Scout for a specific TLSRoute.