ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

external-dns: bump to 0.19.0, helm chart 9.1.0

Browse Source
This commit is contained in:
ace
2026-01-03 22:33:32 +03:00
parent 8beedbb3bd
commit 8a2cd4f590
52 changed files with 2497 additions and 1612 deletions
Download Patch File Download Diff File Expand all files Collapse all files

406
external-dns/templates/deployment.yaml
View File

@@ -1,51 +1,59 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ coalesce .Values.replicas .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
replicas: 1
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }}
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
template:
metadata:
labels: {{ include "external-dns.labels" . | nindent 8 }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
{{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) (include "external-dns.createSecret" .) }}
annotations:
{{- if or .Values.podAnnotations .Values.metrics.enabled }}
{{- include "external-dns.podAnnotations" . | trim | nindent 8 }}
{{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }}
{{- $podAnnotations := include "common.tplvalues.merge" (dict "values" (list .Values.podAnnotations .Values.metrics.podAnnotations) "context" .) }}
{{- include "common.tplvalues.render" (dict "value" $podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if (include "external-dns.createSecret" .) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
{{- if (include "external-dns.createConfigMap" .) }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- end }}
spec:
{{- include "external-dns.imagePullSecrets" . | nindent 6 }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
@@ -62,12 +70,18 @@ spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.dnsPolicy }}
dnsPolicy: {{ .Values.dnsPolicy | quote }}
{{- end }}
{{- if .Values.dnsConfig }}
dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: external-dns
image: {{ include "external-dns.image" . | quote }}
image: {{ template "external-dns.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
@@ -112,16 +126,16 @@ spec:
- --service-type-filter={{ . }}
{{- end }}
{{- range .Values.domainFilters }}
- --domain-filter={{ . }}
- --domain-filter={{- include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}
{{- range .Values.excludeDomains }}
- --exclude-domains={{ . }}
- --exclude-domains={{- include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}
{{- if .Values.regexDomainFilter }}
- --regex-domain-filter={{ .Values.regexDomainFilter }}
- --regex-domain-filter={{- include "common.tplvalues.render" (dict "value" .Values.regexDomainFilter "context" $) }}
{{- end }}
{{- if .Values.regexDomainExclusion }}
- --regex-domain-exclusion={{ .Values.regexDomainExclusion }}
- --regex-domain-exclusion={{- include "common.tplvalues.render" (dict "value" .Values.regexDomainExclusion "context" $) }}
{{- end }}
{{- range .Values.zoneNameFilters }}
- --zone-name-filter={{ . }}
@@ -145,16 +159,22 @@ spec:
{{- if .Values.txtSuffix }}
- --txt-suffix={{ .Values.txtSuffix }}
{{- end }}
{{- if .Values.txtNewFormatOnly }}
- --txt-new-format-only
{{- end }}
{{- end }}
{{- if .Values.annotationFilter }}
- --annotation-filter={{ .Values.annotationFilter }}
{{- end }}
{{- if .Values.ingressClass }}
- --ingress-class={{ .Values.ingressClass }}
{{- end }}
{{- if .Values.labelFilter }}
- --label-filter={{ .Values.labelFilter }}
{{- end }}
{{- range .Values.ingressClassFilters }}
- --ingress-class={{ . }}
{{- end }}
{{- range .Values.managedRecordTypesFilters }}
- --managed-record-types={{ . }}
{{- end }}
{{- if .Values.crd.apiversion }}
- --crd-source-apiversion={{ .Values.crd.apiversion }}
{{- end }}
@@ -197,9 +217,18 @@ spec:
{{- if .Values.aws.preferCNAME }}
- --aws-prefer-cname
{{- end }}
{{- if .Values.aws.dynamodbTable }}
- --dynamodb-table={{ .Values.aws.dynamodbTable }}
{{- end }}
{{- if .Values.aws.dynamodbRegion }}
- --dynamodb-region={{ .Values.aws.dynamodbRegion }}
{{- end }}
{{- if and (kindIs "bool" .Values.aws.evaluateTargetHealth) (not .Values.aws.evaluateTargetHealth) }}
- --no-aws-evaluate-target-health
{{- end }}
{{- if .Values.aws.zoneMatchParent }}
- --aws-zone-match-parent
{{- end }}
{{- if or (and (eq .Values.provider "azure") (not .Values.azure.secretName)) (eq .Values.provider "azure-private-dns") }}
# Azure Arguments
{{- if .Values.azure.resourceGroup }}
@@ -216,12 +245,24 @@ spec:
{{- if .Values.cloudflare.proxied }}
- --cloudflare-proxied
{{- end }}
{{- if .Values.cloudflare.dnsRecordsPerPage }}
- --cloudflare-dns-records-per-page={{ .Values.cloudflare.dnsRecordsPerPage }}
{{- end }}
{{- if .Values.cloudflare.regionalServices }}
- --cloudflare-regional-services
{{- end }}
{{- if .Values.cloudflare.regionKey }}
- --cloudflare-region-key={{ .Values.cloudflare.regionKey }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "google" }}
# Google Arguments
{{- if .Values.google.project }}
- --google-project={{ .Values.google.project }}
{{- end }}
{{- if .Values.google.batchChangeSize }}
- --google-batch-change-size={{ .Values.google.batchChangeSize }}
{{- end }}
{{- if .Values.google.zoneVisibility }}
- --google-zone-visibility={{ .Values.google.zoneVisibility }}
{{- end }}
@@ -232,6 +273,9 @@ spec:
- --infoblox-view={{ .Values.infoblox.view }}
{{- if .Values.infoblox.domainFilter }}
- --domain-filter={{ .Values.infoblox.domainFilter }}
{{- end }}
{{- if .Values.infoblox.nameRegex }}
- --infoblox-name-regex={{ .Values.infoblox.nameRegex }}
{{- end }}
{{- if .Values.infoblox.wapiPort }}
- --infoblox-wapi-port={{ .Values.infoblox.wapiPort }}
@@ -243,20 +287,44 @@ spec:
- --no-infoblox-ssl-verify
{{- else }}
- --infoblox-ssl-verify
{{- end }}
{{- if .Values.infoblox.createPtr }}
- --infoblox-create-ptr
{{- end }}
{{- if .Values.infoblox.maxResults }}
- --infoblox-max-results={{ .Values.infoblox.maxResults }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "oci") .Values.oci.useInstancePrincipal }}
# OCI Arguments
- --oci-auth-instance-principal
{{- if .Values.oci.compartmentOCID }}
- --oci-compartment-ocid={{ .Values.oci.compartmentOCID }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "ns1" }}
# ns1 arguments
- --ns1-min-ttl={{ .Values.ns1.minTTL }}
{{- end }}
{{- if eq .Values.provider "pihole" }}
{{- if .Values.pihole.server }}
- --pihole-server={{ .Values.pihole.server }}
{{- end }}
{{- if .Values.pihole.tlsSkipVerify }}
- --pihole-tls-skip-verify
{{- end }}
{{- end }}
{{- if eq .Values.provider "rfc2136" }}
# RFC 2136 arguments
- --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }}
- --rfc2136-port={{ .Values.rfc2136.port }}
- --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }}
{{- $rfc2136Zones := prepend .Values.rfc2136.zones .Values.rfc2136.zone | uniq | compact }}
{{- if empty $rfc2136Zones }}
{{ fail "rfc2136.zone or rfc2136.zones must be supplied for provider 'rfc2136'" }}
{{- end }}
{{- range $rfc2136Zones }}
- --rfc2136-zone={{ . }}
{{- end }}
- --rfc2136-min-ttl={{ .Values.rfc2136.minTTL }}
{{- if .Values.rfc2136.tsigAxfr }}
- --rfc2136-tsig-axfr
@@ -283,16 +351,55 @@ spec:
- --transip-account={{ .Values.transip.account }}
- --transip-keyfile=/transip/transip-api-key
{{- end }}
{{- range $key, $value := .Values.extraArgs }}
# Extra arguments
{{- if $value }}
{{- if .Values.traefik.disableLegacy }}
- --traefik-disable-legacy
{{- end }}
{{- if .Values.traefik.disableNew }}
- --traefik-disable-new
{{- end }}
{{- if .Values.txtEncrypt.enabled }}
# TXT registry encryption
- --txt-encrypt-enabled
- --txt-encrypt-aes-key=$(TXT_AES_ENCRYPTION_KEY)
{{- end }}
{{- if .Values.extraArgs }}
{{- range $key, $value := .Values.extraArgs }}
# Extra arguments
{{- if kindIs "slice" $value }}
{{- range $val := $value }}
- --{{ $key }}={{ $val }}
{{- end }}
{{- else if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
env:
{{- if eq .Values.provider "akamai" }}
# Akamai environment variables
{{- if .Values.akamai.host }}
- name: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
value: {{ .Values.akamai.host }}
{{- end }}
{{- if .Values.akamai.accessToken }}
- name: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
value: {{ .Values.akamai.accessToken }}
{{- end }}
{{- if .Values.akamai.clientToken }}
- name: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
value: {{ .Values.akamai.clientToken }}
{{- end }}
{{- if or (.Values.akamai.clientSecret) (.Values.akamai.secretName) }}
- name: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: akamai_client_secret
{{- end }}
{{- end }}
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
# AWS environment variables
{{- if .Values.aws.region }}
@@ -303,10 +410,29 @@ spec:
- name: AWS_CONFIG_FILE
value: {{ .Values.aws.credentials.mountPath }}/config
{{- end }}
{{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }}
{{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey (not (include "external-dns.aws-credentials-secret-ref-defined" . ))}}
- name: AWS_SHARED_CREDENTIALS_FILE
value: {{ .Values.aws.credentials.mountPath }}/credentials
{{- end }}
{{- if (include "external-dns.aws-credentials-secret-ref-defined" . ) }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ .Values.aws.credentials.accessKeyIDSecretRef.name}}
key: {{ .Values.aws.credentials.accessKeyIDSecretRef.key }}
- name: AWS_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.aws.credentials.secretAccessKeySecretRef.name}}
key: {{ .Values.aws.credentials.secretAccessKeySecretRef.key }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "civo" }}
- name: CIVO_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: apiToken
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
# Cloudflare environment variables
@@ -338,46 +464,6 @@ spec:
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCACert" . }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate environment variables
{{- if .Values.designate.customCA.enabled }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- if .Values.designate.username }}
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_username
{{- end }}
{{- if .Values.designate.password }}
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_password
{{- end }}
{{- if .Values.designate.authUrl }}
- name: OS_AUTH_URL
value: {{ .Values.designate.authUrl }}
{{- end }}
{{- if .Values.designate.regionName }}
- name: OS_REGION_NAME
value: {{ .Values.designate.regionName }}
{{- end }}
{{- if .Values.designate.userDomainName }}
- name: OS_USER_DOMAIN_NAME
value: {{ .Values.designate.userDomainName }}
{{- end }}
{{- if .Values.designate.projectName }}
- name: OS_PROJECT_NAME
value: {{ .Values.designate.projectName }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }}
# DigitalOcean environment variables
- name: DO_TOKEN
@@ -386,6 +472,23 @@ spec:
name: {{ template "external-dns.secretName" . }}
key: digitalocean_api_token
{{- end }}
{{- if (eq .Values.provider "exoscale") }}
# Exoscale environment variables
{{- if (or .Values.exoscale.apiKey .Values.exoscale.secretName) }}
- name: EXTERNAL_DNS_EXOSCALE_APIKEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: exoscale_api_key
{{- end }}
{{- if (or .Values.exoscale.apiToken .Values.exoscale.secretName) }}
- name: EXTERNAL_DNS_EXOSCALE_APISECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: exoscale_api_token
{{- end }}
{{- end }}
{{- if eq .Values.provider "google" }}
# Google environment variables
{{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }}
@@ -393,22 +496,6 @@ spec:
value: /etc/secrets/service-account/credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "hetzner" }}
# Hetzner environment variables
{{- if .Values.hetzner.secretName }}
- name: HETZNER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.hetzner.secretName }}
key: {{ .Values.hetzner.secretKey }}
{{- else }}
- name: HETZNER_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: hetzner_token
{{- end }}
{{- end }}
{{- if eq .Values.provider "linode" }}
# Linode environment variables
{{- if or (.Values.linode.apiToken) (.Values.linode.secretName) }}
@@ -445,51 +532,22 @@ spec:
{{- end }}
{{- if eq .Values.provider "scaleway" }}
# Scaleway environment variables
{{- if .Values.scaleway.scwAccessKey }}
{{- if or (.Values.scaleway.scwAccessKey) (.Values.scaleway.secretName) }}
- name: SCW_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_access_key
{{- end }}
{{- if .Values.scaleway.scwSecretKey }}
{{- if or (.Values.scaleway.scwSecretKey) (.Values.scaleway.secretName) }}
- name: SCW_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_secret_key
{{- end }}
{{- if .Values.scaleway.scwDefaultOrganizationId }}
- name: SCW_DEFAULT_ORGANIZATION_ID
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_default_organization_id
{{- end }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
# Infloblox environment variables
{{- if .Values.infoblox.wapiConnectionPoolSize }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS
value: "{{ .Values.infoblox.wapiConnectionPoolSize }}"
{{- end }}
{{- if .Values.infoblox.wapiHttpTimeout }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT
value: "{{ .Values.infoblox.wapiHttpTimeout }}"
{{- end }}
{{- if or (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (.Values.infoblox.secretName) }}
- name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_username
- name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_password
{{- end }}
{{- end }}
{{- if eq .Values.provider "rfc2136" }}
{{- if .Values.rfc2136.tsigSecret | or (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword) | or .Values.rfc2136.secretName }}
# RFC 2136 environment variables
{{- if .Values.rfc2136.rfc3645Enabled }}
@@ -511,6 +569,7 @@ spec:
key: rfc2136_tsig_secret
{{- end }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "pdns" }}
# PowerDNS environment variables
- name: PDNS_API_KEY
@@ -518,31 +577,17 @@ spec:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: pdns_api_key
{{- end }}
{{- if eq .Values.provider "vinyldns" }}
# VinylDNS environment variables
{{- if .Values.vinyldns.host }}
- name: VINYLDNS_HOST
value: {{ .Values.vinyldns.host }}
{{- end }}
{{- if .Values.vinyldns.accessKey }}
- name: VINYLDNS_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-access-key
{{- end }}
{{- if .Values.vinyldns.secretKey }}
- name: VINYLDNS_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-secret-key
{{- end }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.pihole.secretName }}
- name: EXTERNAL_DNS_PIHOLE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: pihole_password
{{- end }}
{{- if eq .Values.provider "ns1" }}
# NS1 environment variables
{{- if or (.Values.ns1.apiKey) (.Values.ns1.secretName) }}
@@ -553,6 +598,13 @@ spec:
key: ns1-api-key
{{- end }}
{{- end }}
{{- if and .Values.txtEncrypt.enabled }}
- name: TXT_AES_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.txtEncryptKeySecretName" . }}
key: txt_aes_encryption_key
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
@@ -565,20 +617,21 @@ spec:
ports:
- name: http
containerPort: {{ .Values.containerPorts.http }}
{{- if .Values.livenessProbe.enabled }}
{{- if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
tcpSocket:
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
{{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
@@ -588,10 +641,10 @@ spec:
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: /healthz
@@ -601,26 +654,29 @@ spec:
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud mountPath(s)
- name: alibabacloud-config-file
mountPath: /etc/kubernetes/
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) (not (include "external-dns.aws-credentials-secret-ref-defined" . )) }}
# AWS mountPath(s)
- name: aws-credentials
mountPath: {{ .Values.aws.credentials.mountPath }}
@@ -647,24 +703,10 @@ spec:
- name: google-service-account
mountPath: /etc/secrets/service-account/
{{- end }}
{{- if eq .Values.provider "oci" }}
{{- if and (eq .Values.provider "oci") (not .Values.oci.useInstancePrincipal) }}
- name: oci-config-file
mountPath: /etc/kubernetes/
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate mountPath(s)
{{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }}
{{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true" }}
{{- else if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
mountPath: {{ .Values.designate.customCA.mountPath }}
readOnly: true
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
mountPath: {{ .Values.designate.customCAHostPath }}
readOnly: true
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
- name: krb5config
mountPath: /etc/krb5.conf
@@ -684,13 +726,15 @@ spec:
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud volume(s)
- name: alibabacloud-config-file
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) (not (include "external-dns.aws-credentials-secret-ref-defined" . )) }}
# AWS volume(s)
- name: aws-credentials
secret:
@@ -702,16 +746,19 @@ spec:
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- else if .Values.azure.useWorkloadIdentityExtension }}
secret:
secretName: {{ template "common.names.fullname" . }}
{{- else if .Values.azure.useManagedIdentityExtension }}
secret:
secretName: {{ template "external-dns.fullname" . }}
secretName: {{ template "common.names.fullname" . }}
{{- else }}
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- if (eq .Values.provider "oci")}}
{{- if and (eq .Values.provider "oci") (not .Values.oci.useInstancePrincipal) }}
- name: oci-config-file
secret:
secretName: {{ template "external-dns.secretName" . }}
@@ -734,26 +781,11 @@ spec:
path: credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate volume(s)
{{- if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
configMap:
name: {{ template "external-dns.fullname" . }}
items:
- key: {{ .Values.designate.customCA.filename }}
path: {{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
hostPath:
path: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
# Kerberos config volume
- name: krb5config
configMap:
name: {{ template "external-dns.fullname" . }}
name: {{ template "common.names.fullname" . }}
items:
- key: "krb5.conf"
path: "krb5.conf"
@@ -762,7 +794,7 @@ spec:
# TransIP volume(s)
- name: transip-api-key
secret:
secretName: {{ template "external-dns.fullname" . }}
secretName: {{ template "common.names.fullname" . }}
{{- end }}
{{- if .Values.extraVolumes }}
# Extra volume(s)