fix dns integration via external-dns deployment

2025-05-23 13:05:08 +03:00
parent 74ae2c4694
commit f6e52e1f65
5 changed files with 19 additions and 37 deletions
--- a/inventory/ghp/sample/group_vars/knot_dns.yaml
+++ b/inventory/ghp/sample/group_vars/knot_dns.yaml
@ -12,20 +12,14 @@ knot_conf: |
      any: debug
  
  key:
-    - id: k8s
+    - id: k8s-{{ k8s_cluster_name }}-{{ namespace }}
      algorithm: hmac-sha512
      secret: {{ k8s_tsig }}
  
-    - id: vps
+    - id: ddclient-{{ k8s_cluster_name }}-{{ namespace }}
      algorithm: hmac-sha512
      secret: {{ ddclient_tsig }}
  
-  remote:
-  #  - id: slave
-  #    address: 192.168.1.1@53
-  #
-  #  - id: master
-  #    address: 192.168.2.1@53
  remote:
    - id: dns_server
      address: 127.0.0.1@53
@ -34,24 +28,15 @@ knot_conf: |
    - id: dns_zone_sbm
      parent: [dns_server]
  
-  
  acl:
    - id: deny_all
      deny: on # no action specified and deny on implies denial of all actions
  
    - id: key_rule
-      key: [vps, k8s]                # Access based just on TSIG key
+      key: [k8s-{{ k8s_cluster_name }}-{{ namespace }},ddclient-{{ k8s_cluster_name }}-{{ namespace }}] # Access based just on TSIG key
      address: 192.168.0.0/16
      action: [transfer, notify, update]
  
-  #  - id: acl_slave
-  #    address: 192.168.1.1
-  #    action: transfer
-  
-  #  - id: acl_master
-  #    address: 192.168.2.1
-  #    action: notify
-  
  template:
    - id: default
      storage: "/var/lib/knot"
@ -73,14 +58,3 @@ knot_conf: |
      dnssec-signing: on
      dnssec-policy: rsa
      zonefile-load: difference
-  
-  #    # Master zone
-  #  - domain: example.com
-  #    notify: slave
-  #    acl: acl_slave
-  
-  #    # Slave zone
-  #  - domain: example.net
-  #    master: master
-  #    acl: acl_master
-