More DNS settings changes
This commit is contained in:
parent
8fde28b44c
commit
8b78b490c3
12
Makefile
12
Makefile
@ -52,11 +52,10 @@ build: rendered-manifest.yaml dependencies bin/buildversion.exe version.txt
|
|||||||
docker build --pull --rm -f "Dockerfile" -t "stuurmcp/$(IMAGE_NAME):latest" -t "stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)" "."
|
docker build --pull --rm -f "Dockerfile" -t "stuurmcp/$(IMAGE_NAME):latest" -t "stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)" "."
|
||||||
docker image push "docker.io/stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)"
|
docker image push "docker.io/stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)"
|
||||||
docker image push "docker.io/stuurmcp/$(IMAGE_NAME):latest"
|
docker image push "docker.io/stuurmcp/$(IMAGE_NAME):latest"
|
||||||
helm package \
|
helm package -n ix-sthome-webhook2 --version $(shell head -n 1 version.txt) deploy/sthome-webhook -d //truenas/Shared_data/Chris/clusterissuer/charts/
|
||||||
-n ix-sthome-webhook2\
|
|
||||||
--version $(shell head -n 1 version.txt) \
|
.PHONY: rendered-manifest.yaml
|
||||||
deploy/sthome-webhook \
|
rendered-manifest.yaml: $(OUT)/rendered-manifest.yaml
|
||||||
-d //truenas/Shared_data/Chris/clusterissuer/charts/
|
|
||||||
|
|
||||||
$(OUT)/rendered-manifest.yaml: $(HELM_FILES) | $(OUT)
|
$(OUT)/rendered-manifest.yaml: $(HELM_FILES) | $(OUT)
|
||||||
helm template \
|
helm template \
|
||||||
@ -65,8 +64,5 @@ $(OUT)/rendered-manifest.yaml: $(HELM_FILES) | $(OUT)
|
|||||||
--set image.tag=$(shell head -n 1 version.txt) \
|
--set image.tag=$(shell head -n 1 version.txt) \
|
||||||
deploy/sthome-webhook > $@
|
deploy/sthome-webhook > $@
|
||||||
|
|
||||||
.PHONY: rendered-manifest.yaml
|
|
||||||
rendered-manifest.yaml: $(OUT)/rendered-manifest.yaml
|
|
||||||
|
|
||||||
_test $(OUT) _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH):
|
_test $(OUT) _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH):
|
||||||
mkdir -p $@
|
mkdir -p $@
|
||||||
|
|||||||
@ -94,5 +94,13 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.tolerations }}
|
{{- with .Values.tolerations }}
|
||||||
tolerations:
|
tolerations:
|
||||||
|
{{ toYaml . | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.dnsPolicy }}
|
||||||
|
dnsPolicy:
|
||||||
|
{{ toYaml . | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.dnsConfig }}
|
||||||
|
dnsConfig:
|
||||||
{{ toYaml . | indent 8 }}
|
{{ toYaml . | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@ -45,6 +45,23 @@ extraArgs:
|
|||||||
# dns1: 192.168.2.4
|
# dns1: 192.168.2.4
|
||||||
# dns2: 10.0.0.15
|
# dns2: 10.0.0.15
|
||||||
|
|
||||||
|
dnsPolicy: None
|
||||||
|
|
||||||
|
dnsConfig:
|
||||||
|
nameservers:
|
||||||
|
- 10.0.0.15
|
||||||
|
- 172.17.0.10
|
||||||
|
- 192.168.2.4
|
||||||
|
searches:
|
||||||
|
- ix-sthome-webhook2.svc.cluster.local
|
||||||
|
- svc.cluster.local
|
||||||
|
- cluster.local
|
||||||
|
- sthome.net
|
||||||
|
- sthome.lan
|
||||||
|
options:
|
||||||
|
- name: ndots
|
||||||
|
value: "5"
|
||||||
|
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
pki:
|
pki:
|
||||||
|
|||||||
@ -91,7 +91,7 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
|
|||||||
//localip := GetOutboundIP(Dnsserver_net)
|
//localip := GetOutboundIP(Dnsserver_net)
|
||||||
err = loc.Check(ch.DNSName, ch.Key)
|
err = loc.Check(ch.DNSName, ch.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.Infof("Check for propagation failed: %s", err)
|
klog.Infof("Check prop failed: %s", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
success, err := Execute(
|
success, err := Execute(
|
||||||
@ -160,7 +160,8 @@ func (s *LocalDNSProviderSolver) Check(DNSName string, Key string) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
klog.Info("checking DNS propagation: ", "dns: ", DNSName, ", fqdn: ", fqdn, ", key: ", Key, ", nameservers: ", DNS01Nameservers)
|
//klog.Info("checking DNS propagation: ", "dns: ", DNSName, ", fqdn: ", fqdn, ", key: ", Key, ", nameservers: ", DNS01Nameservers)
|
||||||
|
klog.Info("checking DNS prop: fqdn: ", fqdn)
|
||||||
|
|
||||||
ok, err := util.PreCheckDNS(fqdn, Key, DNS01Nameservers, DNS01CheckAuthoritative)
|
ok, err := util.PreCheckDNS(fqdn, Key, DNS01Nameservers, DNS01CheckAuthoritative)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -139,7 +139,7 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
|
|||||||
r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true)
|
r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true)
|
||||||
//klog.Infof("checkAuthoritativeNss: DNSQuery returned \nr: %s, \nerr: %s", r, err)
|
//klog.Infof("checkAuthoritativeNss: DNSQuery returned \nr: %s, \nerr: %s", r, err)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.Infof("checkAuthoritativeNss: DNSQuery failed")
|
klog.Infof("checkAuthoritativeNss: DNSQuery failed, err: %s", err)
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
klog.Infof("checkAuthoritativeNss: DNSQuery succeeded with r.Rcode: %d", r.Rcode)
|
klog.Infof("checkAuthoritativeNss: DNSQuery succeeded with r.Rcode: %d", r.Rcode)
|
||||||
@ -149,8 +149,8 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
|
|||||||
return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
|
return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
|
||||||
}
|
}
|
||||||
|
|
||||||
klog.Infof("Looking up TXT records for %q, should be = %s", fqdn, value)
|
klog.Infof("%q: must be %s", fqdn, value)
|
||||||
//klog.Infof("checkAuthoritativeNss: r.Answer: %s", r.Answer)
|
klog.Infof("checkAuthoritativeNss: r.Answer: %s", r.Answer)
|
||||||
var found bool
|
var found bool
|
||||||
var i = 0
|
var i = 0
|
||||||
for _, rr := range r.Answer {
|
for _, rr := range r.Answer {
|
||||||
@ -388,7 +388,8 @@ func matchCAA(caas []*dns.CAA, issuerIDs map[string]bool, iswildcard bool) bool
|
|||||||
func lookupNameservers(fqdn string, nameservers []string) ([]string, error) {
|
func lookupNameservers(fqdn string, nameservers []string) ([]string, error) {
|
||||||
var authoritativeNss []string
|
var authoritativeNss []string
|
||||||
|
|
||||||
klog.Infof("Searching fqdn %q using seed nameservers [%s]", fqdn, strings.Join(nameservers, ", "))
|
//klog.Infof("Searching fqdn %q using seed nameservers [%s]", fqdn, strings.Join(nameservers, ", "))
|
||||||
|
klog.Infof("Searching fqdn %q", fqdn)
|
||||||
zone, err := FindZoneByFqdn(fqdn, nameservers)
|
zone, err := FindZoneByFqdn(fqdn, nameservers)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not determine the zone for %q: %v", fqdn, err)
|
return nil, fmt.Errorf("could not determine the zone for %q: %v", fqdn, err)
|
||||||
@ -419,7 +420,7 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
|
|||||||
// Do we have it cached?
|
// Do we have it cached?
|
||||||
if zone, ok := fqdnToZone[fqdn]; ok {
|
if zone, ok := fqdnToZone[fqdn]; ok {
|
||||||
fqdnToZoneLock.RUnlock()
|
fqdnToZoneLock.RUnlock()
|
||||||
klog.Infof("Returning cached zone record %q for fqdn %q", zone, fqdn)
|
klog.Infof("Return zone %q for %q", zone, fqdn)
|
||||||
return zone, nil
|
return zone, nil
|
||||||
}
|
}
|
||||||
fqdnToZoneLock.RUnlock()
|
fqdnToZoneLock.RUnlock()
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
0.0.5-alpha.37
|
0.0.5-alpha.43
|
||||||
20240411-0048
|
20240412-1356
|
||||||
37
|
43
|
||||||
Loading…
Reference in New Issue
Block a user