ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

external-dns: bump to 0.19.0, helm chart 9.1.0

Browse Source
This commit is contained in:
ace
2026-01-03 22:33:32 +03:00
parent 8beedbb3bd
commit 8a2cd4f590
52 changed files with 2497 additions and 1612 deletions
Download Patch File Download Diff File Expand all files Collapse all files

535
external-dns/values.yaml
View File

@@ -1,3 +1,6 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
@@ -14,20 +17,35 @@ global:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param nameOverride String to partially override external-dns.fullname template (will maintain the release name)
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override external-dns.fullname template
## @param fullnameOverride String to fully override common.names.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param clusterDomain Kubernetes Cluster Domain
##
clusterDomain: cluster.local
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
@@ -41,30 +59,26 @@ extraDeploy: []
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param watchReleaseNamespace Watch only namepsace used for the release
##
watchReleaseNamespace: false
## @section external-dns parameters
##
## Bitnami external-dns image version
## ref: https://hub.docker.com/r/bitnami/external-dns/tags/
## @param image.registry ExternalDNS image registry
## @param image.repository ExternalDNS image repository
## @param image.tag ExternalDNS Image tag (immutable tags are recommended)
## @param image.registry [default: REGISTRY_NAME] ExternalDNS image registry
## @param image.repository [default: REPOSITORY_NAME/external-dns] ExternalDNS image repository
## @skip image.tag ExternalDNS Image tag (immutable tags are recommended)
## @param image.digest ExternalDNS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy ExternalDNS image pull policy
## @param image.pullSecrets ExternalDNS image pull secrets
##
image:
registry: gitea.geekhome.org
repository: ghp/external-dns
tag: v0.7.6-663-gf76382a5
registry: registry.k8s.io
repository: external-dns/external-dns
tag: v0.19.0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -75,24 +89,26 @@ image:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param revisionHistoryLimit sets number of replicaset to keep in k8s
##
revisionHistoryLimit: 10
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param updateStrategy update strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#update-strategies
##
updateStrategy: {}
## @param command Override kiam default command
##
command: []
## @param args Override kiam default args
##
args: []
## @param sources [array] K8s resources type to be observed for new DNS entries by ExternalDNS
##
sources:
@@ -102,12 +118,34 @@ sources:
# - contour-httpproxy
## @param provider DNS provider where the DNS records will be created.
## Available providers are:
## - alibabacloud, aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, hetzner, infoblox, linode, rfc2136, transip, oci
## - akamai, alibabacloud, aws, azure, azure-private-dns, civo, cloudflare, coredns, digitalocean, exoscale, google, linode, ns1, oci, ovh, pdns, pihole, rfc2136, scaleway, transip
##
provider: aws
## @param initContainers Attach additional init containers to the pod (evaluated as a template)
##
initContainers: []
## DNS-Pod services
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
## @param dnsPolicy Specifies the DNS policy for the external-dns deployment
## DNS policies can be set on a per-Pod basis. Currently Kubernetes supports the following Pod-specific DNS policies.
## Available options: Default, ClusterFirst, ClusterFirstWithHostNet, None
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ""
## @param dnsConfig allows users more control on the DNS settings for a Pod. Required if `dnsPolicy` is set to `None`
## The dnsConfig field is optional and it can work with any dnsPolicy settings.
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
## E.g.
## dnsConfig:
## nameservers:
## - 192.0.2.1 # this is an example
## searches:
## - ns1.svc.cluster-domain.example
## - my.dns.search.suffix
## options:
## - name: ndots
## value: "2"
## - name: edns0
dnsConfig: {}
## @param sidecars Attach additional containers to the pod (evaluated as a template)
##
sidecars: []
@@ -116,6 +154,9 @@ sidecars: []
## @param namespace Limit sources of endpoints to a specific namespace (default: all namespaces)
##
namespace: ""
## @param watchReleaseNamespace Watch only namespace used for the release
##
watchReleaseNamespace: false
## @param fqdnTemplates Templated strings that are used to generate DNS names from sources that don't define a hostname themselves
##
fqdnTemplates: []
@@ -138,6 +179,31 @@ publishHostIP: false
## @param serviceTypeFilter The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName)
##
serviceTypeFilter: []
## Chart Validation
##
validation:
## @param validation.enabled Enable chart validation
##
enabled: true
## Akamai configuration to be set via arguments/env. variables
##
akamai:
## @param akamai.host Hostname to use for EdgeGrid auth
##
host: ""
## @param akamai.accessToken Access Token to use for EdgeGrid auth
##
accessToken: ""
## @param akamai.clientToken Client Token to use for EdgeGrid auth
##
clientToken: ""
## @param akamai.clientSecret When using the Akamai provider, `AKAMAI_CLIENT_SECRET` to set (optional)
##
clientSecret: ""
## @param akamai.secretName Use an existing secret with key "akamai_api_seret" defined.
## This ignores akamai.clientSecret
##
secretName: ""
## Alibaba cloud configuration to be set via arguments/env. variables
## These will be added to /etc/kubernetes/alibaba-cloud.json via secret
##
@@ -179,6 +245,21 @@ aws:
## This ignores aws.credentials.secretKey, and aws.credentials.accessKey
##
secretName: ""
## AWS access key id stored in key-value secret.
## If aws.credentials.accessKeyIDSecretRef and aws.credentials.secretAccessKeySecretRef defined aws.credentials.secretKey, aws.credentials.accessKey and aws.credentials.secretName are ignored
## @param aws.credentials.accessKeyIDSecretRef.name Define the name of the secret that stores aws_access_key_id.
## @param aws.credentials.accessKeyIDSecretRef.key Define the key of the secret that stores aws_access_key_id.
##
accessKeyIDSecretRef:
name: ""
key: ""
## AWS secret access key stored in key-value secret
## @param aws.credentials.secretAccessKeySecretRef.name Define the name of the secret that stores aws_secret_access_key
## @param aws.credentials.secretAccessKeySecretRef.key Define the key of the secret that stores aws_secret_access_key
##
secretAccessKeySecretRef:
name: ""
key: ""
## @param aws.region When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional)
##
region: "us-east-1"
@@ -210,6 +291,17 @@ aws:
## @param aws.evaluateTargetHealth When using the AWS provider, sets the evaluate target health flag (options: true, false)
##
evaluateTargetHealth: ""
## @param aws.dynamodbTable When using the AWS provider, sets the DynamoDB table name to use for dynamodb registry
## ref: https://github.com/kubernetes-sigs/external-dns/blob/0483ffde22e60436f16be154b9fe1a388a1400d0/docs/registry/dynamodb.md
##
dynamodbTable: ""
## @param aws.dynamodbRegion When using the AWS provider, sets the DynamoDB table region to use for dynamodb registry
## ref: https://github.com/kubernetes-sigs/external-dns/blob/0483ffde22e60436f16be154b9fe1a388a1400d0/docs/registry/dynamodb.md
##
dynamodbRegion: ""
## @param aws.zoneMatchParent When using the AWS provider, lets a domain filter match subdomains within the same zone by using their parent domain
##
zoneMatchParent: false
## Azure configuration to be set via arguments/env. variables
##
azure:
@@ -235,12 +327,25 @@ azure:
## @param azure.aadClientSecret When using the Azure provider, set the Azure AAD Client Secret
##
aadClientSecret: ""
## @param azure.useWorkloadIdentityExtension When using the Azure provider, set if you use Workload Identity extension.
##
useWorkloadIdentityExtension: false
## @param azure.useManagedIdentityExtension When using the Azure provider, set if you use Azure MSI
##
useManagedIdentityExtension: false
## @param azure.userAssignedIdentityID When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used)
##
userAssignedIdentityID: ""
## Civo configuration to be set via arguments/env. variables
##
civo:
## @param civo.apiToken When using the Civo provider, `CIVO_TOKEN` to set (optional)
##
apiToken: ""
## @param civo.secretName Use an existing secret with key "apiToken" defined.
## This ignores civo.apiToken
##
secretName: ""
## Cloudflare configuration to be set via arguments/env. variables
##
cloudflare:
@@ -260,6 +365,17 @@ cloudflare:
## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)
##
proxied: true
## @param cloudflare.dnsRecordsPerPage Number of DNS records to fetch per page. (optional)
## When using the Cloudflare provider, specify how many DNS records listed per page, max possible 5,000 (default: 100)
##
dnsRecordsPerPage: 100
## @param cloudflare.regionalServices Enable configuration of Cloudflare Regional Services. (optional)
##
regionalServices: false
## @param cloudflare.regionKey Set default region, when Cloudflare Regional Services are enabled. (optional)
## Using the "external-dns.alpha.kubernetes.io/cloudflare-region-key" annotation on your ingress, you can specify the region for that record.
##
regionKey: ""
## CoreDNS configuration to be set via arguments/env variables
##
coredns:
@@ -281,7 +397,7 @@ coredns:
## @param coredns.etcdTLS.secretName When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys
## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md
## ref (secret creation):
## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication
## https://github.com/bitnami/charts/tree/main/bitnami/etcd#configure-certificates-for-client-communication
##
secretName: "etcd-client-certs"
## @param coredns.etcdTLS.mountPath When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to
@@ -298,47 +414,21 @@ coredns:
## Will be used by external-dns to authenticate against etcd
##
keyFilename: "key.pem"
## OpenStack Designate provider configuration to be set via arguments/env. variables
## Exoscale configuration to be set via arguments/env. variables
##
designate:
## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret
## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument
## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional)
## @param designate.password When using the Designate provider, specify the OpenStack authentication password. (optional)
## @param designate.authUrl When using the Designate provider, specify the OpenStack authentication Url. (optional)
## @param designate.regionName When using the Designate provider, specify the OpenStack region name. (optional)
## @param designate.userDomainName When using the Designate provider, specify the OpenStack user domain name. (optional)
## @param designate.projectName When using the Designate provider, specify the OpenStack project name. (optional)
## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional)
## e.g:
## username: "someuser"
## password: "p@55w0rd"
## authUrl: "https://mykeystone.example.net:5000/v3/"
## regionName: "dev"
## userDomainName: "development"
## projectName: "myteamname"
exoscale:
## @param exoscale.apiKey When using the Exoscale provider, `EXTERNAL_DNS_EXOSCALE_APIKEY` to set (optional)
##
username: ""
password: ""
authUrl: ""
regionName: ""
userDomainName: ""
projectName: ""
## @param designate.customCAHostPath When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled`
## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath
apiKey: ""
## @param exoscale.apiToken When using the Exoscale provider, `EXTERNAL_DNS_EXOSCALE_APISECRET` to set (optional)
##
customCAHostPath: ""
## Use a custom CA (optional)
## @param designate.customCA.enabled When using the Designate provider, enable a custom CA (optional)
## @param designate.customCA.content When using the Designate provider, set the content of the custom CA
## @param designate.customCA.mountPath When using the Designate provider, set the mountPath in which to mount the custom CA configuration
## @param designate.customCA.filename When using the Designate provider, set the custom CA configuration filename
apiToken: ""
## @param exoscale.secretName Use an existing secret with keys "exoscale_api_key" and "exoscale_api_token" defined.
## This ignores exoscale.apiKey and exoscale.apiToken
##
customCA:
enabled: false
content: ""
mountPath: "/config/designate"
filename: "designate-ca.pem"
secretName: ""
## Google configuration to be set via arguments/env. variables
##
## DigitalOcean configuration to be set via arguments/env. variables
##
digitalocean:
@@ -355,6 +445,9 @@ google:
## @param google.project When using the Google provider, specify the Google project (required when provider=google)
##
project: ""
## @param google.batchChangeSize When using the google provider, set the maximum number of changes that will be applied in each batch
##
batchChangeSize: 1000
## @param google.serviceAccountSecret When using the Google provider, specify the existing secret which contains credentials.json (optional)
##
serviceAccountSecret: ""
@@ -367,61 +460,6 @@ google:
## @param google.zoneVisibility When using the Google provider, fiter for zones of a specific visibility (private or public)
##
zoneVisibility: ""
## Hetzner configuration to be set via arguments/env. variables
##
hetzner:
## @param hetzner.token When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.)
## Mutually exclusive with `hetzner.secretName`.
##
token: ""
## @param hetzner.secretName When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional)
##
secretName: ""
## @param hetzner.secretKey When using the Hetzner provider with an existing secret, specify the key name (optional)
##
secretKey: "hetzner_token"
## Infoblox configuration to be set via arguments/env. variables
##
infoblox:
## @param infoblox.wapiUsername When using the Infoblox provider, specify the Infoblox WAPI username
##
wapiUsername: "admin"
## @param infoblox.wapiPassword When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox)
##
wapiPassword: ""
## @param infoblox.gridHost When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox)
##
gridHost: ""
## @param infoblox.view Infoblox view
##
view: ""
## Optional keys
##
## @param infoblox.secretName Existing secret name, when in place wapiUsername and wapiPassword are not required
##
secretName: ""
##
## @param infoblox.domainFilter When using the Infoblox provider, specify the domain (optional)
##
domainFilter: ""
## @param infoblox.noSslVerify When using the Infoblox provider, disable SSL verification (optional)
##
noSslVerify: false
## @param infoblox.wapiPort When using the Infoblox provider, specify the Infoblox WAPI port (optional)
##
wapiPort: ""
## @param infoblox.wapiVersion When using the Infoblox provider, specify the Infoblox WAPI version (optional)
##
wapiVersion: ""
## @param infoblox.wapiConnectionPoolSize When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional)
##
wapiConnectionPoolSize: ""
## @param infoblox.wapiHttpTimeout When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional)
##
wapiHttpTimeout: ""
## @param infoblox.maxResults When using the Infoblox provider, specify the Infoblox Max Results (optional)
##
maxResults: ""
## Linode configuration to be set via arguments/env. variables
##
linode:
@@ -432,7 +470,6 @@ linode:
## This ignores linode.apiToken
##
secretName: ""
## NS1 configuration to be set via arguments/env. variables
##
ns1:
@@ -446,7 +483,30 @@ ns1:
## This ignores ns1.apiToken
##
secretName: ""
## Pi-hole configuration to be set via arguments/env. variables
##
pihole:
## @param pihole.server When using the Pi-hole provider, specify The address of the Pi-hole web server
##
server: ""
## @param pihole.tlsSkipVerify When using the Pi-hole provider, specify wheter to skip verification of any TLS certificates served by the Pi-hole web server
##
tlsSkipVerify: ""
## @param pihole.password When using the Pi-hole provider, specify a password to use
##
password: ""
## @param pihole.secretName Use an existing secret with key "pihole_password" defined.
##
secretName: ""
## Compatibility adaptations for Traefik
##
traefik:
## @param traefik.disableNew Disable listeners on Resources under traefik.io
##
disableNew: false
## @param traefik.disableLegacy Disable listeners on Resources under traefik.containo.us
##
disableLegacy: false
## oci configuration to be set via arguments/env. variables
##
oci:
@@ -477,6 +537,12 @@ oci:
## Ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/oracle.md#deploy-externaldns
##
secretName: ""
## @param oci.useInstancePrincipal When using the OCI provider, enable IAM Instance Principal
## Ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/oracle.md#oci-iam-instance-principal
useInstancePrincipal: false
## @param oci.useWorkloadIdentity When using the OCI provider, enable IAM Workload Identity
## Ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/oracle.md#oci-iam-instance-principal
useWorkloadIdentity: false
## OVH configuration to be set via arguments/env. variables
##
ovh:
@@ -506,9 +572,10 @@ scaleway:
## @param scaleway.scwSecretKey When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway)
##
scwSecretKey: ""
## @param scaleway.scwDefaultOrganizationId When using the Scaleway provider, specify the existing organization id. (required when provider=scaleway)
## @param scaleway.secretName Use an existing secret with keys "scaleway_access_key" and "scaleway_secret_key" defined (optional).
## This ignores scaleway.scwAccessKey and scaleway.scwSecretKey
##
scwDefaultOrganizationId: ""
secretName: ""
## RFC 2136 configuration to be set via arguments/env. variables
##
rfc2136:
@@ -518,13 +585,17 @@ rfc2136:
## @param rfc2136.port When using the rfc2136 provider, specify the RFC2136 port (optional)
##
port: 53
## @param rfc2136.zone When using the rfc2136 provider, specify the zone (required when provider=rfc2136)
## @param rfc2136.zone DEPRECATED: use rfc2136.zones instead.
## Currently, the contents of rfc2136.zone and rfc2136.zones will be merged and deduplicated, in a future release this value will be removed in favor of `rfc2136.zones`.
##
zone: ""
## @param rfc2136.zones When using the rfc2136 provider, specify the zones (required when provider=rfc2136 and `rfc2136.zone` is not provided.)
##
zones: []
## @param rfc2136.tsigSecret When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional)
##
tsigSecret: ""
## @param rfc2136.secretName When using the rfc2136 provider, specify the existing secret which contains your tsig secret. Disables the usage of `rfc2136.tsigSecret` (optional)
## @param rfc2136.secretName When using the rfc2136 provider, specify the existing secret which contains your tsig secret in the key "rfc2136_tsig_secret". Disables the usage of `rfc2136.tsigSecret` (optional)
##
secretName: ""
## @param rfc2136.tsigSecretAlg When using the rfc2136 provider, specify the tsig secret to enable security (optional)
@@ -532,11 +603,11 @@ rfc2136:
tsigSecretAlg: hmac-sha256
## @param rfc2136.tsigKeyname When using the rfc2136 provider, specify the tsig keyname to enable security (optional)
##
tsigKeyname: externaldns-key
tsigKeyname: rfc2136_tsig_secret
## @param rfc2136.tsigAxfr When using the rfc2136 provider, enable AFXR to enable security (optional)
##
tsigAxfr: true
## @param rfc2136.minTTL When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
## @param rfc2136.minTTL When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more <https://golang.org/pkg/time/#ParseDuration>
##
minTTL: "0s"
## @param rfc2136.rfc3645Enabled When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG
@@ -554,7 +625,6 @@ rfc2136:
## @param rfc2136.kerberosRealm When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true)
##
kerberosRealm: ""
## PowerDNS configuration to be set via arguments/env. variables
##
pdns:
@@ -579,18 +649,6 @@ transip:
## @param transip.apiKey When using the TransIP provider, specify the API key to use.
##
apiKey: ""
## VinylDNS configuration to be set via arguments/env. variables
##
vinyldns:
## @param vinyldns.host When using the VinylDNS provider, specify the VinylDNS API host.
##
host: ""
## @param vinyldns.accessKey When using the VinylDNS provider, specify the Access Key to use.
##
accessKey: ""
## @param vinyldns.secretKey When using the VinylDNS provider, specify the Secret key to use.
##
secretKey: ""
## @param domainFilters Limit possible target zones by domain suffixes (optional)
##
domainFilters: []
@@ -614,12 +672,15 @@ zoneIdFilters: []
## @param annotationFilter Filter sources managed by external-dns via annotation using label selector (optional)
##
annotationFilter: ""
## @param ingressClass Filter sources managed by external-dns via annotation using label selector (optional)
##
ingressClass: ""
## @param labelFilter Select sources managed by external-dns using label selector (optional)
##
labelFilter: ""
## @param ingressClassFilters Filter sources managed by external-dns via IngressClass (optional)
##
ingressClassFilters: []
## @param managedRecordTypesFilters Filter record types managed by external-dns (optional)
##
managedRecordTypesFilters: []
## @param dryRun When enabled, prints DNS record changes rather than actually performing them (optional)
##
dryRun: false
@@ -638,8 +699,8 @@ logFormat: text
## @param policy Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only )
##
policy: upsert-only
## @param registry Registry method to use (options: txt, aws-sd, noop)
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md
## @param registry Registry method to use (options: txt, aws-sd, dynamodb, noop)
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/registry.md
##
registry: "txt"
## @param txtPrefix When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional)<CNAME record> (Mutual exclusive with txt-suffix)
@@ -648,6 +709,10 @@ txtPrefix: ""
## @param txtSuffix When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional)<CNAME record>.suffix (Mutual exclusive with txt-prefix)
##
txtSuffix: ""
## @param txtNewFormatOnly When using the TXT registry, use only the new format for ownership records (optional)
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md#record-format-options
##
txtNewFormatOnly: false
## @param txtOwnerId A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional)
## But other registry types might be added in the future.
##
@@ -668,9 +733,29 @@ txtOwnerId: ""
## value passed as txtOwnerId when forceTxtOwnerId=true
##
forceTxtOwnerId: false
## TXT registry record encryption
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md#encryption
##
txtEncrypt:
## @param txtEncrypt.enabled Enable TXT record encryption
##
enabled: false
## @param txtEncrypt.aesKey 32-byte AES-256-GCM encryption key.
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md#generating-the-txt-encryption-key
## Note: If txtEncrypt.enabled is enabled and txtEncrypt.aesKey is not set, a default key will be generated.
##
aesKey: ""
## @param txtEncrypt.secretName Use an existing secret with key "txt_aes_encryption_key" defined.
## This ignores txtEncrypt.aesKey
##
secretName: ""
## @param extraArgs Extra arguments to be passed to external-dns
##
extraArgs: {}
##extraArgs:
## rfc2136-zone:
## - extra-zone1.com
## - extra-zone2.com
## @param extraEnvVars An array to add extra env vars
##
extraEnvVars: []
@@ -692,9 +777,6 @@ schedulerName: ""
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param replicaCount Desired number of ExternalDNS replicas
##
replicaCount: 1
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
@@ -729,7 +811,7 @@ nodeAffinityPreset:
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
@@ -784,6 +866,9 @@ service:
## @param service.externalIPs Service external IP addresses
##
externalIPs: []
## @param service.externalName Service external name
##
externalName: ""
## @param service.loadBalancerIP IP address to assign to load balancer (if supported)
##
loadBalancerIP: ""
@@ -819,6 +904,64 @@ service:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## ServiceAccount parameters
## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
@@ -826,7 +969,7 @@ serviceAccount:
## @param serviceAccount.create Determine whether a Service Account should be created or it should reuse a exiting one.
##
create: true
## @param serviceAccount.name ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set
## @param serviceAccount.name ServiceAccount to use. A name is generated using the common.names.fullname template if it is not set
##
name: ""
## @param serviceAccount.annotations Additional Service Account annotations
@@ -834,7 +977,7 @@ serviceAccount:
annotations: {}
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param serviceAccount.labels [object] Additional labels to be included on the service account
##
labels: {}
@@ -854,46 +997,70 @@ rbac:
## @param rbac.pspEnabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
pspEnabled: false
## @param containerSecurityContext Security context for the container
## @param containerSecurityContext.enabled Enabled Apache Server containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set ExternalDNS containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set ExternalDNS containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set ExternalDNS container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set primary container's Security Context privileged
## @param containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.readOnlyRootFilesystem Set container readonlyRootFilesystem
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## Example:
## securityContext:
## containerSecurityContext:
## allowPrivilegeEscalation: false
## readOnlyRootFilesystem: true
## capabilities:
## drop: ["ALL"]
##
containerSecurityContext: {}
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param podSecurityContext.enabled Enable pod security context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Group ID for the container
## @param podSecurityContext.runAsUser User ID for the container
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
runAsUser: 1001
## Container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits The resources limits for the container
## @param resources.requests The requested resources for the container
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
## Example:
## limits:
## cpu: 50m
## memory: 50Mi
##
limits: {}
## Examples:
## requests:
## cpu: 10m
## memory: 50Mi
##
requests: {}
resourcesPreset: "nano"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
@@ -957,11 +1124,14 @@ extraVolumes: []
## @param extraVolumeMounts A list of volume mounts to be added to the pod
##
extraVolumeMounts: []
## @param podDisruptionBudget Configure PodDisruptionBudget
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
## @param pdb.create Enable/disable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
##
podDisruptionBudget: {}
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## Prometheus Exporter / Metrics
##
metrics:
@@ -989,7 +1159,7 @@ metrics:
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.selector Additional labels for ServiceMonitor object
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
## e.g:
## selector:
## prometheus: my-prometheus
@@ -1005,11 +1175,32 @@ metrics:
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
##
honorLabels: false
## DEPRECATED metrics.serviceMonitor.additionalLabels will be removed in a future release - Please use metrics.serviceMonitor.labels instead
## @param metrics.serviceMonitor.labels Used to pass Labels that are required by the installed Prometheus Operator
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
##
labels: {}
## @param metrics.serviceMonitor.targetLabels Labels from the Kubernetes service to be transferred to the created metrics
targetLabels: []
## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
podTargetLabels: []
## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
##
annotations: {}
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## Google Managed Prometheus PodMonitor configuration
##
googlePodMonitor:
## @param metrics.googlePodMonitor.enabled Create Google Managed Prometheus PodMonitoring object
##
enabled: false
## @param metrics.googlePodMonitor.namespace Namespace in which PodMonitoring created
##
namespace: ""
## @param metrics.googlePodMonitor.interval Interval at which metrics should be scraped by Google Managed Prometheus
##
interval: "60s"
## @param metrics.googlePodMonitor.endpoint The endpoint for Google Managed Prometheus scraping the metrics
##
endpoint: /metrics