fix dns integration via external-dns deployment

inventory/ghp/sample/group_vars/knot_dns.yaml

@@ -12,20 +12,14 @@ knot_conf: |
       any: debug
   
   key:
-    - id: k8s
+    - id: k8s-{{ k8s_cluster_name }}-{{ namespace }}
       algorithm: hmac-sha512
       secret: {{ k8s_tsig }}
   
-    - id: vps
+    - id: ddclient-{{ k8s_cluster_name }}-{{ namespace }}
       algorithm: hmac-sha512
       secret: {{ ddclient_tsig }}
   
-  remote:
-  #  - id: slave
-  #    address: 192.168.1.1@53
-  #
-  #  - id: master
-  #    address: 192.168.2.1@53
   remote:
     - id: dns_server
       address: 127.0.0.1@53
@@ -34,24 +28,15 @@ knot_conf: |
     - id: dns_zone_sbm
       parent: [dns_server]
   
-  
   acl:
     - id: deny_all
       deny: on # no action specified and deny on implies denial of all actions
   
     - id: key_rule
-      key: [vps, k8s]                # Access based just on TSIG key
+      key: [k8s-{{ k8s_cluster_name }}-{{ namespace }},ddclient-{{ k8s_cluster_name }}-{{ namespace }}] # Access based just on TSIG key
       address: 192.168.0.0/16
       action: [transfer, notify, update]
   
-  #  - id: acl_slave
-  #    address: 192.168.1.1
-  #    action: transfer
-  
-  #  - id: acl_master
-  #    address: 192.168.2.1
-  #    action: notify
-  
   template:
     - id: default
       storage: "/var/lib/knot"
@@ -73,14 +58,3 @@ knot_conf: |
       dnssec-signing: on
       dnssec-policy: rsa
       zonefile-load: difference
-  
-  #    # Master zone
-  #  - domain: example.com
-  #    notify: slave
-  #    acl: acl_slave
-  
-  #    # Slave zone
-  #  - domain: example.net
-  #    master: master
-  #    acl: acl_master
-

roles/external-dns/defaults/main.yaml

@@ -1,4 +1,6 @@
 external_dns_chart_ref: "bitnami/external-dns"
+external_dns_tsigKeyname: "k8s-{{ k8s_cluster_name }}-{{ namespace }}"
+external_dns_tsigSecretAlg: "hmac-sha512"
 external_dns_default_values:
   fullnameOverride: "{{ external_dns_name | default(namespace + '-external-dns') }}"
   ingressClassFilters: ["{{ external_ingress_class }}"]
@@ -9,8 +11,8 @@ external_dns_default_values:
     port: 53
     zone: "{{ external_domain | default(domain) }}"
     tsigSecret: "{{ k8s_tsig }}"
-    tsigSecretAlg: "{{ external_dns_tsigSecretAlg | default('hmac-sha512') }}"
-    tsigKeyname: "{{ external_dns_tsigKeyname | default('k8s') }}"
+    tsigSecretAlg: "{{ external_dns_tsigSecretAlg }}"
+    tsigKeyname: "{{ external_dns_tsigKeyname }}"
     tsigAxfr: true
     ## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
     minTTL: "30s"

roles/internal-dns/defaults/main.yaml

@@ -1,4 +1,6 @@
 internal_dns_chart_ref: "bitnami/external-dns"
+internal_dns_tsigKeyname: "k8s-{{ k8s_cluster_name }}-{{ namespace }}"
+internal_dns_tsigSecretAlg: "hmac-sha512"
 internal_dns_default_values:
   fullnameOverride: "{{ internal_dns_name | default(namespace + '-internal-dns') }}"
   ingressClassFilters: ["{{ internal_ingress_class }}"]
@@ -9,8 +11,8 @@ internal_dns_default_values:
     port: 53
     zone: "{{ internal_domain | default(domain) }}"
     tsigSecret: "{{ k8s_tsig }}"
-    tsigSecretAlg: "{{ internal_dns_tsigSecretAlg | default('hmac-sha512') }}"
-    tsigKeyname: "{{ internal_dns_tsigKeyname | default(namespace) }}"
+    tsigSecretAlg: "{{ internal_dns_tsigSecretAlg }}"
+    tsigKeyname: "{{ internal_dns_tsigKeyname }}"
     tsigAxfr: true
     ## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
     minTTL: "30s"

roles/local-dns/defaults/main.yaml

@@ -1,4 +1,6 @@
 local_dns_chart_ref: "bitnami/external-dns"
+local_dns_tsigKeyname: "k8s-{{ k8s_cluster_name }}-{{ namespace }}"
+local_dns_tsigSecretAlg: "hmac-sha512"
 local_dns_default_values:
   fullnameOverride: "{{ local_dns_name | default(namespace + '-local-dns') }}"
   ingressClassFilters: ["{{ local_ingress_class }}"]
@@ -9,8 +11,8 @@ local_dns_default_values:
     port: 53
     zone: "{{ local_domain }}"
     tsigSecret: "{{ k8s_tsig }}"
-    tsigSecretAlg: "{{ local_dns_tsigSecretAlg | default('hmac-sha512') }}"
-    tsigKeyname: "{{ local_dns_tsigKeyname | default(namespace) }}"
+    tsigSecretAlg: "{{ local_dns_tsigSecretAlg }}"
+    tsigKeyname: "{{ local_dns_tsigKeyname }}"
     tsigAxfr: true
     ## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
     minTTL: "30s"

roles/service-dns/defaults/main.yaml

@@ -1,4 +1,6 @@
 service_dns_chart_ref: "bitnami/external-dns"
+service_dns_tsigKeyname: "k8s-{{ k8s_cluster_name }}-{{ namespace }}"
+service_dns_tsigSecretAlg: "hmac-sha512"
 service_dns_default_values:
   fullnameOverride: "{{ service_dns_name | default(namespace + '-service-dns') }}"
   domainFilters: ["{{ service_domain | default(domain) }}"]
@@ -9,8 +11,8 @@ service_dns_default_values:
     port: 53
     zone: "{{ service_domain | default(domain) }}"
     tsigSecret: "{{ k8s_tsig }}"
-    tsigSecretAlg: "{{ service_dns_tsigSecretAlg | default('hmac-sha512') }}"
-    tsigKeyname: "{{ service_dns_tsigKeyname | default(namespace) }}"
+    tsigSecretAlg: "{{ service_dns_tsigSecretAlg }}"
+    tsigKeyname: "{{ service_dns_tsigKeyname }}"
     tsigAxfr: true
     ## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
     minTTL: "30s"