DevOpsTools/K3S
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3dfe87d03e5d3a1a081dcc97811c8aed6fe106a
K3S/addons/technitium-dns/role/chart/templates/externaldns.yaml
Sergey Antropoff f3dfe87d03 feat: добавить аддон technitium-dns — HA DNS Primary+Secondary с kube-vip LB и zone sync 
- Helm chart: Primary и Secondary Deployment, kube-vip LoadBalancer сервисы (UDP+TCP :53),
  ClusterIP для Web UI, PVC (ReadWriteOnce), Secret, Ingress
- CronJob sync (*/5 мин): Python sync.py опрашивает Technitium REST API, создаёт Secondary
  зоны на secondary и вызывает forceSyncZone для каждой зоны
- ExternalDNS (disabled по умолчанию): RFC 2136 DDNS для автоматических DNS-записей из Ingress
- Ansible role: validate, namespace, Helm deploy, cleanup secrets, summary с Keenetic-инструкцией
- Интеграция: Makefile, playbooks/addons.yml, group_vars/all/addons.yml, vault.yml.example
- README с архитектурой, Keenetic-конфигурацией и troubleshooting
2026-04-26 17:58:28 +03:00

84 lines
2.6 KiB
YAML
Raw Blame History

{{- if .Values.externalDns.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "technitium-dns.name" . }}-external-dns
namespace: {{ .Release.Namespace }}
labels:
{{- include "technitium-dns.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "technitium-dns.name" . }}-external-dns
labels:
{{- include "technitium-dns.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["services", "endpoints", "pods", "nodes"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "technitium-dns.name" . }}-external-dns
labels:
{{- include "technitium-dns.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "technitium-dns.name" . }}-external-dns
subjects:
- kind: ServiceAccount
name: {{ include "technitium-dns.name" . }}-external-dns
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "technitium-dns.name" . }}-external-dns
namespace: {{ .Release.Namespace }}
labels:
{{- include "technitium-dns.labels" . | nindent 4 }}
app.kubernetes.io/component: external-dns
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
{{- include "technitium-dns.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: external-dns
template:
metadata:
labels:
{{- include "technitium-dns.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: external-dns
spec:
serviceAccountName: {{ include "technitium-dns.name" . }}-external-dns
containers:
- name: external-dns
image: {{ .Values.externalDns.image }}
imagePullPolicy: IfNotPresent
args:
- --source=ingress
- --source=service
- --provider=rfc2136
- --rfc2136-host={{ .Values.primary.ip }}
- --rfc2136-port=53
- --rfc2136-zone={{ .Values.dns.domain }}
- --rfc2136-insecure
- --txt-owner-id={{ .Values.externalDns.txtOwnerId }}
- --policy={{ .Values.externalDns.policy }}
- --log-level=info
{{- range .Values.externalDns.domainFilter }}
- --domain-filter={{ . }}
{{- end }}
resources:
{{- toYaml .Values.externalDns.resources | nindent 12 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink