104 lines
3.4 KiB
YAML
104 lines
3.4 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: coredns-updater
|
|
namespace: dns
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: coredns-writer
|
|
namespace: dns
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
resourceNames: ["coredns-corefile"]
|
|
verbs: ["get","create","update","patch"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments"]
|
|
resourceNames: ["coredns-auth"]
|
|
verbs: ["get","patch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: coredns-writer-binding
|
|
namespace: dns
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: coredns-writer
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: coredns-updater
|
|
namespace: dns
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: coredns-v4-sync
|
|
namespace: dns
|
|
spec:
|
|
schedule: "*/5 * * * *"
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: 1
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
serviceAccountName: coredns-updater
|
|
restartPolicy: OnFailure
|
|
volumes:
|
|
- name: work
|
|
emptyDir: {}
|
|
initContainers:
|
|
- name: get-ipv4
|
|
image: curlimages/curl
|
|
command: ["/bin/sh","-c"]
|
|
args:
|
|
- 'set -e; curl -4 -fsS https://api.ipify.org > /work/ip'
|
|
volumeMounts:
|
|
- { name: work, mountPath: /work }
|
|
containers:
|
|
- name: patch-coredns
|
|
image: bitnami/kubectl
|
|
command: ["/bin/bash","-ceu"]
|
|
args:
|
|
- |
|
|
IP="$(cat /work/ip | tr -d '\r\n ')"
|
|
TMP=/work/Corefile
|
|
NEW=/work/Corefile.new
|
|
|
|
# Corefile laden
|
|
kubectl -n dns get cm coredns-corefile -o jsonpath='{.data.Corefile}' > "$TMP"
|
|
|
|
# Alte IPv4 aus Antwortzeilen extrahieren (falls vorhanden)
|
|
OLD="$(grep -Eo '^ *answer \"\{\{\.Name\}\}.* IN A [0-9.]+\"?$' "$TMP" | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n1 || true)"
|
|
|
|
# Wenn identisch und OLD vorhanden → nichts tun
|
|
if [ -n "${OLD:-}" ] && [ "$IP" = "$OLD" ]; then
|
|
echo "IPv4 unverändert: $OLD"
|
|
exit 0
|
|
fi
|
|
|
|
# Neue Datei mit ausgetauschter IPv4 bauen (alle passenden answer-Zeilen)
|
|
cp "$TMP" "$NEW"
|
|
sed -E -i "s/(answer \"\{\{\.Name\}\}[^\"']* IN A )([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/\1${IP}/g" "$NEW"
|
|
|
|
# Wenn sich die Datei effektiv nicht geändert hat → nichts tun
|
|
if cmp -s "$TMP" "$NEW"; then
|
|
echo "Corefile unverändert, kein Restart nötig."
|
|
exit 0
|
|
fi
|
|
|
|
# ConfigMap nur bei Änderung updaten
|
|
kubectl -n dns create configmap coredns-corefile --from-file=Corefile="$NEW" -o yaml --dry-run=client | kubectl apply -f -
|
|
|
|
# Deployment nur bei Änderung neu starten: Annotation mit IP aktualisieren
|
|
kubectl -n dns patch deploy coredns-auth --type=merge -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"ddns-last-ip\":\"$IP\"}}}}}"
|
|
|
|
echo "CoreDNS aktualisiert: ${OLD:-<none>} -> $IP"
|
|
volumeMounts:
|
|
- { name: work, mountPath: /work }
|