f3dfe87d03
- Helm chart: Primary и Secondary Deployment, kube-vip LoadBalancer сервисы (UDP+TCP :53), ClusterIP для Web UI, PVC (ReadWriteOnce), Secret, Ingress - CronJob sync (*/5 мин): Python sync.py опрашивает Technitium REST API, создаёт Secondary зоны на secondary и вызывает forceSyncZone для каждой зоны - ExternalDNS (disabled по умолчанию): RFC 2136 DDNS для автоматических DNS-записей из Ingress - Ansible role: validate, namespace, Helm deploy, cleanup secrets, summary с Keenetic-инструкцией - Интеграция: Makefile, playbooks/addons.yml, group_vars/all/addons.yml, vault.yml.example - README с архитектурой, Keenetic-конфигурацией и troubleshooting
148 lines
6.2 KiB
YAML
148 lines
6.2 KiB
YAML
---
|
|
# ── Validate inputs ───────────────────────────────────────────────────────────
|
|
|
|
- name: Validate technitium_dns_admin_password is set
|
|
ansible.builtin.assert:
|
|
that:
|
|
- technitium_dns_admin_password is defined
|
|
- technitium_dns_admin_password | length >= 8
|
|
fail_msg: >
|
|
technitium_dns_admin_password must be set in vault.yml (minimum 8 characters).
|
|
|
|
- name: Validate primary IP is set
|
|
ansible.builtin.assert:
|
|
that:
|
|
- technitium_dns_primary_ip | length > 0
|
|
fail_msg: >
|
|
technitium_dns_primary_ip must be set to a kube-vip-managed static IP.
|
|
|
|
# ── Create namespace ──────────────────────────────────────────────────────────
|
|
|
|
- name: Create technitium-dns namespace
|
|
ansible.builtin.command: >
|
|
k3s kubectl create namespace {{ technitium_dns_namespace }}
|
|
--dry-run=client -o yaml | k3s kubectl apply -f -
|
|
become: true
|
|
changed_when: false
|
|
|
|
# ── Copy Helm chart to master ─────────────────────────────────────────────────
|
|
|
|
- name: Ensure chart temp directory is clean
|
|
ansible.builtin.file:
|
|
path: /tmp/technitium-dns-chart
|
|
state: absent
|
|
become: true
|
|
|
|
- name: Create chart temp directory
|
|
ansible.builtin.file:
|
|
path: /tmp/technitium-dns-chart
|
|
state: directory
|
|
mode: "0755"
|
|
become: true
|
|
|
|
- name: Copy Helm chart to master
|
|
ansible.builtin.copy:
|
|
src: "{{ role_path }}/chart/"
|
|
dest: /tmp/technitium-dns-chart/
|
|
mode: preserve
|
|
become: true
|
|
|
|
# ── Template Helm values ──────────────────────────────────────────────────────
|
|
|
|
- name: Template Helm values
|
|
ansible.builtin.template:
|
|
src: values.yaml.j2
|
|
dest: /tmp/technitium-dns-values.yaml
|
|
mode: "0600"
|
|
become: true
|
|
no_log: true
|
|
|
|
# ── Lint chart ────────────────────────────────────────────────────────────────
|
|
|
|
- name: Lint Helm chart
|
|
ansible.builtin.command: >
|
|
helm lint /tmp/technitium-dns-chart
|
|
--values /tmp/technitium-dns-values.yaml
|
|
become: true
|
|
changed_when: false
|
|
register: _helm_lint
|
|
failed_when: _helm_lint.rc != 0
|
|
|
|
# ── Deploy chart ──────────────────────────────────────────────────────────────
|
|
|
|
- name: Deploy technitium-dns via Helm
|
|
ansible.builtin.command: >
|
|
helm upgrade --install {{ technitium_dns_release_name }}
|
|
/tmp/technitium-dns-chart
|
|
--namespace {{ technitium_dns_namespace }}
|
|
--values /tmp/technitium-dns-values.yaml
|
|
--atomic
|
|
--wait
|
|
--timeout 180s
|
|
become: true
|
|
register: _helm_result
|
|
changed_when: true
|
|
|
|
# ── Cleanup temp values file (contains password) ──────────────────────────────
|
|
|
|
- name: Remove temp values file
|
|
ansible.builtin.file:
|
|
path: /tmp/technitium-dns-values.yaml
|
|
state: absent
|
|
become: true
|
|
|
|
# ── Wait for primary to be ready ──────────────────────────────────────────────
|
|
|
|
- name: Wait for primary pod to be Running
|
|
ansible.builtin.command: >
|
|
k3s kubectl -n {{ technitium_dns_namespace }} rollout status
|
|
deployment/technitium-dns-primary --timeout=120s
|
|
become: true
|
|
changed_when: false
|
|
|
|
# ── Get deployment status ─────────────────────────────────────────────────────
|
|
|
|
- name: Get pod status
|
|
ansible.builtin.command: >
|
|
k3s kubectl -n {{ technitium_dns_namespace }} get pods,svc -o wide
|
|
become: true
|
|
changed_when: false
|
|
register: _pod_status
|
|
|
|
# ── Summary ───────────────────────────────────────────────────────────────────
|
|
|
|
- name: "=== technitium-dns Ready ==="
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "╔══════════════════════════════════════════════════════════════╗"
|
|
- "║ Technitium DNS HA — Deployed ║"
|
|
- "╚══════════════════════════════════════════════════════════════╝"
|
|
- ""
|
|
- " Namespace : {{ technitium_dns_namespace }}"
|
|
- " Primary IP : {{ technitium_dns_primary_ip }} (DNS UDP/TCP :53)"
|
|
- " Primary UI : http://{{ technitium_dns_primary_host }}/"
|
|
- "{% if technitium_dns_secondary_enabled %}"
|
|
- " Secondary IP : {{ technitium_dns_secondary_ip }} (DNS UDP/TCP :53)"
|
|
- " Secondary UI : http://{{ technitium_dns_secondary_host }}/"
|
|
- "{% endif %}"
|
|
- ""
|
|
- " Keenetic router DNS settings:"
|
|
- " Primary DNS : {{ technitium_dns_primary_ip }}"
|
|
- "{% if technitium_dns_secondary_enabled %}"
|
|
- " Secondary DNS : {{ technitium_dns_secondary_ip }}"
|
|
- "{% endif %}"
|
|
- ""
|
|
- " Pods:"
|
|
- "{{ _pod_status.stdout_lines | to_yaml }}"
|
|
- ""
|
|
- " Create a local zone (first time only):"
|
|
- " Open http://{{ technitium_dns_primary_host }}/"
|
|
- " Login: admin / <vault password>"
|
|
- " Zones → Add Zone → Primary → {{ technitium_dns_domain }}"
|
|
- ""
|
|
- " Manual zone sync trigger:"
|
|
- "{% if technitium_dns_sync_enabled and technitium_dns_secondary_enabled %}"
|
|
- " kubectl create job --from=cronjob/technitium-dns-sync sync-manual-1 \\"
|
|
- " -n {{ technitium_dns_namespace }}"
|
|
- "{% endif %}"
|