Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Deploying the Controller

The Bindy controller watches for DNS resources and manages BIND9 configurations.

Prerequisites

Before deploying the controller:

  1. CRDs must be installed
  2. RBAC must be configured
  3. Namespace must exist (dns-system recommended)

Installation

Create Namespace

kubectl create namespace dns-system

Install RBAC

kubectl apply -f https://raw.githubusercontent.com/firestoned/bindy/main/deploy/rbac/

This creates:

  • ServiceAccount for the controller
  • ClusterRole with required permissions
  • ClusterRoleBinding to bind them together

Deploy Controller

kubectl apply -f https://raw.githubusercontent.com/firestoned/bindy/main/deploy/controller/deployment.yaml

Wait for Readiness

kubectl wait --for=condition=available --timeout=300s \
  deployment/bind9-controller -n dns-system

Verify Deployment

Check controller pod status:

kubectl get pods -n dns-system -l app=bind9-controller

Expected output:

NAME                                READY   STATUS    RESTARTS   AGE
bind9-controller-7d4b8c4f9b-x7k2m   1/1     Running   0          1m

Check controller logs:

kubectl logs -n dns-system -l app=bind9-controller -f

You should see:

{"timestamp":"2024-01-01T00:00:00Z","level":"INFO","message":"Starting Bindy controller"}
{"timestamp":"2024-01-01T00:00:01Z","level":"INFO","message":"Watching DNSZone resources"}
{"timestamp":"2024-01-01T00:00:01Z","level":"INFO","message":"Watching DNS record resources"}

Configuration

Environment Variables

Configure the controller via environment variables:

VariableDefaultDescription
RUST_LOGinfoLog level (error, warn, info, debug, trace)
BIND9_ZONES_DIR/etc/bind/zonesDirectory for zone files
RECONCILE_INTERVAL300Reconciliation interval in seconds

Edit the deployment to customize:

env:
  - name: RUST_LOG
    value: "debug"
  - name: BIND9_ZONES_DIR
    value: "/var/lib/bind/zones"

Resource Limits

For production, set appropriate resource limits:

resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 500m
    memory: 512Mi

High Availability

Run multiple replicas with leader election:

spec:
  replicas: 3

Troubleshooting

Controller Not Starting

  1. Check pod events:

    kubectl describe pod -n dns-system -l app=bind9-controller

  2. Check if CRDs are installed:

    kubectl get crd | grep bindy.firestoned.io

  3. Check RBAC permissions:

    kubectl auth can-i list dnszones --as=system:serviceaccount:dns-system:bind9-controller

High Memory Usage

If the controller uses excessive memory:

  1. Reduce log level: RUST_LOG=warn
  2. Increase resource limits
  3. Check for memory leaks in logs

Next Steps