DevOpsTools/K3S
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3dfe87d03e5d3a1a081dcc97811c8aed6fe106a
K3S/addons/technitium-dns/role/defaults/main.yml
Sergey Antropoff f3dfe87d03 feat: добавить аддон technitium-dns — HA DNS Primary+Secondary с kube-vip LB и zone sync 
- Helm chart: Primary и Secondary Deployment, kube-vip LoadBalancer сервисы (UDP+TCP :53),
  ClusterIP для Web UI, PVC (ReadWriteOnce), Secret, Ingress
- CronJob sync (*/5 мин): Python sync.py опрашивает Technitium REST API, создаёт Secondary
  зоны на secondary и вызывает forceSyncZone для каждой зоны
- ExternalDNS (disabled по умолчанию): RFC 2136 DDNS для автоматических DNS-записей из Ingress
- Ansible role: validate, namespace, Helm deploy, cleanup secrets, summary с Keenetic-инструкцией
- Интеграция: Makefile, playbooks/addons.yml, group_vars/all/addons.yml, vault.yml.example
- README с архитектурой, Keenetic-конфигурацией и troubleshooting
2026-04-26 17:58:28 +03:00

52 lines
3.1 KiB
YAML
Raw Blame History

---
# ── Namespace ─────────────────────────────────────────────────────────────────
technitium_dns_namespace: technitium-dns
technitium_dns_release_name: technitium-dns
# ── Primary DNS LoadBalancer IP (kube-vip) ────────────────────────────────────
technitium_dns_primary_ip: "192.168.1.53"
technitium_dns_primary_node: "" # pin to hostname, empty = soft anti-affinity
# ── Secondary DNS (optional HA) ───────────────────────────────────────────────
technitium_dns_secondary_enabled: true
technitium_dns_secondary_ip: "192.168.1.54"
technitium_dns_secondary_node: ""
# ── DNS domain served locally ─────────────────────────────────────────────────
technitium_dns_domain: "home.local"
# ── Upstream forwarders ───────────────────────────────────────────────────────
technitium_dns_forwarders:
- "1.1.1.1"
- "8.8.8.8"
# ── Recursion policy ──────────────────────────────────────────────────────────
# AllowOnlyForPrivateNetworks | Allow | Deny
technitium_dns_recursion: "AllowOnlyForPrivateNetworks"
# ── Admin password — set in vault.yml: technitium_dns_admin_password ──────────
# technitium_dns_admin_password: ""
# ── Storage ───────────────────────────────────────────────────────────────────
technitium_dns_storage_class: "" # empty = cluster default
technitium_dns_storage_size: "1Gi"
# ── Web UI via Ingress ────────────────────────────────────────────────────────
technitium_dns_ingress_enabled: true
technitium_dns_ingress_class: nginx
technitium_dns_primary_host: "dns.home.local"
technitium_dns_secondary_host: "dns-secondary.home.local"
technitium_dns_ingress_tls_enabled: false
technitium_dns_ingress_tls_secret: ""
# ── Zone sync CronJob (primary → secondary) ───────────────────────────────────
technitium_dns_sync_enabled: true
technitium_dns_sync_schedule: "*/5 * * * *"
# ── ExternalDNS via RFC 2136 DDNS (optional) ─────────────────────────────────
technitium_dns_externaldns_enabled: false
technitium_dns_externaldns_domain_filter:
- "home.local"
technitium_dns_externaldns_policy: "upsert-only"
technitium_dns_externaldns_txt_owner_id: "k3s-home"
Reference in New Issue View Git Blame Copy Permalink