# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ######### # Public Core DNS zone # SC-20 - This is Parent zone and purely related to core landing zone only. Supports DNSSEC from spoofing attacks # Client applications will be using sub zones created under parent zone, however, their configuration will be application specific and will require seperate assessment # AU-12 - Enable logging for DNS apiVersion: dns.cnrm.cloud.google.com/v1beta1 kind: DNSManagedZone metadata: name: core-dns-project-id-standard-core-public-dns # kpt-set: ${core-dns-project-id}-standard-core-public-dns namespace: networking annotations: cnrm.cloud.google.com/project-id: core-dns-project-id # kpt-set: ${core-dns-project-id} config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/core-dns-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${core-dns-project-id} spec: description: "standard core public dns zone" resourceID: standard-core-public-dns dnsName: "dns-name" # kpt-set: ${dns-name} visibility: public # SC-20 dnssecConfig: state: "on" # AU-12 cloudLoggingConfig: enableLogging: true