bindcar 0.6.0

HTTP REST API for managing BIND9 zones via rndc
# Access Control

Access control patterns for bindcar API.

## Network Policies

Restrict network access to bindcar:

```yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: bindcar-policy
spec:
  podSelector:
    matchLabels:
      app: dns
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: dns-client
    ports:
    - protocol: TCP
      port: 8080
```

## API Gateway Integration

Use an API gateway for additional access control:

- Rate limiting
- IP allowlisting
- Request validation

## RBAC

Kubernetes RBAC for ServiceAccount tokens:

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: bindcar-api-user
rules:
- apiGroups: [""]
  resources: ["serviceaccounts/token"]
  verbs: ["create"]
```

## Next Steps

- [Security]./security.md - Security overview
- [Kubernetes]../operations/kubernetes.md - Kubernetes deployment