From 79ddf61dc72b8db9fd40f8a634dc526f1d761afa Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Tue, 1 Jul 2025 22:48:33 +1000
Subject: [PATCH 1/2] Try fix how external dns gets its secret

---
 deployments/dns/bind.yaml        |  5 -----
 deployments/dns/externaldns.yaml | 15 +++++----------
 deployments/dns/namespace.yaml   |  5 +++++
 3 files changed, 10 insertions(+), 15 deletions(-)
 create mode 100644 deployments/dns/namespace.yaml

diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml
index 99f9482..23eab06 100644
--- a/deployments/dns/bind.yaml
+++ b/deployments/dns/bind.yaml
@@ -1,10 +1,5 @@
 ---
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: dns
----
-apiVersion: v1
 kind: ConfigMap
 metadata:
   name: bind-master-config
diff --git a/deployments/dns/externaldns.yaml b/deployments/dns/externaldns.yaml
index 638f403..523dab2 100644
--- a/deployments/dns/externaldns.yaml
+++ b/deployments/dns/externaldns.yaml
@@ -1,9 +1,4 @@
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: external-dns
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -31,19 +26,19 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: external-dns
-    namespace: external-dns
+    namespace: dns
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: external-dns
-  namespace: external-dns
+  namespace: dns
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: external-dns
-  namespace: external-dns
+  namespace: dns
 spec:
   replicas: 1
   selector:
@@ -76,6 +71,6 @@ spec:
             - name: RFC2136_TSIG_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: rfc2136-tsig-secret
-                  key: tsig-secret
+                  name: dns-secrets
+                  key: externaldns-secret
 
diff --git a/deployments/dns/namespace.yaml b/deployments/dns/namespace.yaml
new file mode 100644
index 0000000..52c7228
--- /dev/null
+++ b/deployments/dns/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dns

From 28cb4c5b2330b6d0cee0bf0019a9a7c4ff15b6a5 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Tue, 1 Jul 2025 22:48:45 +1000
Subject: [PATCH 2/2] namespace split

---
 deployments/kustomization.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml
index 1e71acc..f22190e 100644
--- a/deployments/kustomization.yaml
+++ b/deployments/kustomization.yaml
@@ -7,5 +7,6 @@ resources:
   - monitoring/loki.yaml
   - monitoring/prometheus.yaml
   - operators/mariadb.yaml
+  - dns/namespace.yaml
   - dns/bind.yaml
   - dns/externaldns.yaml