apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "external-dns.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ coalesce .Values.replicas .Values.replicaCount }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{ include "external-dns.labels" . | nindent 8 }}
annotations:
{{- if or .Values.podAnnotations .Values.metrics.enabled }}
{{- include "external-dns.podAnnotations" . | trim | nindent 8 }}
{{- end }}
{{- if (include "external-dns.createSecret" .) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
spec:
{{- include "external-dns.imagePullSecrets" . | nindent 6 }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "external-dns.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: external-dns
image: {{ include "external-dns.image" . | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- else }}
args:
# Generic arguments
- --metrics-address=:{{ .Values.containerPorts.http }}
{{- if .Values.logLevel }}
- --log-level={{ .Values.logLevel }}
{{- end }}
{{- if .Values.logFormat }}
- --log-format={{ .Values.logFormat }}
{{- end }}
{{- if .Values.dryRun }}
- --dry-run
{{- end }}
{{- if .Values.triggerLoopOnEvent }}
- --events
{{- end }}
{{- if (include "external-dns.namespace" .) }}
- --namespace={{ template "external-dns.namespace" . }}
{{- end }}
{{- if .Values.fqdnTemplates }}
- --fqdn-template={{ join "," .Values.fqdnTemplates }}{{/* Explicitly wants comma separated list */}}
{{- end }}
{{- if .Values.combineFQDNAnnotation }}
- --combine-fqdn-annotation
{{- end }}
{{- if and .Values.ignoreHostnameAnnotation .Values.fqdnTemplates }}
- --ignore-hostname-annotation
{{- end }}
{{- if .Values.publishInternalServices }}
- --publish-internal-services
{{- end }}
{{- if .Values.publishHostIP }}
- --publish-host-ip
{{- end }}
{{- range .Values.serviceTypeFilter }}
- --service-type-filter={{ . }}
{{- end }}
{{- range .Values.domainFilters }}
- --domain-filter={{ . }}
{{- end }}
{{- range .Values.excludeDomains }}
- --exclude-domains={{ . }}
{{- end }}
{{- if .Values.regexDomainFilter }}
- --regex-domain-filter={{ .Values.regexDomainFilter }}
{{- end }}
{{- if .Values.regexDomainExclusion }}
- --regex-domain-exclusion={{ .Values.regexDomainExclusion }}
{{- end }}
{{- range .Values.zoneNameFilters }}
- --zone-name-filter={{ . }}
{{- end }}
{{- range .Values.zoneIdFilters }}
- --zone-id-filter={{ . }}
{{- end }}
- --policy={{ .Values.policy }}
- --provider={{ .Values.provider }}
- --registry={{ .Values.registry }}
- --interval={{ .Values.interval }}
{{- if or (ne .Values.registry "aws-sd") .Values.forceTxtOwnerId }}
{{- if .Values.txtOwnerId }}
- --txt-owner-id={{ .Values.txtOwnerId }}
{{- end }}
{{- end }}
{{- if eq .Values.registry "txt" }}
{{- if .Values.txtPrefix }}
- --txt-prefix={{ .Values.txtPrefix }}
{{- end }}
{{- if .Values.txtSuffix }}
- --txt-suffix={{ .Values.txtSuffix }}
{{- end }}
{{- end }}
{{- if .Values.annotationFilter }}
- --annotation-filter={{ .Values.annotationFilter }}
{{- end }}
{{- if .Values.ingressClass }}
- --ingress-class={{ .Values.ingressClass }}
{{- end }}
{{- if .Values.labelFilter }}
- --label-filter={{ .Values.labelFilter }}
{{- end }}
{{- if .Values.crd.apiversion }}
- --crd-source-apiversion={{ .Values.crd.apiversion }}
{{- end }}
{{- if .Values.crd.kind }}
- --crd-source-kind={{ .Values.crd.kind }}
{{- end }}
{{- range .Values.sources }}
- --source={{ . }}
{{- end }}
{{- if eq .Values.provider "alibabacloud" }}
# Alibaba Cloud arguments
{{- if or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName }}
- --alibaba-cloud-config-file=/etc/kubernetes/alibaba-cloud.json
{{- else }}
- --alibaba-cloud-config-file=
{{- end }}
{{- if .Values.alibabacloud.zoneType }}
- --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }}
{{- end }}
{{- end }}
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
# AWS arguments
{{- if .Values.aws.apiRetries }}
- --aws-api-retries={{ .Values.aws.apiRetries }}
{{- end }}
- --aws-zone-type={{ .Values.aws.zoneType }}
{{- if .Values.aws.assumeRoleArn }}
- --aws-assume-role={{ .Values.aws.assumeRoleArn }}
{{- end }}
{{- if .Values.aws.batchChangeSize }}
- --aws-batch-change-size={{ .Values.aws.batchChangeSize }}
{{- end }}
{{- end }}
{{- if .Values.aws.zonesCacheDuration }}
- --aws-zones-cache-duration={{ .Values.aws.zonesCacheDuration }}
{{- end }}
{{- range .Values.aws.zoneTags }}
- --aws-zone-tags={{ . }}
{{- end }}
{{- if .Values.aws.preferCNAME }}
- --aws-prefer-cname
{{- end }}
{{- if and (kindIs "bool" .Values.aws.evaluateTargetHealth) (not .Values.aws.evaluateTargetHealth) }}
- --no-aws-evaluate-target-health
{{- end }}
{{- if or (and (eq .Values.provider "azure") (not .Values.azure.secretName)) (eq .Values.provider "azure-private-dns") }}
# Azure Arguments
{{- if .Values.azure.resourceGroup }}
- --azure-resource-group={{ .Values.azure.resourceGroup }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "azure-private-dns" }}
{{- if .Values.azure.subscriptionId }}
- --azure-subscription-id={{ .Values.azure.subscriptionId }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
# Cloudflare arguments
{{- if .Values.cloudflare.proxied }}
- --cloudflare-proxied
{{- end }}
{{- end }}
{{- if eq .Values.provider "google" }}
# Google Arguments
{{- if .Values.google.project }}
- --google-project={{ .Values.google.project }}
{{- end }}
{{- if .Values.google.zoneVisibility }}
- --google-zone-visibility={{ .Values.google.zoneVisibility }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
# Infloblox Arguments
- --infoblox-grid-host={{ .Values.infoblox.gridHost }}
- --infoblox-view={{ .Values.infoblox.view }}
{{- if .Values.infoblox.domainFilter }}
- --domain-filter={{ .Values.infoblox.domainFilter }}
{{- end }}
{{- if .Values.infoblox.wapiPort }}
- --infoblox-wapi-port={{ .Values.infoblox.wapiPort }}
{{- end }}
{{- if .Values.infoblox.wapiVersion }}
- --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }}
{{- end }}
{{- if .Values.infoblox.noSslVerify }}
- --no-infoblox-ssl-verify
{{- else }}
- --infoblox-ssl-verify
{{- end }}
{{- if .Values.infoblox.maxResults }}
- --infoblox-max-results={{ .Values.infoblox.maxResults }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "ns1" }}
# ns1 arguments
- --ns1-min-ttl={{ .Values.ns1.minTTL }}
{{- end }}
{{- if eq .Values.provider "rfc2136" }}
# RFC 2136 arguments
- --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }}
- --rfc2136-port={{ .Values.rfc2136.port }}
- --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }}
- --rfc2136-min-ttl={{ .Values.rfc2136.minTTL }}
{{- if .Values.rfc2136.tsigAxfr }}
- --rfc2136-tsig-axfr
{{- end }}
{{- if .Values.rfc2136.rfc3645Enabled }}
- --rfc2136-gss-tsig
- --rfc2136-kerberos-realm={{ .Values.rfc2136.kerberosRealm }}
{{- else }}
{{- if .Values.rfc2136.tsigKeyname }}
- --rfc2136-tsig-secret-alg={{ .Values.rfc2136.tsigSecretAlg }}
- --rfc2136-tsig-keyname={{ .Values.rfc2136.tsigKeyname }}
{{- else }}
- --rfc2136-insecure
{{- end }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "pdns" }}
# PowerDNS arguments
- --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }}
- --pdns-api-key=$(PDNS_API_KEY)
{{- end }}
{{- if eq .Values.provider "transip" }}
# TransIP arguments
- --transip-account={{ .Values.transip.account }}
- --transip-keyfile=/transip/transip-api-key
{{- end }}
{{- range $key, $value := .Values.extraArgs }}
# Extra arguments
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
{{- end }}
env:
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
# AWS environment variables
{{- if .Values.aws.region }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.aws.region }}
{{- end }}
{{- if .Values.aws.roleArn }}
- name: AWS_CONFIG_FILE
value: {{ .Values.aws.credentials.mountPath }}/config
{{- end }}
{{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }}
- name: AWS_SHARED_CREDENTIALS_FILE
value: {{ .Values.aws.credentials.mountPath }}/credentials
{{- end }}
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
# Cloudflare environment variables
- name: CF_API_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: cloudflare_api_token
optional: true
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: cloudflare_api_key
optional: true
- name: CF_API_EMAIL
value: {{ .Values.cloudflare.email | quote }}
{{- end }}
{{- if eq .Values.provider "coredns" }}
# CoreDNS environment variables
- name: ETCD_URLS
value: {{ .Values.coredns.etcdEndpoints | quote }}
{{- if .Values.coredns.etcdTLS.enabled }}
- name: ETCD_CERT_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCert" . }}
- name: ETCD_KEY_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCertKey" . }}
- name: ETCD_CA_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCACert" . }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate environment variables
{{- if .Values.designate.customCA.enabled }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- if .Values.designate.username }}
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_username
{{- end }}
{{- if .Values.designate.password }}
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_password
{{- end }}
{{- if .Values.designate.authUrl }}
- name: OS_AUTH_URL
value: {{ .Values.designate.authUrl }}
{{- end }}
{{- if .Values.designate.regionName }}
- name: OS_REGION_NAME
value: {{ .Values.designate.regionName }}
{{- end }}
{{- if .Values.designate.userDomainName }}
- name: OS_USER_DOMAIN_NAME
value: {{ .Values.designate.userDomainName }}
{{- end }}
{{- if .Values.designate.projectName }}
- name: OS_PROJECT_NAME
value: {{ .Values.designate.projectName }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }}
# DigitalOcean environment variables
- name: DO_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: digitalocean_api_token
{{- end }}
{{- if eq .Values.provider "google" }}
# Google environment variables
{{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /etc/secrets/service-account/credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "hetzner" }}
# Hetzner environment variables
{{- if .Values.hetzner.secretName }}
- name: HETZNER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.hetzner.secretName }}
key: {{ .Values.hetzner.secretKey }}
{{- else }}
- name: HETZNER_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: hetzner_token
{{- end }}
{{- end }}
{{- if eq .Values.provider "linode" }}
# Linode environment variables
{{- if or (.Values.linode.apiToken) (.Values.linode.secretName) }}
- name: LINODE_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: linode_api_token
{{- end }}
{{- end }}
{{- if eq .Values.provider "ovh" }}
# OVH environment variables
{{- if or (.Values.ovh.consumerKey) (.Values.ovh.secretName) }}
- name: OVH_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_consumer_key
{{- end }}
{{- if or (.Values.ovh.applicationKey) (.Values.ovh.secretName) }}
- name: OVH_APPLICATION_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_application_key
{{- end }}
{{- if or (.Values.ovh.applicationSecret) (.Values.ovh.secretName) }}
- name: OVH_APPLICATION_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_application_secret
{{- end }}
{{- end }}
{{- if eq .Values.provider "scaleway" }}
# Scaleway environment variables
{{- if .Values.scaleway.scwAccessKey }}
- name: SCW_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_access_key
{{- end }}
{{- if .Values.scaleway.scwSecretKey }}
- name: SCW_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_secret_key
{{- end }}
{{- if .Values.scaleway.scwDefaultOrganizationId }}
- name: SCW_DEFAULT_ORGANIZATION_ID
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: scw_default_organization_id
{{- end }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
# Infloblox environment variables
{{- if .Values.infoblox.wapiConnectionPoolSize }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS
value: "{{ .Values.infoblox.wapiConnectionPoolSize }}"
{{- end }}
{{- if .Values.infoblox.wapiHttpTimeout }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT
value: "{{ .Values.infoblox.wapiHttpTimeout }}"
{{- end }}
{{- if or (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (.Values.infoblox.secretName) }}
- name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_username
- name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_password
{{- end }}
{{- end }}
{{- if .Values.rfc2136.tsigSecret | or (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword) | or .Values.rfc2136.secretName }}
# RFC 2136 environment variables
{{- if .Values.rfc2136.rfc3645Enabled }}
- name: EXTERNAL_DNS_RFC2136_KERBEROS_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: rfc2136_kerberos_username
- name: EXTERNAL_DNS_RFC2136_KERBEROS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: rfc2136_kerberos_password
{{- else }}
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: rfc2136_tsig_secret
{{- end }}
{{- end }}
{{- if eq .Values.provider "pdns" }}
# PowerDNS environment variables
- name: PDNS_API_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: pdns_api_key
{{- end }}
{{- if eq .Values.provider "vinyldns" }}
# VinylDNS environment variables
{{- if .Values.vinyldns.host }}
- name: VINYLDNS_HOST
value: {{ .Values.vinyldns.host }}
{{- end }}
{{- if .Values.vinyldns.accessKey }}
- name: VINYLDNS_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-access-key
{{- end }}
{{- if .Values.vinyldns.secretKey }}
- name: VINYLDNS_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-secret-key
{{- end }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if eq .Values.provider "ns1" }}
# NS1 environment variables
{{- if or (.Values.ns1.apiKey) (.Values.ns1.secretName) }}
- name: NS1_APIKEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ns1-api-key
{{- end }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.containerPorts.http }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud mountPath(s)
- name: alibabacloud-config-file
mountPath: /etc/kubernetes/
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
# AWS mountPath(s)
- name: aws-credentials
mountPath: {{ .Values.aws.credentials.mountPath }}
readOnly: true
{{- end }}
{{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }}
# Azure mountPath(s)
- name: azure-config-file
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
mountPath: /etc/kubernetes/
{{- else }}
mountPath: /etc/kubernetes/azure.json
{{- end }}
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
# CoreDNS mountPath(s)
- name: {{ include "external-dns.tlsSecretName" . }}
mountPath: {{ .Values.coredns.etcdTLS.mountPath }}
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }}
# Google mountPath(s)
- name: google-service-account
mountPath: /etc/secrets/service-account/
{{- end }}
{{- if eq .Values.provider "oci" }}
- name: oci-config-file
mountPath: /etc/kubernetes/
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate mountPath(s)
{{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }}
{{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true" }}
{{- else if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
mountPath: {{ .Values.designate.customCA.mountPath }}
readOnly: true
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
mountPath: {{ .Values.designate.customCAHostPath }}
readOnly: true
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
- name: krb5config
mountPath: /etc/krb5.conf
subPath: krb5.conf
{{- end }}
{{- if (eq .Values.provider "transip") }}
# TransIP mountPath(s)
- name: transip-api-key
mountPath: /transip
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
# Extra volume mount(s)
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud volume(s)
- name: alibabacloud-config-file
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
# AWS volume(s)
- name: aws-credentials
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }}
# Azure and Azure Private DNS volume(s)
- name: azure-config-file
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- else if .Values.azure.useManagedIdentityExtension }}
secret:
secretName: {{ template "external-dns.fullname" . }}
{{- else }}
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- if (eq .Values.provider "oci")}}
- name: oci-config-file
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
# CoreDNS volume(s)
- name: {{ include "external-dns.tlsSecretName" . }}
secret:
secretName: {{ include "external-dns.tlsSecretName" . }}
defaultMode: 400
{{- end }}
{{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }}
# Google volume(s)
- name: google-service-account
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- if and .Values.google.serviceAccountSecret .Values.google.serviceAccountSecretKey }}
items:
- key: {{ .Values.google.serviceAccountSecretKey | quote }}
path: credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate volume(s)
{{- if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
configMap:
name: {{ template "external-dns.fullname" . }}
items:
- key: {{ .Values.designate.customCA.filename }}
path: {{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
hostPath:
path: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }}
# Kerberos config volume
- name: krb5config
configMap:
name: {{ template "external-dns.fullname" . }}
items:
- key: "krb5.conf"
path: "krb5.conf"
{{- end }}
{{- if (eq .Values.provider "transip") }}
# TransIP volume(s)
- name: transip-api-key
secret:
secretName: {{ template "external-dns.fullname" . }}
{{- end }}
{{- if .Values.extraVolumes }}
# Extra volume(s)
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}