-
Notifications
You must be signed in to change notification settings - Fork 0
/
prep_ocp_v4_dns.yml
105 lines (95 loc) · 3.5 KB
/
prep_ocp_v4_dns.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
---
- name: Prepare OpenShift 4 DNS using CloudFlare
hosts: localhost
gather_facts: no
tasks:
- name: Include ignition cluster vars
include_vars:
file: "vars/cluster_ignition_{{ clustertype | default('bm') }}.yml"
### Maybe consider a letsencrypt call:
### certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/.cfa -d bm.int.shifti.us,*.apps.bm.shifti.us --preferred-challenges dns-01
- name: Configure control-plane records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: A
record: "{{ pref_bootstrap }}-{{ item.index }}.{{ cluster_name }}.{{ base_domain }}"
value: "{{ item.ip }}"
state: "{{ dns_state }}"
loop: "{{ hosts_bootstrap }}"
- name: Configure control-plane records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: A
record: "{{ pref_control_plane }}-{{ item.index }}.{{ cluster_name }}.{{ base_domain }}"
value: "{{ item.ip }}"
state: "{{ dns_state }}"
loop: "{{ hosts_control_plane }}"
- name: Configure etcd records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: A
record: "etcd-{{ item.index }}.{{ cluster_name }}.{{ base_domain }}"
value: "{{ item.ip }}"
state: "{{ dns_state }}"
loop: "{{ hosts_control_plane }}"
- name: Configure etcd SRV records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: SRV
record: "{{ cluster_name }}.{{ base_domain }}"
service: "_etcd-server-ssl"
weight: 10
priority: 0
port: 2380
proto: tcp
value: "etcd-{{ item.index }}.{{ cluster_name }}.{{ base_domain }}"
state: "{{ dns_state }}"
loop: "{{ hosts_control_plane }}"
- name: Configure API records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: A
record: "api.{{ cluster_name }}.{{ base_domain }}"
value: "{{ item.ip }}"
state: "{{ dns_state }}"
loop: "{{ hosts_loadbalancer }}"
- name: Configure API (internal) records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: A
record: "api-int.{{ cluster_name }}.{{ base_domain }}"
value: "{{ item.ip }}"
state: "{{ dns_state }}"
loop: "{{ hosts_loadbalancer }}"
- name: Configure compute records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: A
record: "{{ pref_compute }}-{{ item.index }}.{{ cluster_name }}.{{ base_domain }}"
value: "{{ item.ip }}"
state: "{{ dns_state }}"
loop: "{{ hosts_compute }}"
- name: Configure round-robin wildcard apps subdomain records
cloudflare_dns:
account_api_token: "{{ cloudflare_account_token }}"
account_email: "{{ cloudflare_email }}"
zone: "{{ domain }}"
type: A
record: "*.apps.{{ cluster_name }}.{{ base_domain }}"
value: "{{ item.ip }}"
state: "{{ dns_state }}"
loop: "{{ hosts_compute }}"