external-dns: bump to 0.19.0, helm chart 9.1.0
This commit is contained in:
@@ -1,140 +1,47 @@
|
||||
{{/*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "external-dns.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "external-dns.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "external-dns.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Helm required labels */}}
|
||||
{{- define "external-dns.labels" -}}
|
||||
app.kubernetes.io/name: {{ template "external-dns.name" . }}
|
||||
helm.sh/chart: {{ template "external-dns.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.podLabels }}
|
||||
{{ toYaml .Values.podLabels }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/* matchLabels */}}
|
||||
{{- define "external-dns.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ template "external-dns.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{/* podAnnotations */}}
|
||||
{{- define "external-dns.podAnnotations" -}}
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{ toYaml .Values.podAnnotations }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.podAnnotations }}
|
||||
{{ toYaml .Values.metrics.podAnnotations }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper External DNS image name
|
||||
*/}}
|
||||
{{- define "external-dns.image" -}}
|
||||
{{- $registryName := .Values.image.registry -}}
|
||||
{{- $repositoryName := .Values.image.repository -}}
|
||||
{{- $tag := .Values.image.tag | toString -}}
|
||||
{{/*
|
||||
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
|
||||
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
|
||||
Also, we can't use a single if because lazy evaluation is not an option
|
||||
*/}}
|
||||
{{- if .Values.global }}
|
||||
{{- if .Values.global.imageRegistry }}
|
||||
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
||||
{{- end -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "external-dns.imagePullSecrets" -}}
|
||||
{{/*
|
||||
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
|
||||
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
|
||||
Also, we can not use a single if because lazy evaluation is not an option
|
||||
*/}}
|
||||
{{- if .Values.global }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- else if .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- else if .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a secret object should be created
|
||||
*/}}
|
||||
{{- define "external-dns.createSecret" -}}
|
||||
{{- if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret (not .Values.alibabacloud.secretName) }}
|
||||
{{- if and (eq .Values.provider "akamai") .Values.akamai.clientSecret (not .Values.akamai.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "aws") .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey (not .Values.aws.credentials.secretName) }}
|
||||
{{- else if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret (not .Values.alibabacloud.secretName) }}
|
||||
{{- true -}}
|
||||
{{- else if and (or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns")) (or (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.aadClientId .Values.azure.aadClientSecret (not .Values.azure.useManagedIdentityExtension)) (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.useManagedIdentityExtension)) (not .Values.azure.secretName) -}}
|
||||
{{- else if and (eq .Values.provider "aws") .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey (not .Values.aws.credentials.secretName) (not (include "external-dns.aws-credentials-secret-ref-defined" . )) }}
|
||||
{{- true -}}
|
||||
{{- else if and (or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns")) (or (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.aadClientId .Values.azure.aadClientSecret (not .Values.azure.useManagedIdentityExtension)) (and .Values.azure.resourceGroup .Values.azure.subscriptionId .Values.azure.useWorkloadIdentityExtension (not .Values.azure.useManagedIdentityExtension)) (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.useManagedIdentityExtension)) (not .Values.azure.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "cloudflare") (or .Values.cloudflare.apiToken .Values.cloudflare.apiKey) (not .Values.cloudflare.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "designate") (or .Values.designate.username .Values.designate.password) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.apiToken (not .Values.digitalocean.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "exoscale") .Values.exoscale.apiKey (not .Values.exoscale.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "google") .Values.google.serviceAccountKey (not .Values.google.serviceAccountSecret) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "hetzner") .Values.hetzner.token (not .Values.hetzner.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "infoblox") (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (not .Values.infoblox.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "linode") .Values.linode.apiToken (not .Values.linode.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "oci") .Values.oci.privateKeyFingerprint (not .Values.oci.secretName) -}}
|
||||
{{- else if and (eq .Values.provider "oci") (or .Values.oci.privateKeyFingerprint .Values.oci.useWorkloadIdentity) (not .Values.oci.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "rfc2136") (or .Values.rfc2136.tsigSecret (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword)) (not .Values.rfc2136.secretName) -}}
|
||||
{{- true -}}
|
||||
@@ -144,13 +51,16 @@ Return true if a secret object should be created
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "ovh") .Values.ovh.consumerKey (not .Values.ovh.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "scaleway") .Values.scaleway.scwAccessKey -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "vinyldns") (or .Values.vinyldns.secretKey .Values.vinyldns.accessKey) -}}
|
||||
{{- else if and (eq .Values.provider "scaleway") .Values.scaleway.scwAccessKey (not .Values.scaleway.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "ns1") .Values.ns1.apiKey (not .Values.ns1.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else -}}
|
||||
{{- else if and (eq .Values.provider "civo") .Values.civo.apiToken (not .Values.civo.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "pihole") .Values.pihole.password (not .Values.pihole.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- else if and .Values.txtEncrypt.enabled (not .Values.txtEncrypt.secretName) -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -158,9 +68,7 @@ Return true if a secret object should be created
|
||||
Return true if a configmap object should be created
|
||||
*/}}
|
||||
{{- define "external-dns.createConfigMap" -}}
|
||||
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
|
||||
{{- true -}}
|
||||
{{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
|
||||
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
|
||||
{{- true -}}
|
||||
{{- else -}}
|
||||
{{- end -}}
|
||||
@@ -170,7 +78,9 @@ Return true if a configmap object should be created
|
||||
Return the name of the Secret used to store the passwords
|
||||
*/}}
|
||||
{{- define "external-dns.secretName" -}}
|
||||
{{- if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.secretName }}
|
||||
{{- if and (eq .Values.provider "akamai") .Values.akamai.secretName }}
|
||||
{{- .Values.akamai.secretName }}
|
||||
{{- else if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.secretName }}
|
||||
{{- .Values.alibabacloud.secretName }}
|
||||
{{- else if and (eq .Values.provider "aws") .Values.aws.credentials.secretName }}
|
||||
{{- .Values.aws.credentials.secretName }}
|
||||
@@ -180,10 +90,10 @@ Return the name of the Secret used to store the passwords
|
||||
{{- .Values.cloudflare.secretName }}
|
||||
{{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.secretName }}
|
||||
{{- .Values.digitalocean.secretName }}
|
||||
{{- else if and (eq .Values.provider "exoscale") .Values.exoscale.secretName }}
|
||||
{{- .Values.exoscale.secretName }}
|
||||
{{- else if and (eq .Values.provider "google") .Values.google.serviceAccountSecret }}
|
||||
{{- .Values.google.serviceAccountSecret }}
|
||||
{{- else if and (eq .Values.provider "hetzner") .Values.hetzner.secretName }}
|
||||
{{- .Values.hetzner.secretName }}
|
||||
{{- else if and (eq .Values.provider "linode") .Values.linode.secretName }}
|
||||
{{- .Values.linode.secretName }}
|
||||
{{- else if and (eq .Values.provider "oci") .Values.oci.secretName }}
|
||||
@@ -192,14 +102,18 @@ Return the name of the Secret used to store the passwords
|
||||
{{- .Values.ovh.secretName }}
|
||||
{{- else if and (eq .Values.provider "pdns") .Values.pdns.secretName }}
|
||||
{{- .Values.pdns.secretName }}
|
||||
{{- else if and (eq .Values.provider "infoblox") .Values.infoblox.secretName }}
|
||||
{{- .Values.infoblox.secretName }}
|
||||
{{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.secretName }}
|
||||
{{- .Values.rfc2136.secretName }}
|
||||
{{- else if and (eq .Values.provider "ns1") .Values.ns1.secretName }}
|
||||
{{- .Values.ns1.secretName }}
|
||||
{{- else if and (eq .Values.provider "civo") .Values.civo.secretName }}
|
||||
{{- .Values.civo.secretName }}
|
||||
{{- else if and (eq .Values.provider "pihole") .Values.pihole.secretName }}
|
||||
{{- .Values.pihole.secretName }}
|
||||
{{- else if and (eq .Values.provider "scaleway") .Values.scaleway.secretName }}
|
||||
{{- .Values.scaleway.secretName }}
|
||||
{{- else -}}
|
||||
{{- template "external-dns.fullname" . }}
|
||||
{{- template "common.names.fullname" . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -231,31 +145,49 @@ aws_secret_access_key = {{ .Values.aws.credentials.secretKey }}
|
||||
region = {{ .Values.aws.region }}
|
||||
{{ end }}
|
||||
|
||||
{{- define "external-dns.aws-credentials-secret-ref-defined" -}}
|
||||
{{- if and .Values.aws.credentials.accessKeyIDSecretRef.name .Values.aws.credentials.accessKeyIDSecretRef.key .Values.aws.credentials.secretAccessKeySecretRef.name .Values.aws.credentials.secretAccessKeySecretRef.key -}}
|
||||
{{- true -}}
|
||||
{{- else -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- define "external-dns.azure-credentials" -}}
|
||||
{
|
||||
{{- if .Values.azure.cloud }}
|
||||
"cloud": "{{ .Values.azure.cloud }}",
|
||||
{{- end }}
|
||||
{{- if .Values.azure.tenantId }}
|
||||
"tenantId": "{{ .Values.azure.tenantId }}",
|
||||
{{- end }}
|
||||
{{- if .Values.azure.subscriptionId }}
|
||||
"subscriptionId": "{{ .Values.azure.subscriptionId }}",
|
||||
{{- end }}
|
||||
"resourceGroup": "{{ .Values.azure.resourceGroup }}",
|
||||
{{- if not .Values.azure.useManagedIdentityExtension }}
|
||||
"aadClientId": "{{ .Values.azure.aadClientId }}",
|
||||
"aadClientSecret": "{{ .Values.azure.aadClientSecret }}"
|
||||
{{- end }}
|
||||
{{- if and .Values.azure.useManagedIdentityExtension .Values.azure.userAssignedIdentityID }}
|
||||
"useManagedIdentityExtension": true,
|
||||
"userAssignedIdentityID": "{{ .Values.azure.userAssignedIdentityID }}"
|
||||
{{- else if and .Values.azure.useManagedIdentityExtension (not .Values.azure.userAssignedIdentityID) }}
|
||||
"useManagedIdentityExtension": true
|
||||
{{- end }}
|
||||
}
|
||||
{{ end }}
|
||||
{{- $credentials := dict -}}
|
||||
{{- if .Values.azure.cloud -}}
|
||||
{{- $_ := set $credentials "cloud" .Values.azure.cloud -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.azure.tenantId -}}
|
||||
{{- $_ := set $credentials "tenantId" .Values.azure.tenantId -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.azure.subscriptionId -}}
|
||||
{{- $_ := set $credentials "subscriptionId" .Values.azure.subscriptionId -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $credentials "resourceGroup" .Values.azure.resourceGroup -}}
|
||||
{{- if not (or .Values.azure.useManagedIdentityExtension .Values.azure.useWorkloadIdentityExtension) -}}
|
||||
{{- $_ := set $credentials "aadClientId" .Values.azure.aadClientId -}}
|
||||
{{- $_ := set $credentials "aadClientSecret" .Values.azure.aadClientSecret -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.azure.useWorkloadIdentityExtension -}}
|
||||
{{- $_ := set $credentials "useWorkloadIdentityExtension" true -}}
|
||||
{{- end -}}
|
||||
{{- if and .Values.azure.useManagedIdentityExtension .Values.azure.userAssignedIdentityID -}}
|
||||
{{- $_ := set $credentials "useManagedIdentityExtension" true -}}
|
||||
{{- $_ := set $credentials "userAssignedIdentityID" .Values.azure.userAssignedIdentityID -}}
|
||||
{{- else if and .Values.azure.useManagedIdentityExtension (not .Values.azure.userAssignedIdentityID) -}}
|
||||
{{- $_ := set $credentials "useManagedIdentityExtension" true -}}
|
||||
{{- end -}}
|
||||
{{- $credentials | toJson -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "external-dns.oci-credentials" -}}
|
||||
{{- if .Values.oci.useWorkloadIdentity }}
|
||||
auth:
|
||||
region: {{ .Values.oci.region }}
|
||||
useWorkloadIdentity: true
|
||||
compartment: {{ .Values.oci.compartmentOCID }}
|
||||
{{- else }}
|
||||
auth:
|
||||
region: {{ .Values.oci.region }}
|
||||
tenancy: {{ .Values.oci.tenancyOCID }}
|
||||
@@ -267,18 +199,21 @@ auth:
|
||||
passphrase: {{ .Values.oci.privateKeyPassphrase }}
|
||||
{{- end }}
|
||||
compartment: {{ .Values.oci.compartmentOCID }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Compile all warnings into a single message, and call fail.
|
||||
Compile all warnings into a single message, and call fail if the validation is enabled
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues" -}}
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.provider" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.sources" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.akamai.host" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.akamai.accessToken" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.akamai.clientToken" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.akamai.clientSecret" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.aws" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.infoblox.gridHost" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.infoblox.wapiPassword" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.pdns.apiUrl" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.pdns.apiKey" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.azure.resourceGroupWithoutTenantId" .) -}}
|
||||
@@ -309,14 +244,15 @@ Compile all warnings into a single message, and call fail.
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.rfc2136.kerberosConfig" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwAccessKey" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwSecretKey" .) -}}
|
||||
{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwDefaultOrganizationId" .) -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
{{- $message := join "\n" $messages -}}
|
||||
|
||||
{{- if .Values.validation.enabled -}}
|
||||
{{- if $message -}}
|
||||
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
@@ -342,6 +278,54 @@ external-dns: sources
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide the Akamai host when provider is "akamai"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.akamai.host" -}}
|
||||
{{- if and (eq .Values.provider "akamai") (not .Values.akamai.host) -}}
|
||||
external-dns: akamai.host
|
||||
You must provide the Akamai host when provider="akamai".
|
||||
Please set the host parameter (--set akamai.host="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide the Akamai access token when provider is "akamai"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.akamai.accessToken" -}}
|
||||
{{- if and (eq .Values.provider "akamai") (not .Values.akamai.accessToken) -}}
|
||||
external-dns: akamai.accessToken
|
||||
You must provide the Akamai access token when provider="akamai".
|
||||
Please set the accessToken parameter (--set akamai.accessToken="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide the Akamai client token when provider is "akamai"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.akamai.clientToken" -}}
|
||||
{{- if and (eq .Values.provider "akamai") (not .Values.akamai.clientToken) -}}
|
||||
external-dns: akamai.clientToken
|
||||
You must provide the Akamai client token when provider="akamai".
|
||||
Please set the clientToken parameter (--set akamai.clientToken="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide the Akamai client secret when provider is "akamai"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.akamai.clientSecret" -}}
|
||||
{{- if and (eq .Values.provider "akamai") (not .Values.akamai.clientSecret) (not .Values.akamai.secretName) -}}
|
||||
external-dns: akamai.clientSecret
|
||||
You must provide the Akamai client secret when provider="akamai".
|
||||
Please set the clientSecret parameter (--set akamai.clientSecret="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- The AWS Role to assume must follow ARN format when provider is "aws"
|
||||
@@ -357,31 +341,6 @@ external-dns: aws.assumeRoleArn
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide the Grid Manager host when provider is "infoblox"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.infoblox.gridHost" -}}
|
||||
{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.gridHost) -}}
|
||||
external-dns: infoblox.gridHost
|
||||
You must provide the Grid Manager host when provider="infoblox".
|
||||
Please set the gridHost parameter (--set infoblox.gridHost="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide a WAPI password when provider is "infoblox"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.infoblox.wapiPassword" -}}
|
||||
{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.wapiPassword) (not .Values.infoblox.secretName) -}}
|
||||
external-dns: infoblox.wapiPassword
|
||||
You must provide a WAPI password when provider="infoblox".
|
||||
Please set the wapiPassword parameter (--set infoblox.wapiPassword="xxxx")
|
||||
or you can provide an existing secret name via infoblox.secretName
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide the PowerDNS API URL when provider is "pdns"
|
||||
@@ -408,10 +367,7 @@ external-dns: pdns.apiKey
|
||||
|
||||
{{/* Check if there are rolling tags in the images */}}
|
||||
{{- define "external-dns.checkRollingTags" -}}
|
||||
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
|
||||
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
|
||||
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
|
||||
{{- end }}
|
||||
{{- include "common.warnings.rollingTag" .Values.image }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
@@ -503,7 +459,7 @@ Validate values of Azure DNS:
|
||||
- must provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is disabled and aadClientSecret is set
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.azure.aadClientId" -}}
|
||||
{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) .Values.azure.aadClientSecret -}}
|
||||
{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useWorkloadIdentityExtension) (not .Values.azure.useManagedIdentityExtension) .Values.azure.aadClientSecret -}}
|
||||
external-dns: azure.aadClientId
|
||||
You must provide the Azure AAD Client ID when provider="azure" and aadClientSecret is set and useManagedIdentityExtension is not set.
|
||||
Please set the aadClientId parameter (--set azure.aadClientId="xxxx")
|
||||
@@ -600,7 +556,7 @@ Validate values of Azure Private DNS:
|
||||
- must provide the Azure AAD Client ID when provider is "azure-private-dns", secret name is not set and MSI is disabled
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.azurePrivateDns.aadClientId" -}}
|
||||
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}}
|
||||
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.useWorkloadIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}}
|
||||
external-dns: azure.useManagedIdentityExtension
|
||||
You must provide the Azure AAD Client ID when provider="azure-private-dns" and useManagedIdentityExtension is not set.
|
||||
Please set the aadClientSecret parameter (--set azure.aadClientId="xxxx")
|
||||
@@ -612,7 +568,7 @@ Validate values of Azure Private DNS:
|
||||
- must provide the Azure AAD Client Secret when provider is "azure-private-dns", secretName is not set and MSI is disabled
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.azurePrivateDns.aadClientSecret" -}}
|
||||
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}}
|
||||
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.useWorkloadIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}}
|
||||
external-dns: azure.useManagedIdentityExtension
|
||||
You must provide the Azure AAD Client Secret when provider="azure-private-dns" and useManagedIdentityExtension is not set.
|
||||
Please set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx")
|
||||
@@ -631,19 +587,6 @@ external-dns: transip.account
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide an API token when provider is "hetzner"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.hetzner" -}}
|
||||
{{- if and (eq .Values.provider "hetzner") (or (not .Values.hetzner.token) (not .Values.hetzner.secretName)) -}}
|
||||
external-dns: hetzner.token
|
||||
You must provide the a Hetzner API Token when provider="hetzner".
|
||||
Please set the token parameter (--set hetzner.token="xxxx")
|
||||
or specify a secret that contains an API token. (--set hetzner.secretName="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of TransIP DNS:
|
||||
- must provide the API key when provider is "transip"
|
||||
@@ -746,7 +689,7 @@ Validate values of External DNS:
|
||||
- must provide the Scaleway access key when provider is "scaleway"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.scaleway.scwAccessKey" -}}
|
||||
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwAccessKey) -}}
|
||||
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwAccessKey) (not .Values.scaleway.secretName) -}}
|
||||
external-dns: scaleway.scwAccessKey
|
||||
You must provide the Scaleway access key when provider="scaleway".
|
||||
Please set the scwAccessKey parameter (--set scaleway.scwAccessKey="xxxx")
|
||||
@@ -758,44 +701,32 @@ Validate values of External DNS:
|
||||
- must provide the scaleway secret key when provider is "scaleway"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.scaleway.scwSecretKey" -}}
|
||||
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwSecretKey) -}}
|
||||
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwSecretKey) (not .Values.scaleway.secretName) -}}
|
||||
external-dns: scaleway.scwSecretKey
|
||||
You must provide the scaleway secret key when provider="scaleway".
|
||||
Please set the scwSecretKey parameter (--set scaleway.scwSecretKey="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values of External DNS:
|
||||
- must provide the scaleway organization id when provider is "scaleway"
|
||||
*/}}
|
||||
{{- define "external-dns.validateValues.scaleway.scwDefaultOrganizationId" -}}
|
||||
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwDefaultOrganizationId) -}}
|
||||
external-dns: scaleway.scwDefaultOrganizationId
|
||||
You must provide the scaleway organization id key when provider="scaleway".
|
||||
Please set the scwDefaultOrganizationId parameter (--set scaleway.scwDefaultOrganizationId="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the ExternalDNS service account name
|
||||
*/}}
|
||||
{{- define "external-dns.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "external-dns.fullname" .) .Values.serviceAccount.name }}
|
||||
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the ExternalDNS namespace to be used
|
||||
Return the namespace to be monitored by ExternalDNS
|
||||
*/}}
|
||||
{{- define "external-dns.namespace" -}}
|
||||
{{- if and .Values.rbac.create (not .Values.rbac.clusterRole) -}}
|
||||
{{ default .Release.Namespace .Values.namespace }}
|
||||
{{ default (include "common.names.namespace" .) .Values.namespace }}
|
||||
{{- else if .Values.watchReleaseNamespace -}}
|
||||
{{ .Release.namespace }}
|
||||
{{ include "common.names.namespace" . }}
|
||||
{{- else -}}
|
||||
{{ .Values.namespace }}
|
||||
{{- end -}}
|
||||
@@ -806,10 +737,10 @@ Return the secret containing external-dns TLS certificates
|
||||
*/}}
|
||||
{{- define "external-dns.tlsSecretName" -}}
|
||||
{{- if .Values.coredns.etcdTLS.autoGenerated -}}
|
||||
{{- printf "%s-crt" (include "external-dns.fullname" .) -}}
|
||||
{{- printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $secretName := .Values.coredns.etcdTLS.secretName -}}
|
||||
{{- printf "%s" (tpl $secretName $) -}}
|
||||
{{- printf "%s" (tpl $secretName $) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -854,3 +785,14 @@ Return true if a TLS secret object should be created
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns the name of the default secret if the AES key is set via `.Values.txtEncrypt.aesKey` and the name of the custom secret when `.Values.txtEncrypt.secretName` is used.
|
||||
*/}}
|
||||
{{- define "external-dns.txtEncryptKeySecretName" -}}
|
||||
{{- if and .Values.txtEncrypt.enabled .Values.txtEncrypt.secretName }}
|
||||
{{- printf "%s" .Values.txtEncrypt.secretName -}}
|
||||
{{- else if and .Values.txtEncrypt.enabled (not .Values.txtEncrypt.secretName) -}}
|
||||
{{ template "common.names.fullname" . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
Reference in New Issue
Block a user