docs: add BIND9 on Kubernetes with Kind tutorial for rfc2136 provider

docs/snippets/tutorials/rfc2136/bind9.yaml

@@ -0,0 +1,158 @@
+# kubectl apply -f docs/snippets/tutorials/rfc2136/bind9.yaml
+# kubectl delete -f docs/snippets/tutorials/rfc2136/bind9.yaml
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bind9
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bind-config
+  namespace: bind9
+data:
+  named.conf: |
+    options {
+      directory "/data";
+      listen-on { any; };
+      listen-on-v6 { any; };
+      allow-query { any; };
+      allow-transfer { any; };
+      recursion no;
+      dnssec-validation no;
+    };
+
+    key "externaldns-key" {
+      algorithm hmac-sha256;
+      secret "96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8=";
+    };
+
+    zone "example.local" {
+      type primary;
+      file "/data/db.example.local";
+      allow-update { key externaldns-key; };
+      allow-transfer { key externaldns-key; };
+    };
+
+    zone "49.168.192.in-addr.arpa" {
+      type primary;
+      file "/data/db.reverse";
+      allow-update { key externaldns-key; };
+      allow-transfer { key externaldns-key; };
+    };
+  db.forward: |
+    $TTL 86400
+    @   IN  SOA ns1.example.local. admin.example.local. (
+                2024010101 ; serial
+                3600       ; refresh
+                1800       ; retry
+                604800     ; expire
+                86400 )    ; minimum
+        IN  NS  ns1.example.local.
+    ns1 IN  A   10.0.0.1
+  db.reverse: |
+    $TTL 86400
+    @   IN  SOA ns1.example.local. admin.example.local. (
+                2024010101 ; serial
+                3600       ; refresh
+                1800       ; retry
+                604800     ; expire
+                86400 )    ; minimum
+        IN  NS  ns1.example.local.
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bind9
+  namespace: bind9
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bind9
+  template:
+    metadata:
+      labels:
+        app: bind9
+    spec:
+      securityContext:
+        runAsUser: 0
+        fsGroup: 0
+      initContainers:
+      - name: init-zones
+        image: busybox:1.36
+        command: ["sh", "-c"]
+        args:
+        - |
+          cp /config/named.conf /data/named.conf
+          cp /config/db.forward /data/db.example.local
+          cp /config/db.reverse /data/db.reverse
+          chmod -R 777 /data
+        volumeMounts:
+        - name: config
+          mountPath: /config
+        - name: bind-data
+          mountPath: /data
+      containers:
+      - name: bind9
+        image: internetsystemsconsortium/bind9:9.21
+        command: ["named", "-g", "-u", "root", "-c", "/data/named.conf"]
+        ports:
+        - containerPort: 53
+          protocol: TCP
+        - containerPort: 53
+          protocol: UDP
+        volumeMounts:
+        - name: bind-data
+          mountPath: /data
+        readinessProbe:
+          tcpSocket:
+            port: 53
+          initialDelaySeconds: 5
+          periodSeconds: 5
+      volumes:
+      - name: config
+        configMap:
+          name: bind-config
+      - name: bind-data
+        emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bind9
+  namespace: bind9
+spec:
+  selector:
+    app: bind9
+  ports:
+  - name: dns-tcp
+    port: 53
+    targetPort: 53
+    protocol: TCP
+  - name: dns-udp
+    port: 53
+    targetPort: 53
+    protocol: UDP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bind9-nodeport
+  namespace: bind9
+spec:
+  type: NodePort
+  selector:
+    app: bind9
+  ports:
+  - name: dns-tcp
+    port: 53
+    targetPort: 53
+    nodePort: 30053
+    protocol: TCP
+  - name: dns-udp
+    port: 53
+    targetPort: 53
+    nodePort: 30053
+    protocol: UDP

docs/snippets/tutorials/rfc2136/fixtures.yaml

@@ -0,0 +1,38 @@
+# kubectl apply -f docs/snippets/tutorials/rfc2136/fixtures.yaml
+# kubectl delete -f docs/snippets/tutorials/rfc2136/fixtures.yaml
+---
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: test-a-records
+  namespace: default
+spec:
+  endpoints:
+  - dnsName: app.example.local
+    recordTTL: 300
+    recordType: A
+    targets:
+    - 192.168.49.10
+  - dnsName: api.example.local
+    recordTTL: 300
+    recordType: A
+    targets:
+    - 192.168.49.20
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-rfc2136
+  namespace: default
+  labels:
+    svc: test-svc
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: svc.example.local
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80
+    name: http
+    targetPort: 80
+  selector:
+    app: nginx

docs/snippets/tutorials/rfc2136/kind.yaml

@@ -0,0 +1,34 @@
+# ref: https://kind.sigs.k8s.io/docs/user/quick-start/
+# https://kind.sigs.k8s.io/docs/user/configuration/#extra-port-mappings
+
+# kind create cluster --config=docs/snippets/tutorials/rfc2136/kind.yaml
+# kind delete cluster --name rfc2136-bind9
+# kubectl cluster-info --context kind-rfc2136-bind9
+# kubectl get nodes -o wide
+---
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: rfc2136-bind9
+networking:
+  apiServerAddress: 127.0.0.1
+  apiServerPort: 6443
+nodes:
+- role: control-plane
+  image: kindest/node:v1.35.1
+  kubeadmConfigPatches:
+    - |
+      kind: InitConfiguration
+      nodeRegistration:
+        kubeletExtraArgs:
+          node-labels: "ingress-ready=true"
+  extraPortMappings:
+    - containerPort: 30053   # BIND9 DNS NodePort
+      hostPort: 5354         # exposed on host
+      listenAddress: "0.0.0.0"
+      protocol: TCP
+    - containerPort: 30053
+      hostPort: 5354
+      listenAddress: "0.0.0.0"
+      protocol: UDP
+- role: worker
+  image: kindest/node:v1.35.1

docs/snippets/tutorials/rfc2136/values-extdns-rfc2136.yaml

@@ -0,0 +1,45 @@
+# ref: https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/values.yaml
+provider:
+  name: rfc2136
+
+extraArgs:
+  - --rfc2136-host=bind9.bind9.svc.cluster.local
+  - --rfc2136-port=53
+  - --rfc2136-zone=example.local
+  - --rfc2136-zone=49.168.192.in-addr.arpa
+  - --rfc2136-tsig-keyname=externaldns-key
+  - --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8=
+  - --rfc2136-tsig-secret-alg=hmac-sha256
+  - --rfc2136-tsig-axfr
+  - --rfc2136-create-ptr
+  - --managed-record-types=A
+  - --managed-record-types=AAAA
+  - --managed-record-types=CNAME
+  - --managed-record-types=PTR
+
+txtOwnerId: external-dns
+
+domainFilters:
+  - example.local
+  - 49.168.192.in-addr.arpa
+
+sources:
+  - service
+  - ingress
+  - crd
+
+policy: sync
+
+logLevel: debug
+interval: 10s
+
+rbac:
+  create: true
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 64Mi
+  limits:
+    cpu: 200m
+    memory: 128Mi