apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "external-dns.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{ include "external-dns.labels" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: replicas: {{ coalesce .Values.replicas .Values.replicaCount }} {{- if .Values.updateStrategy }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} {{- end }} selector: matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }} template: metadata: labels: {{ include "external-dns.labels" . | nindent 8 }} annotations: {{- if or .Values.podAnnotations .Values.metrics.enabled }} {{- include "external-dns.podAnnotations" . | trim | nindent 8 }} {{- end }} {{- if (include "external-dns.createSecret" .) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- end }} spec: {{- include "external-dns.imagePullSecrets" . | nindent 6 }} {{- if .Values.podSecurityContext.enabled }} securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName | quote }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} serviceAccountName: {{ template "external-dns.serviceAccountName" . }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} {{- if .Values.initContainers }} initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} {{- end }} containers: - name: external-dns image: {{ include "external-dns.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} {{- end }} {{- if .Values.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} {{- else }} args: # Generic arguments - --metrics-address=:{{ .Values.containerPorts.http }} {{- if .Values.logLevel }} - --log-level={{ .Values.logLevel }} {{- end }} {{- if .Values.logFormat }} - --log-format={{ .Values.logFormat }} {{- end }} {{- if .Values.dryRun }} - --dry-run {{- end }} {{- if .Values.triggerLoopOnEvent }} - --events {{- end }} {{- if (include "external-dns.namespace" .) }} - --namespace={{ template "external-dns.namespace" . }} {{- end }} {{- if .Values.fqdnTemplates }} - --fqdn-template={{ join "," .Values.fqdnTemplates }}{{/* Explicitly wants comma separated list */}} {{- end }} {{- if .Values.combineFQDNAnnotation }} - --combine-fqdn-annotation {{- end }} {{- if and .Values.ignoreHostnameAnnotation .Values.fqdnTemplates }} - --ignore-hostname-annotation {{- end }} {{- if .Values.publishInternalServices }} - --publish-internal-services {{- end }} {{- if .Values.publishHostIP }} - --publish-host-ip {{- end }} {{- range .Values.serviceTypeFilter }} - --service-type-filter={{ . }} {{- end }} {{- range .Values.domainFilters }} - --domain-filter={{ . }} {{- end }} {{- range .Values.excludeDomains }} - --exclude-domains={{ . }} {{- end }} {{- if .Values.regexDomainFilter }} - --regex-domain-filter={{ .Values.regexDomainFilter }} {{- end }} {{- if .Values.regexDomainExclusion }} - --regex-domain-exclusion={{ .Values.regexDomainExclusion }} {{- end }} {{- range .Values.zoneNameFilters }} - --zone-name-filter={{ . }} {{- end }} {{- range .Values.zoneIdFilters }} - --zone-id-filter={{ . }} {{- end }} - --policy={{ .Values.policy }} - --provider={{ .Values.provider }} - --registry={{ .Values.registry }} - --interval={{ .Values.interval }} {{- if or (ne .Values.registry "aws-sd") .Values.forceTxtOwnerId }} {{- if .Values.txtOwnerId }} - --txt-owner-id={{ .Values.txtOwnerId }} {{- end }} {{- end }} {{- if eq .Values.registry "txt" }} {{- if .Values.txtPrefix }} - --txt-prefix={{ .Values.txtPrefix }} {{- end }} {{- if .Values.txtSuffix }} - --txt-suffix={{ .Values.txtSuffix }} {{- end }} {{- end }} {{- if .Values.annotationFilter }} - --annotation-filter={{ .Values.annotationFilter }} {{- end }} {{- if .Values.ingressClass }} - --ingress-class={{ .Values.ingressClass }} {{- end }} {{- if .Values.labelFilter }} - --label-filter={{ .Values.labelFilter }} {{- end }} {{- if .Values.crd.apiversion }} - --crd-source-apiversion={{ .Values.crd.apiversion }} {{- end }} {{- if .Values.crd.kind }} - --crd-source-kind={{ .Values.crd.kind }} {{- end }} {{- range .Values.sources }} - --source={{ . }} {{- end }} {{- if eq .Values.provider "alibabacloud" }} # Alibaba Cloud arguments {{- if or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName }} - --alibaba-cloud-config-file=/etc/kubernetes/alibaba-cloud.json {{- else }} - --alibaba-cloud-config-file= {{- end }} {{- if .Values.alibabacloud.zoneType }} - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} {{- end }} {{- end }} {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} # AWS arguments {{- if .Values.aws.apiRetries }} - --aws-api-retries={{ .Values.aws.apiRetries }} {{- end }} - --aws-zone-type={{ .Values.aws.zoneType }} {{- if .Values.aws.assumeRoleArn }} - --aws-assume-role={{ .Values.aws.assumeRoleArn }} {{- end }} {{- if .Values.aws.batchChangeSize }} - --aws-batch-change-size={{ .Values.aws.batchChangeSize }} {{- end }} {{- end }} {{- if .Values.aws.zonesCacheDuration }} - --aws-zones-cache-duration={{ .Values.aws.zonesCacheDuration }} {{- end }} {{- range .Values.aws.zoneTags }} - --aws-zone-tags={{ . }} {{- end }} {{- if .Values.aws.preferCNAME }} - --aws-prefer-cname {{- end }} {{- if and (kindIs "bool" .Values.aws.evaluateTargetHealth) (not .Values.aws.evaluateTargetHealth) }} - --no-aws-evaluate-target-health {{- end }} {{- if or (and (eq .Values.provider "azure") (not .Values.azure.secretName)) (eq .Values.provider "azure-private-dns") }} # Azure Arguments {{- if .Values.azure.resourceGroup }} - --azure-resource-group={{ .Values.azure.resourceGroup }} {{- end }} {{- end }} {{- if eq .Values.provider "azure-private-dns" }} {{- if .Values.azure.subscriptionId }} - --azure-subscription-id={{ .Values.azure.subscriptionId }} {{- end }} {{- end }} {{- if eq .Values.provider "cloudflare" }} # Cloudflare arguments {{- if .Values.cloudflare.proxied }} - --cloudflare-proxied {{- end }} {{- end }} {{- if eq .Values.provider "google" }} # Google Arguments {{- if .Values.google.project }} - --google-project={{ .Values.google.project }} {{- end }} {{- if .Values.google.zoneVisibility }} - --google-zone-visibility={{ .Values.google.zoneVisibility }} {{- end }} {{- end }} {{- if eq .Values.provider "infoblox" }} # Infloblox Arguments - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - --infoblox-view={{ .Values.infoblox.view }} {{- if .Values.infoblox.domainFilter }} - --domain-filter={{ .Values.infoblox.domainFilter }} {{- end }} {{- if .Values.infoblox.wapiPort }} - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} {{- end }} {{- if .Values.infoblox.wapiVersion }} - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} {{- end }} {{- if .Values.infoblox.noSslVerify }} - --no-infoblox-ssl-verify {{- else }} - --infoblox-ssl-verify {{- end }} {{- if .Values.infoblox.maxResults }} - --infoblox-max-results={{ .Values.infoblox.maxResults }} {{- end }} {{- end }} {{- if eq .Values.provider "ns1" }} # ns1 arguments - --ns1-min-ttl={{ .Values.ns1.minTTL }} {{- end }} {{- if eq .Values.provider "rfc2136" }} # RFC 2136 arguments - --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }} - --rfc2136-port={{ .Values.rfc2136.port }} - --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }} - --rfc2136-min-ttl={{ .Values.rfc2136.minTTL }} {{- if .Values.rfc2136.tsigAxfr }} - --rfc2136-tsig-axfr {{- end }} {{- if .Values.rfc2136.rfc3645Enabled }} - --rfc2136-gss-tsig - --rfc2136-kerberos-realm={{ .Values.rfc2136.kerberosRealm }} {{- else }} {{- if .Values.rfc2136.tsigKeyname }} - --rfc2136-tsig-secret-alg={{ .Values.rfc2136.tsigSecretAlg }} - --rfc2136-tsig-keyname={{ .Values.rfc2136.tsigKeyname }} {{- else }} - --rfc2136-insecure {{- end }} {{- end }} {{- end }} {{- if eq .Values.provider "pdns" }} # PowerDNS arguments - --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }} - --pdns-api-key=$(PDNS_API_KEY) {{- end }} {{- if eq .Values.provider "transip" }} # TransIP arguments - --transip-account={{ .Values.transip.account }} - --transip-keyfile=/transip/transip-api-key {{- end }} {{- range $key, $value := .Values.extraArgs }} # Extra arguments {{- if $value }} - --{{ $key }}={{ $value }} {{- else }} - --{{ $key }} {{- end }} {{- end }} {{- end }} env: {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} # AWS environment variables {{- if .Values.aws.region }} - name: AWS_DEFAULT_REGION value: {{ .Values.aws.region }} {{- end }} {{- if .Values.aws.roleArn }} - name: AWS_CONFIG_FILE value: {{ .Values.aws.credentials.mountPath }}/config {{- end }} {{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }} - name: AWS_SHARED_CREDENTIALS_FILE value: {{ .Values.aws.credentials.mountPath }}/credentials {{- end }} {{- end }} {{- if eq .Values.provider "cloudflare" }} # Cloudflare environment variables - name: CF_API_TOKEN valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: cloudflare_api_token optional: true - name: CF_API_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: cloudflare_api_key optional: true - name: CF_API_EMAIL value: {{ .Values.cloudflare.email | quote }} {{- end }} {{- if eq .Values.provider "coredns" }} # CoreDNS environment variables - name: ETCD_URLS value: {{ .Values.coredns.etcdEndpoints | quote }} {{- if .Values.coredns.etcdTLS.enabled }} - name: ETCD_CERT_FILE value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCert" . }} - name: ETCD_KEY_FILE value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCertKey" . }} - name: ETCD_CA_FILE value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCACert" . }} {{- end }} {{- end }} {{- if eq .Values.provider "designate" }} # Designate environment variables {{- if .Values.designate.customCA.enabled }} - name: OPENSTACK_CA_FILE value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }} {{- else if .Values.designate.customCAHostPath }} - name: OPENSTACK_CA_FILE value: {{ .Values.designate.customCAHostPath }} {{- end }} {{- if .Values.designate.username }} - name: OS_USERNAME valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: designate_username {{- end }} {{- if .Values.designate.password }} - name: OS_PASSWORD valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: designate_password {{- end }} {{- if .Values.designate.authUrl }} - name: OS_AUTH_URL value: {{ .Values.designate.authUrl }} {{- end }} {{- if .Values.designate.regionName }} - name: OS_REGION_NAME value: {{ .Values.designate.regionName }} {{- end }} {{- if .Values.designate.userDomainName }} - name: OS_USER_DOMAIN_NAME value: {{ .Values.designate.userDomainName }} {{- end }} {{- if .Values.designate.projectName }} - name: OS_PROJECT_NAME value: {{ .Values.designate.projectName }} {{- end }} {{- end }} {{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }} # DigitalOcean environment variables - name: DO_TOKEN valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: digitalocean_api_token {{- end }} {{- if eq .Values.provider "google" }} # Google environment variables {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /etc/secrets/service-account/credentials.json {{- end }} {{- end }} {{- if eq .Values.provider "hetzner" }} # Hetzner environment variables {{- if .Values.hetzner.secretName }} - name: HETZNER_TOKEN valueFrom: secretKeyRef: name: {{ .Values.hetzner.secretName }} key: {{ .Values.hetzner.secretKey }} {{- else }} - name: HETZNER_TOKEN valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: hetzner_token {{- end }} {{- end }} {{- if eq .Values.provider "linode" }} # Linode environment variables {{- if or (.Values.linode.apiToken) (.Values.linode.secretName) }} - name: LINODE_TOKEN valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: linode_api_token {{- end }} {{- end }} {{- if eq .Values.provider "ovh" }} # OVH environment variables {{- if or (.Values.ovh.consumerKey) (.Values.ovh.secretName) }} - name: OVH_CONSUMER_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: ovh_consumer_key {{- end }} {{- if or (.Values.ovh.applicationKey) (.Values.ovh.secretName) }} - name: OVH_APPLICATION_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: ovh_application_key {{- end }} {{- if or (.Values.ovh.applicationSecret) (.Values.ovh.secretName) }} - name: OVH_APPLICATION_SECRET valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: ovh_application_secret {{- end }} {{- end }} {{- if eq .Values.provider "scaleway" }} # Scaleway environment variables {{- if .Values.scaleway.scwAccessKey }} - name: SCW_ACCESS_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: scw_access_key {{- end }} {{- if .Values.scaleway.scwSecretKey }} - name: SCW_SECRET_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: scw_secret_key {{- end }} {{- if .Values.scaleway.scwDefaultOrganizationId }} - name: SCW_DEFAULT_ORGANIZATION_ID valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: scw_default_organization_id {{- end }} {{- end }} {{- if eq .Values.provider "infoblox" }} # Infloblox environment variables {{- if .Values.infoblox.wapiConnectionPoolSize }} - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" {{- end }} {{- if .Values.infoblox.wapiHttpTimeout }} - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT value: "{{ .Values.infoblox.wapiHttpTimeout }}" {{- end }} {{- if or (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (.Values.infoblox.secretName) }} - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: infoblox_wapi_username - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: infoblox_wapi_password {{- end }} {{- end }} {{- if .Values.rfc2136.tsigSecret | or (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword) | or .Values.rfc2136.secretName }} # RFC 2136 environment variables {{- if .Values.rfc2136.rfc3645Enabled }} - name: EXTERNAL_DNS_RFC2136_KERBEROS_USERNAME valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: rfc2136_kerberos_username - name: EXTERNAL_DNS_RFC2136_KERBEROS_PASSWORD valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: rfc2136_kerberos_password {{- else }} - name: EXTERNAL_DNS_RFC2136_TSIG_SECRET valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: rfc2136_tsig_secret {{- end }} {{- end }} {{- if eq .Values.provider "pdns" }} # PowerDNS environment variables - name: PDNS_API_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: pdns_api_key {{- end }} {{- if eq .Values.provider "vinyldns" }} # VinylDNS environment variables {{- if .Values.vinyldns.host }} - name: VINYLDNS_HOST value: {{ .Values.vinyldns.host }} {{- end }} {{- if .Values.vinyldns.accessKey }} - name: VINYLDNS_ACCESS_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: vinyldns-access-key {{- end }} {{- if .Values.vinyldns.secretKey }} - name: VINYLDNS_SECRET_KEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: vinyldns-secret-key {{- end }} {{- end }} {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if eq .Values.provider "ns1" }} # NS1 environment variables {{- if or (.Values.ns1.apiKey) (.Values.ns1.secretName) }} - name: NS1_APIKEY valueFrom: secretKeyRef: name: {{ template "external-dns.secretName" . }} key: ns1-api-key {{- end }} {{- end }} envFrom: {{- if .Values.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} {{- end }} ports: - name: http containerPort: {{ .Values.containerPorts.http }} {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: path: /healthz port: http initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} {{- else if .Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- else if .Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} {{- end }} {{- if .Values.startupProbe.enabled }} startupProbe: httpGet: path: /healthz port: http initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} periodSeconds: {{ .Values.startupProbe.periodSeconds }} timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} successThreshold: {{ .Values.startupProbe.successThreshold }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} {{- else if .Values.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} {{- end }} {{- if .Values.containerSecurityContext }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} volumeMounts: {{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }} # Alibaba Cloud mountPath(s) - name: alibabacloud-config-file mountPath: /etc/kubernetes/ readOnly: true {{- end }} {{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }} # AWS mountPath(s) - name: aws-credentials mountPath: {{ .Values.aws.credentials.mountPath }} readOnly: true {{- end }} {{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }} # Azure mountPath(s) - name: azure-config-file {{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }} mountPath: /etc/kubernetes/ {{- else }} mountPath: /etc/kubernetes/azure.json {{- end }} readOnly: true {{- end }} {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} # CoreDNS mountPath(s) - name: {{ include "external-dns.tlsSecretName" . }} mountPath: {{ .Values.coredns.etcdTLS.mountPath }} readOnly: true {{- end }} {{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }} # Google mountPath(s) - name: google-service-account mountPath: /etc/secrets/service-account/ {{- end }} {{- if eq .Values.provider "oci" }} - name: oci-config-file mountPath: /etc/kubernetes/ {{- end }} {{- if eq .Values.provider "designate" }} # Designate mountPath(s) {{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }} {{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true" }} {{- else if .Values.designate.customCA.enabled }} - name: designate-custom-ca mountPath: {{ .Values.designate.customCA.mountPath }} readOnly: true {{- else if .Values.designate.customCAHostPath }} - name: designate-custom-ca-hostpath mountPath: {{ .Values.designate.customCAHostPath }} readOnly: true {{- end }} {{- end }} {{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }} - name: krb5config mountPath: /etc/krb5.conf subPath: krb5.conf {{- end }} {{- if (eq .Values.provider "transip") }} # TransIP mountPath(s) - name: transip-api-key mountPath: /transip readOnly: true {{- end }} {{- if .Values.extraVolumeMounts }} # Extra volume mount(s) {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: {{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }} # Alibaba Cloud volume(s) - name: alibabacloud-config-file secret: secretName: {{ template "external-dns.secretName" . }} {{- end }} {{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }} # AWS volume(s) - name: aws-credentials secret: secretName: {{ template "external-dns.secretName" . }} {{- end }} {{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }} # Azure and Azure Private DNS volume(s) - name: azure-config-file {{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }} secret: secretName: {{ template "external-dns.secretName" . }} {{- else if .Values.azure.useManagedIdentityExtension }} secret: secretName: {{ template "external-dns.fullname" . }} {{- else }} hostPath: path: /etc/kubernetes/azure.json type: File {{- end }} {{- end }} {{- if (eq .Values.provider "oci")}} - name: oci-config-file secret: secretName: {{ template "external-dns.secretName" . }} {{- end }} {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} # CoreDNS volume(s) - name: {{ include "external-dns.tlsSecretName" . }} secret: secretName: {{ include "external-dns.tlsSecretName" . }} defaultMode: 400 {{- end }} {{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }} # Google volume(s) - name: google-service-account secret: secretName: {{ template "external-dns.secretName" . }} {{- if and .Values.google.serviceAccountSecret .Values.google.serviceAccountSecretKey }} items: - key: {{ .Values.google.serviceAccountSecretKey | quote }} path: credentials.json {{- end }} {{- end }} {{- if eq .Values.provider "designate" }} # Designate volume(s) {{- if .Values.designate.customCA.enabled }} - name: designate-custom-ca configMap: name: {{ template "external-dns.fullname" . }} items: - key: {{ .Values.designate.customCA.filename }} path: {{ .Values.designate.customCA.filename }} {{- else if .Values.designate.customCAHostPath }} - name: designate-custom-ca-hostpath hostPath: path: {{ .Values.designate.customCAHostPath }} {{- end }} {{- end }} {{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }} # Kerberos config volume - name: krb5config configMap: name: {{ template "external-dns.fullname" . }} items: - key: "krb5.conf" path: "krb5.conf" {{- end }} {{- if (eq .Values.provider "transip") }} # TransIP volume(s) - name: transip-api-key secret: secretName: {{ template "external-dns.fullname" . }} {{- end }} {{- if .Values.extraVolumes }} # Extra volume(s) {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }}