1d41d07b2d
external-dns required axfr support to remove old records. add the capability for the externaldns tsig key. Reviewed-on: #456
46 lines
1.3 KiB
Puppet
46 lines
1.3 KiB
Puppet
# ExternalDNS BIND master server class
|
|
class externaldns::master inherits externaldns {
|
|
|
|
include bind
|
|
|
|
# Query PuppetDB for slave server IP addresses
|
|
$slave_ips = $externaldns::slave_servers.map |$fqdn| {
|
|
puppetdb_query("inventory[facts.networking.ip] { certname = '${fqdn}' }")[0]['facts.networking.ip']
|
|
}.filter |$ip| { $ip != undef }
|
|
|
|
# Create TSIG key for ExternalDNS authentication
|
|
bind::key { 'externaldns-key':
|
|
algorithm => $externaldns::externaldns_key_algorithm,
|
|
secret => $externaldns::externaldns_key_secret,
|
|
}
|
|
|
|
# Create ACL for slave servers
|
|
if !empty($slave_ips) {
|
|
bind::acl { 'dns-slaves':
|
|
addresses => $slave_ips,
|
|
}
|
|
}
|
|
|
|
# Create master zones for each Kubernetes domain
|
|
$externaldns::k8s_zones.each |$zone| {
|
|
bind::zone { $zone:
|
|
zone_type => 'master',
|
|
dynamic => true,
|
|
allow_updates => ['key externaldns-key'],
|
|
allow_transfers => empty($slave_ips) ? {
|
|
true => ['key externaldns-key'],
|
|
false => ['key externaldns-key','dns-slaves'],
|
|
},
|
|
ns_notify => !empty($slave_ips),
|
|
also_notify => $slave_ips,
|
|
dnssec => false,
|
|
}
|
|
}
|
|
|
|
# Create default view to include the zones
|
|
bind::view { 'externaldns':
|
|
recursion => false,
|
|
zones => $externaldns::k8s_zones,
|
|
}
|
|
}
|