ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

external-dns: bump to v0.7.6, helm chart v6.8.1

Browse Source
This commit is contained in:
ace
2022-08-29 03:02:03 +03:00
parent 9b7fdc9851
commit e65899ebde
47 changed files with 5743 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
external-dns/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,12 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
To verify that external-dns has started, run:
kubectl --namespace={{ .Release.Namespace }} get pods -l "app.kubernetes.io/name={{ template "external-dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
{{ include "external-dns.validateValues" . }}
{{ include "external-dns.checkRollingTags" . }}

856
external-dns/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,856 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "external-dns.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "external-dns.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "external-dns.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Helm required labels */}}
{{- define "external-dns.labels" -}}
app.kubernetes.io/name: {{ template "external-dns.name" . }}
helm.sh/chart: {{ template "external-dns.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels }}
{{- end }}
{{- end -}}
{{/* matchLabels */}}
{{- define "external-dns.matchLabels" -}}
app.kubernetes.io/name: {{ template "external-dns.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/* podAnnotations */}}
{{- define "external-dns.podAnnotations" -}}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations }}
{{- end }}
{{- if .Values.metrics.podAnnotations }}
{{ toYaml .Values.metrics.podAnnotations }}
{{- end }}
{{- end -}}
{{/*
Return the proper External DNS image name
*/}}
{{- define "external-dns.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "external-dns.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- else if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "external-dns.createSecret" -}}
{{- if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret (not .Values.alibabacloud.secretName) }}
{{- true -}}
{{- else if and (eq .Values.provider "aws") .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey (not .Values.aws.credentials.secretName) }}
{{- true -}}
{{- else if and (or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns")) (or (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.aadClientId .Values.azure.aadClientSecret (not .Values.azure.useManagedIdentityExtension)) (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.useManagedIdentityExtension)) (not .Values.azure.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "cloudflare") (or .Values.cloudflare.apiToken .Values.cloudflare.apiKey) (not .Values.cloudflare.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "designate") (or .Values.designate.username .Values.designate.password) -}}
{{- true -}}
{{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.apiToken (not .Values.digitalocean.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "google") .Values.google.serviceAccountKey (not .Values.google.serviceAccountSecret) -}}
{{- true -}}
{{- else if and (eq .Values.provider "hetzner") .Values.hetzner.token (not .Values.hetzner.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "infoblox") (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (not .Values.infoblox.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "linode") .Values.linode.apiToken (not .Values.linode.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "oci") .Values.oci.privateKeyFingerprint (not .Values.oci.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "rfc2136") (or .Values.rfc2136.tsigSecret (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword)) (not .Values.rfc2136.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "pdns") .Values.pdns.apiKey (not .Values.pdns.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "transip") .Values.transip.apiKey -}}
{{- true -}}
{{- else if and (eq .Values.provider "ovh") .Values.ovh.consumerKey (not .Values.ovh.secretName) -}}
{{- true -}}
{{- else if and (eq .Values.provider "scaleway") .Values.scaleway.scwAccessKey -}}
{{- true -}}
{{- else if and (eq .Values.provider "vinyldns") (or .Values.vinyldns.secretKey .Values.vinyldns.accessKey) -}}
{{- true -}}
{{- else if and (eq .Values.provider "ns1") .Values.ns1.apiKey (not .Values.ns1.secretName) -}}
{{- true -}}
{{- else -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a configmap object should be created
*/}}
{{- define "external-dns.createConfigMap" -}}
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
{{- true -}}
{{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
{{- true -}}
{{- else -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the Secret used to store the passwords
*/}}
{{- define "external-dns.secretName" -}}
{{- if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.secretName }}
{{- .Values.alibabacloud.secretName }}
{{- else if and (eq .Values.provider "aws") .Values.aws.credentials.secretName }}
{{- .Values.aws.credentials.secretName }}
{{- else if and (or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns")) .Values.azure.secretName }}
{{- .Values.azure.secretName }}
{{- else if and (eq .Values.provider "cloudflare") .Values.cloudflare.secretName }}
{{- .Values.cloudflare.secretName }}
{{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.secretName }}
{{- .Values.digitalocean.secretName }}
{{- else if and (eq .Values.provider "google") .Values.google.serviceAccountSecret }}
{{- .Values.google.serviceAccountSecret }}
{{- else if and (eq .Values.provider "hetzner") .Values.hetzner.secretName }}
{{- .Values.hetzner.secretName }}
{{- else if and (eq .Values.provider "linode") .Values.linode.secretName }}
{{- .Values.linode.secretName }}
{{- else if and (eq .Values.provider "oci") .Values.oci.secretName }}
{{- .Values.oci.secretName }}
{{- else if and (eq .Values.provider "ovh") .Values.ovh.secretName }}
{{- .Values.ovh.secretName }}
{{- else if and (eq .Values.provider "pdns") .Values.pdns.secretName }}
{{- .Values.pdns.secretName }}
{{- else if and (eq .Values.provider "infoblox") .Values.infoblox.secretName }}
{{- .Values.infoblox.secretName }}
{{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.secretName }}
{{- .Values.rfc2136.secretName }}
{{- else if and (eq .Values.provider "ns1") .Values.ns1.secretName }}
{{- .Values.ns1.secretName }}
{{- else -}}
{{- template "external-dns.fullname" . }}
{{- end -}}
{{- end -}}
{{- define "external-dns.alibabacloud-credentials" -}}
{
{{- if .Values.alibabacloud.regionId }}
"regionId": "{{ .Values.alibabacloud.regionId }}",
{{- end }}
{{- if .Values.alibabacloud.vpcId }}
"vpcId": "{{ .Values.alibabacloud.vpcId }}",
{{- end }}
{{- if .Values.alibabacloud.accessKeyId }}
"accessKeyId": "{{ .Values.alibabacloud.accessKeyId }}",
{{- end }}
{{- if .Values.alibabacloud.accessKeySecret }}
"accessKeySecret": "{{ .Values.alibabacloud.accessKeySecret }}"
{{- end }}
}
{{ end }}
{{- define "external-dns.aws-credentials" }}
[default]
aws_access_key_id = {{ .Values.aws.credentials.accessKey }}
aws_secret_access_key = {{ .Values.aws.credentials.secretKey }}
{{ end }}
{{- define "external-dns.aws-config" }}
[profile default]
region = {{ .Values.aws.region }}
{{ end }}
{{- define "external-dns.azure-credentials" -}}
{
{{- if .Values.azure.cloud }}
"cloud": "{{ .Values.azure.cloud }}",
{{- end }}
{{- if .Values.azure.tenantId }}
"tenantId": "{{ .Values.azure.tenantId }}",
{{- end }}
{{- if .Values.azure.subscriptionId }}
"subscriptionId": "{{ .Values.azure.subscriptionId }}",
{{- end }}
"resourceGroup": "{{ .Values.azure.resourceGroup }}",
{{- if not .Values.azure.useManagedIdentityExtension }}
"aadClientId": "{{ .Values.azure.aadClientId }}",
"aadClientSecret": "{{ .Values.azure.aadClientSecret }}"
{{- end }}
{{- if and .Values.azure.useManagedIdentityExtension .Values.azure.userAssignedIdentityID }}
"useManagedIdentityExtension": true,
"userAssignedIdentityID": "{{ .Values.azure.userAssignedIdentityID }}"
{{- else if and .Values.azure.useManagedIdentityExtension (not .Values.azure.userAssignedIdentityID) }}
"useManagedIdentityExtension": true
{{- end }}
}
{{ end }}
{{- define "external-dns.oci-credentials" -}}
auth:
region: {{ .Values.oci.region }}
tenancy: {{ .Values.oci.tenancyOCID }}
user: {{ .Values.oci.userOCID }}
key: {{ toYaml .Values.oci.privateKey | indent 4 }}
fingerprint: {{ .Values.oci.privateKeyFingerprint }}
# Omit if there is not a password for the key
{{- if .Values.oci.privateKeyPassphrase }}
passphrase: {{ .Values.oci.privateKeyPassphrase }}
{{- end }}
compartment: {{ .Values.oci.compartmentOCID }}
{{ end }}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "external-dns.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "external-dns.validateValues.provider" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.sources" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.aws" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.infoblox.gridHost" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.infoblox.wapiPassword" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.pdns.apiUrl" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.pdns.apiKey" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.resourceGroupWithoutTenantId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.resourceGroupWithoutSubscriptionId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.tenantIdWithoutSubscriptionId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.subscriptionIdWithoutTenantId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.userAssignedIdentityIDWithoutUseManagedIdentityExtension" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientSecret" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.resourceGroup" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.tenantId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.subscriptionId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.aadClientId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.aadClientSecret" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientId" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientSecret" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.userAssignedIdentityIDWithoutUseManagedIdentityExtension" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.transip.account" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.transip.apiKey" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.ns1.apiKey" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.linode.apiToken" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.ovh.consumerKey" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.ovh.applicationKey" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.ovh.applicationSecret" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.rfc2136.kerberosRealm" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.rfc2136.kerberosConfig" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwAccessKey" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwSecretKey" .) -}}
{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwDefaultOrganizationId" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must set a provider
*/}}
{{- define "external-dns.validateValues.provider" -}}
{{- if not .Values.provider -}}
external-dns: provider
You must set a provider (options: aws, google, azure, cloudflare, ...)
Please set the provider parameter (--set provider="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide sources to be observed for new DNS entries by ExternalDNS
*/}}
{{- define "external-dns.validateValues.sources" -}}
{{- if empty .Values.sources -}}
external-dns: sources
You must provide sources to be observed for new DNS entries by ExternalDNS
Please set the sources parameter (--set sources="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- The AWS Role to assume must follow ARN format when provider is "aws"
*/}}
{{- define "external-dns.validateValues.aws" -}}
{{- if and (eq .Values.provider "aws") .Values.aws.assumeRoleArn -}}
{{- if not (regexMatch "^arn:(aws|aws-us-gov|aws-cn):iam::.*$" .Values.aws.assumeRoleArn) -}}
external-dns: aws.assumeRoleArn
The AWS Role to assume must follow ARN format: `arn:aws:iam::123455567:role/external-dns`
Ref: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
Please set a valid ARN (--set aws.assumeRoleARN="xxxx")
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the Grid Manager host when provider is "infoblox"
*/}}
{{- define "external-dns.validateValues.infoblox.gridHost" -}}
{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.gridHost) -}}
external-dns: infoblox.gridHost
You must provide the Grid Manager host when provider="infoblox".
Please set the gridHost parameter (--set infoblox.gridHost="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide a WAPI password when provider is "infoblox"
*/}}
{{- define "external-dns.validateValues.infoblox.wapiPassword" -}}
{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.wapiPassword) (not .Values.infoblox.secretName) -}}
external-dns: infoblox.wapiPassword
You must provide a WAPI password when provider="infoblox".
Please set the wapiPassword parameter (--set infoblox.wapiPassword="xxxx")
or you can provide an existing secret name via infoblox.secretName
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the PowerDNS API URL when provider is "pdns"
*/}}
{{- define "external-dns.validateValues.pdns.apiUrl" -}}
{{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiUrl) -}}
external-dns: pdns.apiUrl
You must provide the PowerDNS API URL when provider="pdns".
Please set the apiUrl parameter (--set pdns.apiUrl="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the PowerDNS API key when provider is "pdns"
*/}}
{{- define "external-dns.validateValues.pdns.apiKey" -}}
{{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiKey) (not .Values.pdns.secretName) -}}
external-dns: pdns.apiKey
You must provide the PowerDNS API key when provider="pdns".
Please set the apiKey parameter (--set pdns.apiKey="xxxx")
{{- end -}}
{{- end -}}
{{/* Check if there are rolling tags in the images */}}
{{- define "external-dns.checkRollingTags" -}}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must provide the Azure Resource Group when provider is "azure" and tenantId is set
*/}}
{{- define "external-dns.validateValues.azure.resourceGroupWithoutTenantId" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.resourceGroup) (not .Values.azure.secretName) .Values.azure.tenantId -}}
external-dns: azure.resourceGroup
You must provide the Azure Resource Group when provider="azure" and tenantId is set.
Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must provide the Azure Resource Group when provider is "azure" and subscriptionId is set
*/}}
{{- define "external-dns.validateValues.azure.resourceGroupWithoutSubscriptionId" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.resourceGroup) (not .Values.azure.secretName) .Values.azure.subscriptionId -}}
external-dns: azure.resourceGroup
You must provide the Azure Resource Group when provider="azure" and subscriptionId is set.
Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must provide the Azure Tenant ID when provider is "azure" and secretName is not set and subscriptionId is set
*/}}
{{- define "external-dns.validateValues.azure.tenantIdWithoutSubscriptionId" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.tenantId) (not .Values.azure.secretName) .Values.azure.subscriptionId -}}
external-dns: azure.tenantId
You must provide the Azure Tenant ID when provider="azure" and subscriptionId is set.
Please set the tenantId parameter (--set azure.tenantId="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must provide the Azure Subscription ID when provider is "azure" and secretName is not set and tenantId is set
*/}}
{{- define "external-dns.validateValues.azure.subscriptionIdWithoutTenantId" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.subscriptionId) (not .Values.azure.secretName) .Values.azure.tenantId -}}
external-dns: azure.subscriptionId
You must provide the Azure Subscription ID when provider="azure" and tenantId is set.
Please set the subscriptionId parameter (--set azure.subscriptionId="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must not provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is enabled
*/}}
{{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientId .Values.azure.useManagedIdentityExtension -}}
external-dns: azure.useManagedIdentityExtension
You must not provide the Azure AAD Client ID when provider="azure" and useManagedIdentityExtension is "true".
Please unset the aadClientId parameter (--set azure.aadClientId="")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must not provide the Azure AAD Client secret when provider is "azure", secretName is not set and MSI is enabled
*/}}
{{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientSecret .Values.azure.useManagedIdentityExtension -}}
external-dns: azure.useManagedIdentityExtension
You must not provide the Azure AAD Client Secret when provider="azure" and useManagedIdentityExtension is "true".
Please unset the aadClientSecret parameter (--set azure.aadClientSecret="")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must enable the MSI when provider is "azure", secretName is not set and managed identity ID is set
*/}}
{{- define "external-dns.validateValues.azure.userAssignedIdentityIDWithoutUseManagedIdentityExtension" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.useManagedIdentityExtension) .Values.azure.userAssignedIdentityID -}}
external-dns: azure.userAssignedIdentityID
You must enable the MSI when provider="azure" and userAssignedIdentityID is set.
Please set the useManagedIdentityExtension parameter (--set azure.useManagedIdentityExtension="true")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is disabled and aadClientSecret is set
*/}}
{{- define "external-dns.validateValues.azure.aadClientId" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) .Values.azure.aadClientSecret -}}
external-dns: azure.aadClientId
You must provide the Azure AAD Client ID when provider="azure" and aadClientSecret is set and useManagedIdentityExtension is not set.
Please set the aadClientId parameter (--set azure.aadClientId="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure DNS:
- must provide the Azure AAD Client Secret when provider is "azure", secretName is not set and MSI is disabled and aadClientId is set
*/}}
{{- define "external-dns.validateValues.azure.aadClientSecret" -}}
{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) .Values.azure.aadClientId -}}
external-dns: azure.aadClientSecret
You must provide the Azure AAD Client Secret when provider="azure" and aadClientId is set and useManagedIdentityExtension is not set.
Please set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must provide the Azure AAD Client Secret when provider is "azure-private-dns", secretName is not set and useManagedIdentityExtension is "true"
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientSecret" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) .Values.azure.aadClientSecret .Values.azure.useManagedIdentityExtension -}}
external-dns: azure.useManagedIdentityExtension
You must not provide the Azure AAD Client Secret when provider="azure-private-dns", secretName is not set, and useManagedIdentityExtension is "true".
Please unset the aadClientSecret parameter (--set azure.aadClientSecret="")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must enable the MSI when provider is "azure", secretName is not set and managed identity ID is set
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.userAssignedIdentityIDWithoutUseManagedIdentityExtension" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.useManagedIdentityExtension) .Values.azure.userAssignedIdentityID -}}
external-dns: azure.userAssignedIdentityID
You must enable the MSI when provider="azure-private-dns" and userAssignedIdentityID is set.
Please set the useManagedIdentityExtension parameter (--set azure.useManagedIdentityExtension="true")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must provide the Azure Resource Group when provider is "azure-private-dns"
- azure-private-dns provider does not use azure.json for specifying the resource group so it must be set
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.resourceGroup" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.resourceGroup) -}}
external-dns: azure.resourceGroup
You must provide the Azure Resource Group when provider="azure-private-dns".
Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must provide the Azure Tenant ID when provider is "azure-private-dns"
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.tenantId" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.tenantId) -}}
external-dns: azure.tenantId
You must provide the Azure Tenant ID when provider="azure-private-dns".
Please set the tenantId parameter (--set azure.tenantId="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must provide the Azure Subscription ID when provider is "azure-private-dns"
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.subscriptionId" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.subscriptionId) -}}
external-dns: azure.subscriptionId
You must provide the Azure Subscription ID when provider="azure-private-dns".
Please set the subscriptionId parameter (--set azure.subscriptionId="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must not provide the Azure AAD Client Secret when provider is "azure-private-dns", secretName is not set and MSI is enabled
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientId" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) .Values.azure.aadClientId .Values.azure.useManagedIdentityExtension -}}
external-dns: azure.useManagedIdentityExtension
You must not provide the Azure AAD Client ID when provider="azure-private-dns" and useManagedIdentityExtension is "true".
Please unset the aadClientId parameter (--set azure.aadClientId="")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must provide the Azure AAD Client ID when provider is "azure-private-dns", secret name is not set and MSI is disabled
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.aadClientId" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}}
external-dns: azure.useManagedIdentityExtension
You must provide the Azure AAD Client ID when provider="azure-private-dns" and useManagedIdentityExtension is not set.
Please set the aadClientSecret parameter (--set azure.aadClientId="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of Azure Private DNS:
- must provide the Azure AAD Client Secret when provider is "azure-private-dns", secretName is not set and MSI is disabled
*/}}
{{- define "external-dns.validateValues.azurePrivateDns.aadClientSecret" -}}
{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}}
external-dns: azure.useManagedIdentityExtension
You must provide the Azure AAD Client Secret when provider="azure-private-dns" and useManagedIdentityExtension is not set.
Please set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of TransIP DNS:
- must provide the account name when provider is "transip"
*/}}
{{- define "external-dns.validateValues.transip.account" -}}
{{- if and (eq .Values.provider "transip") (not .Values.transip.account) -}}
external-dns: transip.account
You must provide the TransIP account name when provider="transip".
Please set the account parameter (--set transip.account="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide an API token when provider is "hetzner"
*/}}
{{- define "external-dns.validateValues.hetzner" -}}
{{- if and (eq .Values.provider "hetzner") (or (not .Values.hetzner.token) (not .Values.hetzner.secretName)) -}}
external-dns: hetzner.token
You must provide the a Hetzner API Token when provider="hetzner".
Please set the token parameter (--set hetzner.token="xxxx")
or specify a secret that contains an API token. (--set hetzner.secretName="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of TransIP DNS:
- must provide the API key when provider is "transip"
*/}}
{{- define "external-dns.validateValues.transip.apiKey" -}}
{{- if and (eq .Values.provider "transip") (not .Values.transip.apiKey) -}}
external-dns: transip.apiKey
You must provide the TransIP API key when provider="transip".
Please set the apiKey parameter (--set transip.apiKey="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the Linode API token when provider is "linode"
*/}}
{{- define "external-dns.validateValues.linode.apiToken" -}}
{{- if and (eq .Values.provider "linode") (not .Values.linode.apiToken) (not .Values.linode.secretName) -}}
external-dns: linode.apiToken
You must provide the Linode API token when provider="linode".
Please set the apiToken parameter (--set linode.apiToken="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the NS1 API key when provider is "ns1"
*/}}
{{- define "external-dns.validateValues.ns1.apiKey" -}}
{{- if and (eq .Values.provider "ns1") (not .Values.ns1.apiKey) (not .Values.ns1.secretName) -}}
external-dns: ns1.apiKey
You must provide the NS1 API key when provider="ns1".
Please set the token parameter (--set ns1.apiKey="xxxx")
or specify a secret that contains an API key. (--set ns1.secretName="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the OVH consumer key when provider is "ovh"
*/}}
{{- define "external-dns.validateValues.ovh.consumerKey" -}}
{{- if and (eq .Values.provider "ovh") (not .Values.ovh.consumerKey) (not .Values.ovh.secretName) -}}
external-dns: ovh.consumerKey
You must provide the OVH consumer key when provider="ovh".
Please set the consumerKey parameter (--set ovh.consumerKey="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the OVH application key when provider is "ovh"
*/}}
{{- define "external-dns.validateValues.ovh.applicationKey" -}}
{{- if and (eq .Values.provider "ovh") (not .Values.ovh.applicationKey) (not .Values.ovh.secretName) -}}
external-dns: ovh.applicationKey
You must provide the OVH appliciation key when provider="ovh".
Please set the applicationKey parameter (--set ovh.applicationKey="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the OVH application secret when provider is "ovh"
*/}}
{{- define "external-dns.validateValues.ovh.applicationSecret" -}}
{{- if and (eq .Values.provider "ovh") (not .Values.ovh.applicationSecret) (not .Values.ovh.secretName) -}}
external-dns: ovh.applicationSecret
You must provide the OVH appliciation secret key when provider="ovh".
Please set the applicationSecret parameter (--set ovh.applicationSecret="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of RFC2136 DNS:
- Must provide the kerberos realm when provider is rfc2136 and rfc3645Enabled is true
*/}}
{{- define "external-dns.validateValues.rfc2136.kerberosRealm" -}}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled (not .Values.rfc2136.kerberosRealm) -}}
external-dns: rfc2136.kerberosRealm
You must provide the kerberos realm when provider is rfc2136 and rfc3645Enabled is true
Please set the kerberosRealm parameter (--set rfc2136.kerberosRealm="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of RFC2136 DNS:
- Must provide the kerberos config when provider is rfc2136 and rfc3645Enabled is true
*/}}
{{- define "external-dns.validateValues.rfc2136.kerberosConfig" -}}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled (not .Values.rfc2136.kerberosConfig) -}}
external-dns: rfc2136.kerberosConfig
You must provide the kerberos config when provider is rfc2136 and rfc3645Enabled is true
Please set the kerberosConfig parameter (--set-file rfc2136.kerberosConfig="path/to/krb5.conf")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the Scaleway access key when provider is "scaleway"
*/}}
{{- define "external-dns.validateValues.scaleway.scwAccessKey" -}}
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwAccessKey) -}}
external-dns: scaleway.scwAccessKey
You must provide the Scaleway access key when provider="scaleway".
Please set the scwAccessKey parameter (--set scaleway.scwAccessKey="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the scaleway secret key when provider is "scaleway"
*/}}
{{- define "external-dns.validateValues.scaleway.scwSecretKey" -}}
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwSecretKey) -}}
external-dns: scaleway.scwSecretKey
You must provide the scaleway secret key when provider="scaleway".
Please set the scwSecretKey parameter (--set scaleway.scwSecretKey="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of External DNS:
- must provide the scaleway organization id when provider is "scaleway"
*/}}
{{- define "external-dns.validateValues.scaleway.scwDefaultOrganizationId" -}}
{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwDefaultOrganizationId) -}}
external-dns: scaleway.scwDefaultOrganizationId
You must provide the scaleway organization id key when provider="scaleway".
Please set the scwDefaultOrganizationId parameter (--set scaleway.scwDefaultOrganizationId="xxxx")
{{- end -}}
{{- end -}}
{{/*
Return the ExternalDNS service account name
*/}}
{{- define "external-dns.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "external-dns.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the ExternalDNS namespace to be used
*/}}
{{- define "external-dns.namespace" -}}
{{- if and .Values.rbac.create (not .Values.rbac.clusterRole) -}}
{{ default .Release.Namespace .Values.namespace }}
{{- else if .Values.watchReleaseNamespace -}}
{{ .Release.namespace }}
{{- else -}}
{{ .Values.namespace }}
{{- end -}}
{{- end -}}
{{/*
Return the secret containing external-dns TLS certificates
*/}}
{{- define "external-dns.tlsSecretName" -}}
{{- if .Values.coredns.etcdTLS.autoGenerated -}}
{{- printf "%s-crt" (include "external-dns.fullname" .) -}}
{{- else -}}
{{- $secretName := .Values.coredns.etcdTLS.secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the CA cert file.
*/}}
{{- define "external-dns.tlsCACert" -}}
{{- if .Values.coredns.etcdTLS.autoGenerated }}
{{- printf "ca.crt" -}}
{{- else -}}
{{- printf "%s" .Values.coredns.etcdTLS.caFilename -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the cert file.
*/}}
{{- define "external-dns.tlsCert" -}}
{{- if .Values.coredns.etcdTLS.autoGenerated }}
{{- printf "tls.crt" -}}
{{- else -}}
{{- printf "%s" .Values.coredns.etcdTLS.certFilename -}}
{{- end -}}
{{- end -}}
{{/*
Return the path to the cert key file.
*/}}
{{- define "external-dns.tlsCertKey" -}}
{{- if .Values.coredns.etcdTLS.autoGenerated }}
{{- printf "tls.key" -}}
{{- else -}}
{{- printf "%s" .Values.coredns.etcdTLS.keyFilename -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS secret object should be created
*/}}
{{- define "external-dns.createTlsSecret" -}}
{{- if and .Values.coredns.etcdTLS.enabled .Values.coredns.etcdTLS.autoGenerated }}
{{- true -}}
{{- end -}}
{{- end -}}

127
external-dns/templates/clusterrole.yaml Normal file
View File

@@ -0,0 +1,127 @@
{{- if and .Values.rbac.create .Values.rbac.clusterRole }}
apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
kind: ClusterRole
metadata:
name: {{ template "common.names.fullname.namespace" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- services
- pods
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io"
- getambassador.io
resources:
- ingresses
- hosts
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- networking.istio.io
resources:
- gateways
- virtualservices
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups/status
verbs:
- patch
- update
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- watch
- list
- apiGroups:
- gloo.solo.io
- gateway.solo.io
resources:
- proxies
- virtualservices
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses
verbs:
- get
- list
- watch
{{- if or .Values.crd.create .Values.crd.apiversion }}
- apiGroups:
{{- if .Values.crd.create }}
- externaldns.k8s.io
{{- else }}
- {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }}
{{- end }}
resources:
{{- if .Values.crd.create }}
- dnsendpoints
{{- else }}
- {{ printf "%ss" (.Values.crd.kind | lower) }}
{{- end }}
verbs:
- get
- list
- watch
- apiGroups:
{{- if .Values.crd.create }}
- externaldns.k8s.io
{{- else }}
- {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }}
{{- end }}
resources:
{{- if .Values.crd.create }}
- dnsendpoints/status
{{- else }}
- {{ printf "%ss/status" (.Values.crd.kind | lower) }}
{{- end }}
verbs:
- update
{{- end }}
{{- end }}

22
external-dns/templates/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if and .Values.rbac.create .Values.rbac.clusterRole }}
apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
kind: ClusterRoleBinding
metadata:
name: {{ template "common.names.fullname.namespace" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "common.names.fullname.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ template "external-dns.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

23
external-dns/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if (include "external-dns.createConfigMap" .) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if .Values.designate.customCA.enabled }}
{{ .Values.designate.customCA.filename }}: |
{{ .Values.designate.customCA.content | indent 4 }}
{{- end }}
{{- if .Values.rfc2136.rfc3645Enabled }}
krb5.conf: |
{{ .Values.rfc2136.kerberosConfig | indent 4 }}
{{- end }}
{{- end }}

94
external-dns/templates/crd.yaml Normal file
View File

@@ -0,0 +1,94 @@
{{- if .Values.crd.create }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/external-dns/pull/2007"
creationTimestamp: null
name: dnsendpoints.externaldns.k8s.io
spec:
group: externaldns.k8s.io
names:
kind: DNSEndpoint
listKind: DNSEndpointList
plural: dnsendpoints
singular: dnsendpoint
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DNSEndpointSpec defines the desired state of DNSEndpoint
properties:
endpoints:
items:
description: Endpoint is a high-level way of a connection between a service and an IP
properties:
dnsName:
description: The hostname of the DNS record
type: string
labels:
additionalProperties:
type: string
description: Labels stores labels defined for the Endpoint
type: object
providerSpecific:
description: ProviderSpecific stores provider specific config
items:
description: ProviderSpecificProperty holds the name and value of a configuration which is specific to individual DNS providers
properties:
name:
type: string
value:
type: string
type: object
type: array
recordTTL:
description: TTL for the record
format: int64
type: integer
recordType:
description: RecordType type of record, e.g. CNAME, A, SRV, TXT etc
type: string
setIdentifier:
description: Identifier to distinguish multiple records with the same name and type (e.g. Route53 records with routing policies other than 'simple')
type: string
targets:
description: The targets the DNS record points to
items:
type: string
type: array
type: object
type: array
type: object
status:
description: DNSEndpointStatus defines the observed state of DNSEndpoint
properties:
observedGeneration:
description: The generation observed by the external-dns controller.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

770
external-dns/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,770 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ coalesce .Values.replicas .Values.replicaCount }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{ include "external-dns.labels" . | nindent 8 }}
annotations:
{{- if or .Values.podAnnotations .Values.metrics.enabled }}
{{- include "external-dns.podAnnotations" . | trim | nindent 8 }}
{{- end }}
{{- if (include "external-dns.createSecret" .) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
spec:
{{- include "external-dns.imagePullSecrets" . | nindent 6 }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "external-dns.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: external-dns
image: {{ include "external-dns.image" . | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- else }}
args:
# Generic arguments
- --metrics-address=:{{ .Values.containerPorts.http }}
{{- if .Values.logLevel }}
- --log-level={{ .Values.logLevel }}
{{- end }}
{{- if .Values.logFormat }}
- --log-format={{ .Values.logFormat }}
{{- end }}
{{- if .Values.dryRun }}
- --dry-run
{{- end }}
{{- if .Values.triggerLoopOnEvent }}
- --events
{{- end }}
{{- if (include "external-dns.namespace" .) }}
- --namespace={{ template "external-dns.namespace" . }}
{{- end }}
{{- if .Values.fqdnTemplates }}
- --fqdn-template={{ join "," .Values.fqdnTemplates }}{{/* Explicitly wants comma separated list */}}
{{- end }}
{{- if .Values.combineFQDNAnnotation }}
- --combine-fqdn-annotation
{{- end }}
{{- if and .Values.ignoreHostnameAnnotation .Values.fqdnTemplates }}
- --ignore-hostname-annotation
{{- end }}
{{- if .Values.publishInternalServices }}
- --publish-internal-services
{{- end }}
{{- if .Values.publishHostIP }}
- --publish-host-ip
{{- end }}
{{- range .Values.serviceTypeFilter }}
- --service-type-filter={{ . }}
{{- end }}
{{- range .Values.domainFilters }}
- --domain-filter={{ . }}
{{- end }}
{{- range .Values.excludeDomains }}
- --exclude-domains={{ . }}
{{- end }}
{{- if .Values.regexDomainFilter }}
- --regex-domain-filter={{ .Values.regexDomainFilter }}
{{- end }}
{{- if .Values.regexDomainExclusion }}
- --regex-domain-exclusion={{ .Values.regexDomainExclusion }}
{{- end }}
{{- range .Values.zoneNameFilters }}
- --zone-name-filter={{ . }}
{{- end }}
{{- range .Values.zoneIdFilters }}
- --zone-id-filter={{ . }}
{{- end }}
- --policy={{ .Values.policy }}
- --provider={{ .Values.provider }}
- --registry={{ .Values.registry }}
- --interval={{ .Values.interval }}
{{- if or (ne .Values.registry "aws-sd") .Values.forceTxtOwnerId }}
{{- if .Values.txtOwnerId }}
- --txt-owner-id={{ .Values.txtOwnerId }}
{{- end }}
{{- end }}
{{- if eq .Values.registry "txt" }}
{{- if .Values.txtPrefix }}
- --txt-prefix={{ .Values.txtPrefix }}
{{- end }}
{{- if .Values.txtSuffix }}
- --txt-suffix={{ .Values.txtSuffix }}
{{- end }}
{{- end }}
{{- if .Values.annotationFilter }}
- --annotation-filter={{ .Values.annotationFilter }}
{{- end }}
{{- if .Values.ingressClass }}
- --ingress-class={{ .Values.ingressClass }}
{{- end }}
{{- if .Values.labelFilter }}
- --label-filter={{ .Values.labelFilter }}
{{- end }}
{{- if .Values.crd.apiversion }}
- --crd-source-apiversion={{ .Values.crd.apiversion }}
{{- end }}
{{- if .Values.crd.kind }}
- --crd-source-kind={{ .Values.crd.kind }}
{{- end }}
{{- range .Values.sources }}
- --source={{ . }}
{{- end }}
{{- if eq .Values.provider "alibabacloud" }}
# Alibaba Cloud arguments
{{- if or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName }}
- --alibaba-cloud-config-file=/etc/kubernetes/alibaba-cloud.json
{{- else }}
- --alibaba-cloud-config-file=
{{- end }}
{{- if .Values.alibabacloud.zoneType }}
- --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }}
{{- end }}
{{- end }}
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
# AWS arguments
{{- if .Values.aws.apiRetries }}
- --aws-api-retries={{ .Values.aws.apiRetries }}
{{- end }}
- --aws-zone-type={{ .Values.aws.zoneType }}
{{- if .Values.aws.assumeRoleArn }}
- --aws-assume-role={{ .Values.aws.assumeRoleArn }}
{{- end }}
{{- if .Values.aws.batchChangeSize }}
- --aws-batch-change-size={{ .Values.aws.batchChangeSize }}
{{- end }}
{{- end }}
{{- if .Values.aws.zonesCacheDuration }}
- --aws-zones-cache-duration={{ .Values.aws.zonesCacheDuration }}
{{- end }}
{{- range .Values.aws.zoneTags }}
- --aws-zone-tags={{ . }}
{{- end }}
{{- if .Values.aws.preferCNAME }}
- --aws-prefer-cname
{{- end }}
{{- if and (kindIs "bool" .Values.aws.evaluateTargetHealth) (not .Values.aws.evaluateTargetHealth) }}
- --no-aws-evaluate-target-health
{{- end }}
{{- if or (and (eq .Values.provider "azure") (not .Values.azure.secretName)) (eq .Values.provider "azure-private-dns") }}
# Azure Arguments
{{- if .Values.azure.resourceGroup }}
- --azure-resource-group={{ .Values.azure.resourceGroup }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "azure-private-dns" }}
{{- if .Values.azure.subscriptionId }}
- --azure-subscription-id={{ .Values.azure.subscriptionId }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
# Cloudflare arguments
{{- if .Values.cloudflare.proxied }}
- --cloudflare-proxied
{{- end }}
{{- end }}
{{- if eq .Values.provider "google" }}
# Google Arguments
{{- if .Values.google.project }}
- --google-project={{ .Values.google.project }}
{{- end }}
{{- if .Values.google.zoneVisibility }}
- --google-zone-visibility={{ .Values.google.zoneVisibility }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
# Infloblox Arguments
- --infoblox-grid-host={{ .Values.infoblox.gridHost }}
- --infoblox-view={{ .Values.infoblox.view }}
{{- if .Values.infoblox.domainFilter }}
- --domain-filter={{ .Values.infoblox.domainFilter }}
{{- end }}
{{- if .Values.infoblox.wapiPort }}
- --infoblox-wapi-port={{ .Values.infoblox.wapiPort }}
{{- end }}
{{- if .Values.infoblox.wapiVersion }}
- --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }}
{{- end }}
{{- if .Values.infoblox.noSslVerify }}
- --no-infoblox-ssl-verify
{{- else }}
- --infoblox-ssl-verify
{{- end }}
{{- if .Values.infoblox.maxResults }}
- --infoblox-max-results={{ .Values.infoblox.maxResults }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "ns1" }}
# ns1 arguments
- --ns1-min-ttl={{ .Values.ns1.minTTL }}
{{- end }}
{{- if eq .Values.provider "rfc2136" }}
# RFC 2136 arguments
- --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }}
- --rfc2136-port={{ .Values.rfc2136.port }}
- --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }}
- --rfc2136-min-ttl={{ .Values.rfc2136.minTTL }}
{{- if .Values.rfc2136.tsigAxfr }}
- --rfc2136-tsig-axfr
{{- end }}
{{- if .Values.rfc2136.rfc3645Enabled }}
- --rfc2136-gss-tsig
- --rfc2136-kerberos-realm={{ .Values.rfc2136.kerberosRealm }}
{{- else }}
{{- if .Values.rfc2136.tsigKeyname }}
- --rfc2136-tsig-secret-alg={{ .Values.rfc2136.tsigSecretAlg }}
- --rfc2136-tsig-keyname={{ .Values.rfc2136.tsigKeyname }}
{{- else }}
- --rfc2136-insecure
{{- end }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "pdns" }}
# PowerDNS arguments
- --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }}
- --pdns-api-key=$(PDNS_API_KEY)
{{- end }}
{{- if eq .Values.provider "transip" }}
# TransIP arguments
- --transip-account={{ .Values.transip.account }}
- --transip-keyfile=/transip/transip-api-key
{{- end }}
{{- range $key, $value := .Values.extraArgs }}
# Extra arguments
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
{{- end }}
env:
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
# AWS environment variables
{{- if .Values.aws.region }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.aws.region }}
{{- end }}
{{- if .Values.aws.roleArn }}
- name: AWS_CONFIG_FILE
value: {{ .Values.aws.credentials.mountPath }}/config
{{- end }}
{{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }}
- name: AWS_SHARED_CREDENTIALS_FILE
value: {{ .Values.aws.credentials.mountPath }}/credentials
{{- end }}
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
# Cloudflare environment variables
- name: CF_API_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: cloudflare_api_token
optional: true
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: cloudflare_api_key
optional: true
- name: CF_API_EMAIL
value: {{ .Values.cloudflare.email | quote }}
{{- end }}
{{- if eq .Values.provider "coredns" }}
# CoreDNS environment variables
- name: ETCD_URLS
value: {{ .Values.coredns.etcdEndpoints | quote }}
{{- if .Values.coredns.etcdTLS.enabled }}
- name: ETCD_CERT_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCert" . }}
- name: ETCD_KEY_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCertKey" . }}
- name: ETCD_CA_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCACert" . }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate environment variables
{{- if .Values.designate.customCA.enabled }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- if .Values.designate.username }}
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_username
{{- end }}
{{- if .Values.designate.password }}
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_password
{{- end }}
{{- if .Values.designate.authUrl }}
- name: OS_AUTH_URL
value: {{ .Values.designate.authUrl }}
{{- end }}
{{- if .Values.designate.regionName }}
- name: OS_REGION_NAME
value: {{ .Values.designate.regionName }}
{{- end }}
{{- if .Values.designate.userDomainName }}
- name: OS_USER_DOMAIN_NAME
value: {{ .Values.designate.userDomainName }}
{{- end }}
{{- if .Values.designate.projectName }}
- name: OS_PROJECT_NAME
value: {{ .Values.designate.projectName }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }}
# DigitalOcean environment variables
- name: DO_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: digitalocean_api_token
{{- end }}
{{- if eq .Values.provider "google" }}
# Google environment variables
{{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /etc/secrets/service-account/credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "hetzner" }}
# Hetzner environment variables
{{- if .Values.hetzner.secretName }}
- name: HETZNER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.hetzner.secretName }}
key: {{ .Values.hetzner.secretKey }}
{{- else }}
- name: HETZNER_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: hetzner_token
{{- end }}
{{- end }}
{{- if eq .Values.provider "linode" }}
# Linode environment variables
{{- if or (.Values.linode.apiToken) (.Values.linode.secretName) }}
- name: LINODE_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: linode_api_token
{{- end }}
{{- end }}
{{- if eq .Values.provider "ovh" }}
# OVH environment variables
{{- if or (.Values.ovh.consumerKey) (.Values.ovh.secretName) }}
- name: OVH_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_consumer_key
{{- end }}
{{- if or (.Values.ovh.applicationKey) (.Values.ovh.secretName) }}
- name: OVH_APPLICATION_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_application_key
{{- end }}
{{- if or (.Values.ovh.applicationSecret) (.Values.ovh.secretName) }}
- name: OVH_APPLICATION_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_application_secret
{{- end }}
{{- end }}
{{- if eq .Values.provider "scaleway" }}
# Scaleway environment variables
{{- if .Values.scaleway.scwAccessKey }}
- name: SCW_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_access_key
{{- end }}
{{- if .Values.scaleway.scwSecretKey }}
- name: SCW_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_secret_key
{{- end }}
{{- if .Values.scaleway.scwDefaultOrganizationId }}
- name: SCW_DEFAULT_ORGANIZATION_ID
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_default_organization_id
{{- end }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
# Infloblox environment variables
{{- if .Values.infoblox.wapiConnectionPoolSize }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS
value: "{{ .Values.infoblox.wapiConnectionPoolSize }}"
{{- end }}
{{- if .Values.infoblox.wapiHttpTimeout }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT
value: "{{ .Values.infoblox.wapiHttpTimeout }}"
{{- end }}
{{- if or (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (.Values.infoblox.secretName) }}
- name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_username
- name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_password
{{- end }}
{{- end }}
{{- if .Values.rfc2136.tsigSecret | or (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword) | or .Values.rfc2136.secretName }}
# RFC 2136 environment variables
{{- if .Values.rfc2136.rfc3645Enabled }}
- name: EXTERNAL_DNS_RFC2136_KERBEROS_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: rfc2136_kerberos_username
- name: EXTERNAL_DNS_RFC2136_KERBEROS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: rfc2136_kerberos_password
{{- else }}
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: rfc2136_tsig_secret
{{- end }}
{{- end }}
{{- if eq .Values.provider "pdns" }}
# PowerDNS environment variables
- name: PDNS_API_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: pdns_api_key
{{- end }}
{{- if eq .Values.provider "vinyldns" }}
# VinylDNS environment variables
{{- if .Values.vinyldns.host }}
- name: VINYLDNS_HOST
value: {{ .Values.vinyldns.host }}
{{- end }}
{{- if .Values.vinyldns.accessKey }}
- name: VINYLDNS_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-access-key
{{- end }}
{{- if .Values.vinyldns.secretKey }}
- name: VINYLDNS_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-secret-key
{{- end }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if eq .Values.provider "ns1" }}
# NS1 environment variables
{{- if or (.Values.ns1.apiKey) (.Values.ns1.secretName) }}
- name: NS1_APIKEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ns1-api-key
{{- end }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.containerPorts.http }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud mountPath(s)
- name: alibabacloud-config-file
mountPath: /etc/kubernetes/
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
# AWS mountPath(s)
- name: aws-credentials
mountPath: {{ .Values.aws.credentials.mountPath }}
readOnly: true
{{- end }}
{{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }}
# Azure mountPath(s)
- name: azure-config-file
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
mountPath: /etc/kubernetes/
{{- else }}
mountPath: /etc/kubernetes/azure.json
{{- end }}
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
# CoreDNS mountPath(s)
- name: {{ include "external-dns.tlsSecretName" . }}
mountPath: {{ .Values.coredns.etcdTLS.mountPath }}
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }}
# Google mountPath(s)
- name: google-service-account
mountPath: /etc/secrets/service-account/
{{- end }}
{{- if eq .Values.provider "oci" }}
- name: oci-config-file
mountPath: /etc/kubernetes/
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate mountPath(s)
{{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }}
{{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true" }}
{{- else if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
mountPath: {{ .Values.designate.customCA.mountPath }}
readOnly: true
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
mountPath: {{ .Values.designate.customCAHostPath }}
readOnly: true
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
- name: krb5config
mountPath: /etc/krb5.conf
subPath: krb5.conf
{{- end }}
{{- if (eq .Values.provider "transip") }}
# TransIP mountPath(s)
- name: transip-api-key
mountPath: /transip
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
# Extra volume mount(s)
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud volume(s)
- name: alibabacloud-config-file
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
# AWS volume(s)
- name: aws-credentials
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }}
# Azure and Azure Private DNS volume(s)
- name: azure-config-file
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- else if .Values.azure.useManagedIdentityExtension }}
secret:
secretName: {{ template "external-dns.fullname" . }}
{{- else }}
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- if (eq .Values.provider "oci")}}
- name: oci-config-file
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
# CoreDNS volume(s)
- name: {{ include "external-dns.tlsSecretName" . }}
secret:
secretName: {{ include "external-dns.tlsSecretName" . }}
defaultMode: 400
{{- end }}
{{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }}
# Google volume(s)
- name: google-service-account
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- if and .Values.google.serviceAccountSecret .Values.google.serviceAccountSecretKey }}
items:
- key: {{ .Values.google.serviceAccountSecretKey | quote }}
path: credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate volume(s)
{{- if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
configMap:
name: {{ template "external-dns.fullname" . }}
items:
- key: {{ .Values.designate.customCA.filename }}
path: {{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
hostPath:
path: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
# Kerberos config volume
- name: krb5config
configMap:
name: {{ template "external-dns.fullname" . }}
items:
- key: "krb5.conf"
path: "krb5.conf"
{{- end }}
{{- if (eq .Values.provider "transip") }}
# TransIP volume(s)
- name: transip-api-key
secret:
secretName: {{ template "external-dns.fullname" . }}
{{- end }}
{{- if .Values.extraVolumes }}
# Extra volume(s)
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}

4
external-dns/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

18
external-dns/templates/pdb.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.podDisruptionBudget -}}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "external-dns.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }}
{{- include "common.tplvalues.render" (dict "value" .Values.podDisruptionBudget "context" $) | nindent 2 }}
{{- end -}}

21
external-dns/templates/psp-clusterrole.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.rbac.pspEnabled }}
kind: ClusterRole
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ printf "%s-%s" (include "common.names.fullname.namespace" .) "psp" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "common.names.fullname.namespace" . }}
{{- end }}

23
external-dns/templates/psp-clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.rbac.pspEnabled }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: {{ printf "%s-%s" (include "common.names.fullname.namespace" .) "psp" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ printf "%s-%s" (include "common.names.fullname.namespace" .) "psp" }}
subjects:
- kind: ServiceAccount
name: {{ template "external-dns.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

47
external-dns/templates/psp.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "common.names.fullname.namespace" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'hostPath'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAs'
ranges:
- min: 1001
max: 1001
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1001
max: 1001
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1001
max: 1001
{{- end }}

118
external-dns/templates/role.yaml Normal file
View File

@@ -0,0 +1,118 @@
{{- if and .Values.rbac.create (not .Values.rbac.clusterRole) }}
apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
kind: Role
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ template "external-dns.namespace" . }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- services
- pods
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io"
- getambassador.io
resources:
- ingresses
- hosts
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- networking.istio.io
resources:
- gateways
- virtualservices
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups/status
verbs:
- patch
- update
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- watch
- list
- apiGroups:
- gloo.solo.io
- gateway.solo.io
resources:
- proxies
- virtualservices
verbs:
- get
- list
- watch
{{- if or .Values.crd.create .Values.crd.apiversion }}
- apiGroups:
{{- if .Values.crd.create }}
- externaldns.k8s.io
{{- else }}
- {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }}
{{- end }}
resources:
{{- if .Values.crd.create }}
- dnsendpoints
{{- else }}
- {{ printf "%ss" (.Values.crd.kind | lower) }}
{{- end }}
verbs:
- get
- list
- watch
- apiGroups:
{{- if .Values.crd.create }}
- externaldns.k8s.io
{{- else }}
- {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }}
{{- end }}
resources:
{{- if .Values.crd.create }}
- dnsendpoints/status
{{- else }}
- {{ printf "%ss/status" (.Values.crd.kind | lower) }}
{{- end }}
verbs:
- update
{{- end }}
{{- end }}

22
external-dns/templates/rolebindings.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if and .Values.rbac.create (not .Values.rbac.clusterRole) }}
apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
kind: RoleBinding
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ template "external-dns.namespace" . }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "external-dns.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "external-dns.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

94
external-dns/templates/secret.yaml Normal file
View File

@@ -0,0 +1,94 @@
{{- if (include "external-dns.createSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.secretAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.secretAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if eq .Values.provider "alibabacloud" }}
alibaba-cloud.json: {{ include "external-dns.alibabacloud-credentials" . | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "aws" }}
credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }}
{{- if .Values.aws.region }}
config: {{ include "external-dns.aws-config" . | b64enc | quote }}
{{- end }}
{{- end }}
{{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }}
azure.json: {{ include "external-dns.azure-credentials" . | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "google" }}
credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }}
{{- end }}
{{- if and (eq .Values.provider "hetzner") (not .Values.hetzner.secretName) }}
hetzner_token: {{ .Values.hetzner.token | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
{{- if .Values.cloudflare.apiToken }}
cloudflare_api_token: {{ .Values.cloudflare.apiToken | b64enc | quote }}
{{- else }}
cloudflare_api_key: {{ required "cloudflare.apiKey is required if cloudflare.apiToken is not provided" .Values.cloudflare.apiKey | b64enc | quote }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
{{- if .Values.designate.username }}
designate_username: {{ .Values.designate.username | b64enc | quote }}
{{- end }}
{{- if .Values.designate.password }}
designate_password: {{ .Values.designate.password | b64enc | quote }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "digitalocean" }}
digitalocean_api_token: {{ .Values.digitalocean.apiToken | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }}
infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "linode" }}
linode_api_token: {{ .Values.linode.apiToken | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "oci" }}
oci.yaml: {{ include "external-dns.oci-credentials" . | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "pdns" }}
pdns_api_key: {{ .Values.pdns.apiKey | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "rfc2136" }}
rfc2136_tsig_secret: {{ .Values.rfc2136.tsigSecret | b64enc | quote }}
rfc2136_kerberos_username: {{ .Values.rfc2136.kerberosUsername | b64enc | quote }}
rfc2136_kerberos_password: {{ .Values.rfc2136.kerberosPassword | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "transip" }}
transip-api-key: {{ .Values.transip.apiKey | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "ovh" }}
ovh_consumer_key: {{ .Values.ovh.consumerKey | b64enc | quote }}
ovh_application_key: {{ .Values.ovh.applicationKey | b64enc | quote }}
ovh_application_secret: {{ .Values.ovh.applicationSecret | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "scaleway" }}
scw_access_key: {{ .Values.scaleway.scwAccessKey | b64enc | quote }}
scw_secret_key: {{ .Values.scaleway.scwSecretKey | b64enc | quote }}
scw_default_organization_id: {{ .Values.scaleway.scwDefaultOrganizationId | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "vinyldns" }}
vinyldns-access-key: {{ .Values.vinyldns.accessKey | b64enc | quote }}
vinyldns-secret-key: {{ .Values.vinyldns.secretKey | b64enc | quote }}
{{- end }}
{{- if eq .Values.provider "ns1" }}
ns1-api-key: {{ .Values.ns1.apiKey | b64enc | quote }}
{{- end }}
{{- end }}

52
external-dns/templates/service.yaml Normal file
View File

@@ -0,0 +1,52 @@
{{- if .Values.service.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.service.labels -}}
{{ toYaml .Values.service.labels | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
annotations: {{ toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- name: http
port: {{ .Values.service.ports.http }}
protocol: TCP
targetPort: http
{{- if and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)) }}
nodePort: {{ .Values.service.nodePorts.http }}
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{ include "external-dns.matchLabels" . | nindent 4 }}
{{- end }}

22
external-dns/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "external-dns.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.labels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

47
external-dns/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: http
path: /metrics
{{- with .Values.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
{{- end }}

26
external-dns/templates/tls-secret.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if (include "external-dns.createTlsSecret" .) }}
{{- $ca := genCA "external-dns-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $fullname := include "external-dns.fullname" . }}
{{- $serviceName := include "external-dns.fullname" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "external-dns.fullname" . }}-crt
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}