From e67a0a1e604773f27014bafded45c4e601f67fe8 Mon Sep 17 00:00:00 2001 From: Steve Hipwell Date: Fri, 1 Dec 2023 11:40:17 +0000 Subject: [PATCH] feat(chart): Added complex provider support Signed-off-by: Steve Hipwell --- .github/workflows/lint-test-chart.yaml | 21 ++ charts/external-dns/README.md | 197 +++++++++------ charts/external-dns/README.md.gotmpl | 80 ++++++ charts/external-dns/ci/ci-values.yaml | 3 +- charts/external-dns/templates/_helpers.tpl | 11 + charts/external-dns/templates/deployment.yaml | 2 +- charts/external-dns/values.schema.json | 28 ++- charts/external-dns/values.yaml | 238 ++++++++++-------- 8 files changed, 388 insertions(+), 192 deletions(-) create mode 100644 charts/external-dns/README.md.gotmpl diff --git a/.github/workflows/lint-test-chart.yaml b/.github/workflows/lint-test-chart.yaml index eb22146ebf..f0bfda6a75 100644 --- a/.github/workflows/lint-test-chart.yaml +++ b/.github/workflows/lint-test-chart.yaml @@ -18,6 +18,27 @@ jobs: with: fetch-depth: 0 + - name: Install Helm Docs + uses: action-stars/install-tool-from-github-release@58e2dd20166c0eb19ab9ac4d0966c930a647ee69 # v0.2.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + owner: norwoodj + repository: helm-docs + arch_amd64: x86_64 + os_linux: Linux + check_command: helm-docs --version + version: latest + + - name: Run Helm Docs check + run: | + set -euo pipefail + helm-docs + if [[ -n "$(git status --porcelain --untracked-files=no)" ]] + then + echo "Documentation not up to date. Please run helm-docs and commit changes!" >&2 + exit 1 + fi + - name: Install Artifact Hub CLI uses: action-stars/install-tool-from-github-release@58e2dd20166c0eb19ab9ac4d0966c930a647ee69 # v0.2.0 with: diff --git a/charts/external-dns/README.md b/charts/external-dns/README.md index 3aa899a645..f1b8fb8681 100644 --- a/charts/external-dns/README.md +++ b/charts/external-dns/README.md @@ -1,6 +1,20 @@ -# ExternalDNS +# external-dns -[ExternalDNS](https://github.com/kubernetes-sigs/external-dns/) synchronizes exposed Kubernetes Services and Ingresses with DNS providers. +![Version: 1.13.1](https://img.shields.io/badge/Version-1.13.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.6](https://img.shields.io/badge/AppVersion-0.13.6-informational?style=flat-square) + +ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| stevehipwell | | | + +## Source Code + +* ## Installing the Chart @@ -13,87 +27,28 @@ helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ After you've installed the repo you can install the chart. ```shell -helm upgrade --install external-dns external-dns/external-dns +helm upgrade --install external-dns external-dns/external-dns --version 1.13.1 ``` -## Configuration - -The following table lists the configurable parameters of the _ExternalDNS_ chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------| -| `image.repository` | Image repository. | `registry.k8s.io/external-dns/external-dns` | -| `image.tag` | Image tag, will override the default tag derived from the chart app version. | `""` | -| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `imagePullSecrets` | Image pull secrets. | `[]` | -| `nameOverride` | Override the `name` of the chart. | `""` | -| `fullnameOverride` | Override the `fullname` of the chart. | `""` | -| `serviceAccount.create` | If `true`, create a new `serviceaccount`. | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | -| `serviceAccount.labels` | Labels to add to the service account. | `{}` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | `""` | -| `serviceAccount.automountServiceAccountToken` | Opt out of the [service account token automounting feature](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the service account | `null` | -| `rbac.create` | If `true`, create the RBAC resources. | `true` | -| `rbac.additionalPermissions` | Additional permissions to be added to the cluster role. | `{}` | -| `initContainers` | Add init containers to the pod. | `[]` | -| `deploymentAnnotations` | Annotations to add to the Deployment. | `{}` | -| `podLabels` | Labels to add to the pod. | `{}` | -| `podAnnotations` | Annotations to add to the pod. | `{}` | -| `podSecurityContext` | Security context for the pod, this supports the full [PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core) API. | _see values.yaml_ | -| `shareProcessNamespace` | If `true` enable [Process Namespace Sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) | `false` | -| `securityContext` | Security context for the _external-dns_ container, this supports the full [SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core) API. | _see values.yaml_ | -| `priorityClassName` | Priority class name to use for the pod. | `""` | -| `terminationGracePeriodSeconds` | Termination grace period for the pod. | `null` | -| `serviceMonitor.enabled` | If `true`, create a _Prometheus_ service monitor. | `false` | -| `serviceMonitor.namespace` | Forced namespace for ServiceMonitor. | `null` | -| `serviceMonitor.annotations` | Annotations to be set on the ServiceMonitor. | `{}` | -| `serviceMonitor.additionalLabels` | Additional labels to be set on the ServiceMonitor. | `{}` | -| `serviceMonitor.interval` | _Prometheus_ scrape frequency. | `null` | -| `serviceMonitor.scrapeTimeout` | _Prometheus_ scrape timeout. | `null` | -| `serviceMonitor.scheme` | _Prometheus_ scrape scheme. | `null` | -| `serviceMonitor.tlsConfig` | _Prometheus_ scrape tlsConfig. | `{}` | -| `serviceMonitor.metricRelabelings` | _Prometheus_ scrape metricRelabelings. | `[]` | -| `serviceMonitor.relabelings` | _Prometheus_ scrape relabelings. | `[]` | -| `serviceMonitor.targetLabels` | _Prometheus_ scrape targetLabels. | `[]` | -| `env` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the _external-dns_ container, this supports the full [EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core) API including secrets and configmaps. | `[]` | -| `livenessProbe` | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for the _external-dns_ container, this supports the full [Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#probe-v1-core) API. | See _values.yaml_ | -| `readinessProbe` | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for the _external-dns_ container, this supports the full [Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#probe-v1-core) API. | See _values.yaml_ | -| `service.annotations` | Annotations to add to the service. | `{}` | -| `service.port` | Port to expose via the service. | `7979` | -| `extraVolumes` | Additional volumes for the pod, this supports the full [VolumeDevice](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumedevice-v1-core) API. | `[]` | -| `extraVolumeMounts` | Additional volume mounts for the _external-dns_ container, this supports the full [VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core) API. | `[]` | -| `resources` | Resource requests and limits for the _external-dns_ container, this supports the full [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#resourcerequirements-v1-core) API. | `{}` | -| `nodeSelector` | Node labels for pod assignment. | `{}` | -| `tolerations` | Tolerations for pod assignment, this supports the full [Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#toleration-v1-core) API. | `[]` | -| `affinity` | Affinity settings for pod assignment, this supports the full [Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core) API. | `{}` | -| `topologySpreadConstraints` | TopologySpreadConstraint settings for pod assignment, this supports the full [TopologySpreadConstraints](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#topologyspreadconstraint-v1-core) API. | `[]` | -| `logLevel` | Verbosity of the logs, available values are: `panic`, `debug`, `info`, `warning`, `error`, `fatal`. | `info` | -| `logFormat` | Formats of the logs, available values are: `text`, `json`. | `text` | -| `interval` | The interval for DNS updates. | `1m` | -| `triggerLoopOnEvent` | When enabled, triggers run loop on create/update/delete events in addition of regular interval. | `false` | -| `namespaced` | When enabled, external-dns runs on namespace scope. Additionally, Role and Rolebinding will be namespaced, too. | `false` | -| `sources` | K8s resources type to be observed for new DNS entries. | See _values.yaml_ | -| `policy` | How DNS records are synchronized between sources and providers, available values are: `sync`, `upsert-only`. | `upsert-only` | -| `registry` | Registry Type, available types are: `txt`, `noop`. | `txt` | -| `txtOwnerId` | TXT registry identifier. | `""` | -| `txtPrefix` | Prefix to create a TXT record with a name following the pattern `prefix.`. | `""` | -| `domainFilters` | Limit possible target zones by domain suffixes. | `[]` | -| `provider` | DNS provider where the DNS records will be created, for the available providers and how to configure them see the [README](https://github.com/kubernetes-sigs/external-dns#deploying-to-a-cluster) (this can be templated). | `aws` | -| `extraArgs` | Extra arguments to pass to the _external-dns_ container, these are needed for provider specific arguments (these can be templated). | `[]` | -| `deploymentStrategy` | .spec.strategy of the external-dns Deployment. Defaults to 'Recreate' since multiple external-dns pods may conflict with each other. | `{type: Recreate}` | -| `secretConfiguration.enabled` | Enable additional secret configuration. | `false` | -| `secretConfiguration.mountPath` | Mount path of secret configuration secret (this can be templated). | `""` | -| `secretConfiguration.data` | Secret configuration secret data. Could be used to store DNS provider credentials. | `{}` | -| `secretConfiguration.subPath` | Sub-path of secret configuration secret (this can be templated). | `""` | -| `automountServiceAccountToken` | Opt out of the [service account token automounting feature](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the pod | `null` | -| `revisionHistoryLimit` | Optional field that specifies the number of old ReplicaSets to retain to allow rollback with the Deployment. | `null` | - -## Namespaced scoped installation +## Providers + +Configuring the _ExternalDNS_ provider should be done via the `provider.name` value with provider specific configuration being set via the +`provider..` values, where supported, and the `extraArgs` value. For legacy support `provider` can be set to the name of the +provider with all additional configuration being set via the `extraArgs` value. + +### Providers with Specific Configuration Support + +| Provider | Supported | +|------------------------|------------| +| `webhook` | ❌ | + +## Namespaced Scoped Installation external-dns supports running on a namespaced only scope, too. If `namespaced=true` is defined, the helm chart will setup `Roles` and `RoleBindings` instead `ClusterRoles` and `ClusterRoleBindings`. -### Limited supported +### Limited Supported + Not all sources are supported in namespaced scope, since some sources depends on cluster-wide resources. For example: Source `node` isn't supported, since `kind: Node` has scope `Cluster`. Sources like `istio-virtualservice` only work, if all resources like `Gateway` and `VirtualService` are present in the same @@ -101,12 +56,12 @@ namespaces as `external-dns`. The annotation `external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP` is not supported. -If `namespaced` is set to `true`, please ensure that `sources` my only contains supported sources (Default: `service,ingress`. +If `namespaced` is set to `true`, please ensure that `sources` my only contains supported sources (Default: `service,ingress`). -### Support matrix +### Support Matrix -| Source | Supported | Infos | -|------------------------|-----------|------------------------| +| Source | Supported | Infos | +|------------------------|------------|------------------------| | `ingress` | ✅ | | | `istio-gateway` | ✅ | | | `istio-virtualservice` | ✅ | | @@ -116,6 +71,84 @@ If `namespaced` is set to `true`, please ensure that `sources` my only contains | `skipper-routegroup` | ✅ | | | `gloo-proxy` | ✅ | | | `contour-httpproxy` | ✅ | | -| `service` | ⚠️️ | NodePort not supported | +| `service` | ⚠️️ | NodePort not supported | | `node` | ❌ | | | `pod` | ❌ | | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. | +| automountServiceAccountToken | bool | `nil` | Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `Pod`. | +| commonLabels | object | `{}` | Labels to add to all chart resources. | +| deploymentAnnotations | object | `{}` | Annotations to add to the `Deployment`. | +| deploymentStrategy | object | `{"type":"Recreate"}` | [Deployment Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). | +| dnsPolicy | string | `nil` | [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for the pod, if not set the default will be used. | +| domainFilters | list | `[]` | | +| env | list | `[]` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `external-dns` container. | +| extraArgs | list | `[]` | Extra arguments to provide to _ExternalDNS_. | +| extraVolumeMounts | list | `[]` | Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `external-dns` container. | +| extraVolumes | list | `[]` | Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. | +| fullnameOverride | string | `nil` | Override the full name of the chart. | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `external-dns` container. | +| image.repository | string | `"registry.k8s.io/external-dns/external-dns"` | Image repository for the `external-dns` container. | +| image.tag | string | `nil` | Image tag for the `external-dns` container, this will default to `.Chart.AppVersion` if not set. | +| imagePullSecrets | list | `[]` | Image pull secrets. | +| initContainers | list | `[]` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) to add to the `Pod` definition. | +| interval | string | `"1m"` | Interval for DNS updates. | +| livenessProbe | object | See _values.yaml_ | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. | +| logFormat | string | `"text"` | Log format. | +| logLevel | string | `"info"` | Log level. | +| nameOverride | string | `nil` | Override the name of the chart. | +| namespaced | bool | `false` | if `true`, _ExternalDNS_ will run in a namespaced scope (`Role`` and `Rolebinding`` will be namespaced too). | +| nodeSelector | object | `{}` | Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | +| podAnnotations | object | `{}` | Annotations to add to the `Pod`. | +| podLabels | object | `{}` | Labels to add to the `Pod`. | +| podSecurityContext | object | See _values.yaml_ | [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. | +| policy | string | `"upsert-only"` | How DNS records are synchronized between sources and providers; available values are `sync` & `upsert-only`. | +| priorityClassName | string | `nil` | Priority class name for the `Pod`. | +| provider.name | string | `"aws"` | _ExternalDNS_ provider name; for the available providers and how to configure them see the [README](https://github.com/kubernetes-sigs/external-dns#deploying-to-a-cluster). | +| rbac.additionalPermissions | list | `[]` | Additional rules to add to the `ClusterRole`. | +| rbac.create | bool | `true` | If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API. | +| readinessProbe | object | See _values.yaml_ | Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. | +| registry | string | `"txt"` | Specify the registry for storing ownership and labels. Valid values are `txt`, `aws-sd`, `dynamodb` & `noop`. | +| resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. | +| revisionHistoryLimit | int | `nil` | Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. | +| secretConfiguration.data | object | `{}` | `Secret` data. | +| secretConfiguration.enabled | bool | `false` | If `true`, create a `Secret` to store sensitive provider configuration. | +| secretConfiguration.mountPath | string | `nil` | Mount path for the `Secret`, this can be templated. | +| secretConfiguration.subPath | string | `nil` | Sub-path for mounting the `Secret`, this can be templated. | +| securityContext | object | See _values.yaml_ | [Security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core) for the `external-dns` container. | +| service.annotations | object | `{}` | Service annotations. | +| service.port | int | `7979` | Service HTTP port. | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | +| serviceAccount.automountServiceAccountToken | string | `nil` | Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`. | +| serviceAccount.create | bool | `true` | If `true`, create a new `ServiceAccount`. | +| serviceAccount.labels | object | `{}` | Labels to add to the service account. | +| serviceAccount.name | string | `nil` | If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. | +| serviceMonitor.additionalLabels | object | `{}` | Additional labels for the `ServiceMonitor`. | +| serviceMonitor.annotations | object | `{}` | Annotations to add to the `ServiceMonitor`. | +| serviceMonitor.bearerTokenFile | string | `nil` | Provide a bearer token file for the `ServiceMonitor`. | +| serviceMonitor.enabled | bool | `false` | If `true`, create a `ServiceMonitor` resource to support the _Prometheus Operator_. | +| serviceMonitor.interval | string | `nil` | If set override the _Prometheus_ default interval. | +| serviceMonitor.metricRelabelings | list | `[]` | [Metric relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion. | +| serviceMonitor.namespace | string | `nil` | If set create the `ServiceMonitor` in an alternate namespace. | +| serviceMonitor.relabelings | list | `[]` | [Relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before ingestion. | +| serviceMonitor.scheme | string | `nil` | If set overrides the _Prometheus_ default scheme. | +| serviceMonitor.scrapeTimeout | string | `nil` | If set override the _Prometheus_ default scrape timeout. | +| serviceMonitor.targetLabels | list | `[]` | Provide target labels for the `ServiceMonitor`. | +| serviceMonitor.tlsConfig | object | `{}` | Configure the `ServiceMonitor` [TLS config](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig). | +| shareProcessNamespace | bool | `false` | If `true`, the `Pod` will have [process namespace sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) enabled. | +| sources | list | `["service","ingress"]` | _Kubernetes_ resources to monitor for DNS entries. | +| terminationGracePeriodSeconds | int | `nil` | Termination grace period for the `Pod` in seconds. | +| tolerations | list | `[]` | Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | +| topologySpreadConstraints | list | `[]` | Topology spread constraints for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided one will be created from the pod selector labels. | +| triggerLoopOnEvent | bool | `false` | If `true`, triggers run loop on create/update/delete events in addition of regular interval. | +| txtOwnerId | string | `nil` | Specify an identifier for this instance of _ExternalDNS_ wWhen using a registry other than `noop`. | +| txtPrefix | string | `nil` | Specify a prefix for the domain names of TXT records created for the `txt` registry. Mutually exclusive with `txtSuffix`. | +| txtSuffix | string | `nil` | Specify a suffix for the domain names of TXT records created for the `txt` registry. Mutually exclusive with `txtPrefix`. | + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). diff --git a/charts/external-dns/README.md.gotmpl b/charts/external-dns/README.md.gotmpl new file mode 100644 index 0000000000..40dd65f125 --- /dev/null +++ b/charts/external-dns/README.md.gotmpl @@ -0,0 +1,80 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +## Installing the Chart + +Before you can install the chart you will need to add the `external-dns` repo to [Helm](https://helm.sh/). + +```shell +helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ +``` + +After you've installed the repo you can install the chart. + +```shell +helm upgrade --install {{ template "chart.name" . }} external-dns/{{ template "chart.name" . }} --version {{ template "chart.version" . }} +``` + +## Providers + +Configuring the _ExternalDNS_ provider should be done via the `provider.name` value with provider specific configuration being set via the +`provider..` values, where supported, and the `extraArgs` value. For legacy support `provider` can be set to the name of the +provider with all additional configuration being set via the `extraArgs` value. + +### Providers with Specific Configuration Support + +| Provider | Supported | +|------------------------|------------| +| `webhook` | ❌ | + +## Namespaced Scoped Installation + +external-dns supports running on a namespaced only scope, too. +If `namespaced=true` is defined, the helm chart will setup `Roles` and `RoleBindings` instead `ClusterRoles` and `ClusterRoleBindings`. + +### Limited Supported + +Not all sources are supported in namespaced scope, since some sources depends on cluster-wide resources. +For example: Source `node` isn't supported, since `kind: Node` has scope `Cluster`. +Sources like `istio-virtualservice` only work, if all resources like `Gateway` and `VirtualService` are present in the same +namespaces as `external-dns`. + +The annotation `external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP` is not supported. + +If `namespaced` is set to `true`, please ensure that `sources` my only contains supported sources (Default: `service,ingress`). + +### Support Matrix + +| Source | Supported | Infos | +|------------------------|------------|------------------------| +| `ingress` | ✅ | | +| `istio-gateway` | ✅ | | +| `istio-virtualservice` | ✅ | | +| `crd` | ✅ | | +| `kong-tcpingress` | ✅ | | +| `openshift-route` | ✅ | | +| `skipper-routegroup` | ✅ | | +| `gloo-proxy` | ✅ | | +| `contour-httpproxy` | ✅ | | +| `service` | ⚠️️ | NodePort not supported | +| `node` | ❌ | | +| `pod` | ❌ | | + + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). diff --git a/charts/external-dns/ci/ci-values.yaml b/charts/external-dns/ci/ci-values.yaml index 6c1735cbac..4d278e94be 100644 --- a/charts/external-dns/ci/ci-values.yaml +++ b/charts/external-dns/ci/ci-values.yaml @@ -1 +1,2 @@ -provider: inmemory +provider: + name: inmemory diff --git a/charts/external-dns/templates/_helpers.tpl b/charts/external-dns/templates/_helpers.tpl index 4f70ccdd8c..a24eec53f6 100644 --- a/charts/external-dns/templates/_helpers.tpl +++ b/charts/external-dns/templates/_helpers.tpl @@ -70,3 +70,14 @@ The image to use {{- define "external-dns.image" -}} {{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} {{- end }} + +{{/* +Provider name, Keeps backward compatibility on provider +*/}} +{{- define "external-dns.providerName" -}} +{{- if eq (typeOf .Values.provider) "string" }} +{{- .Values.provider }} +{{- else }} +{{- .Values.provider.name }} +{{- end }} +{{- end }} diff --git a/charts/external-dns/templates/deployment.yaml b/charts/external-dns/templates/deployment.yaml index 6d4646590c..ef8ad2e200 100644 --- a/charts/external-dns/templates/deployment.yaml +++ b/charts/external-dns/templates/deployment.yaml @@ -103,7 +103,7 @@ spec: {{- range .Values.domainFilters }} - --domain-filter={{ . }} {{- end }} - - --provider={{ tpl .Values.provider $ }} + - --provider={{ include "external-dns.providerName" . }} {{- range .Values.extraArgs }} - {{ tpl . $ }} {{- end }} diff --git a/charts/external-dns/values.schema.json b/charts/external-dns/values.schema.json index 7b2fd22b99..94b043afe0 100644 --- a/charts/external-dns/values.schema.json +++ b/charts/external-dns/values.schema.json @@ -3,7 +3,19 @@ "type": "object", "properties": { "provider": { - "type": "string" + "anyOf": [ + { + "type": "string" + }, + { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + ] }, "extraArgs": { "type": "array", @@ -14,8 +26,20 @@ "secretConfiguration": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, "mountPath": { - "type": "string" + "type": [ + "string", + "null" + ] + }, + "subPath": { + "type": [ + "string", + "null" + ] }, "data": { "type": "object", diff --git a/charts/external-dns/values.yaml b/charts/external-dns/values.yaml index 5bc9003645..e12eed3cfc 100644 --- a/charts/external-dns/values.yaml +++ b/charts/external-dns/values.yaml @@ -3,118 +3,108 @@ # Declare variables to be passed into your templates. image: + # -- Image repository for the `external-dns` container. repository: registry.k8s.io/external-dns/external-dns - # Overrides the image tag whose default is v{{ .Chart.AppVersion }} - tag: "" + # -- (string) Image tag for the `external-dns` container, this will default to `.Chart.AppVersion` if not set. + tag: + # -- Image pull policy for the `external-dns` container. pullPolicy: IfNotPresent +# -- Image pull secrets. imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" +# -- (string) Override the name of the chart. +nameOverride: +# -- (string) Override the full name of the chart. +fullnameOverride: + +# -- Labels to add to all chart resources. commonLabels: {} serviceAccount: - # opt out of the service account token automounting (at the service account level) + # -- If `true`, create a new `ServiceAccount`. + create: true + # -- Labels to add to the service account. + labels: {} + # -- Annotations to add to the service account. + annotations: {} + # -- (string) If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. + name: + # -- Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`. automountServiceAccountToken: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account +service: + # -- Service annotations. annotations: {} - # Labels to add to the service account - labels: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" + # -- Service HTTP port. + port: 7979 rbac: - # Specifies whether RBAC resources should be created + # -- If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API. create: true + # -- Additional rules to add to the `ClusterRole`. additionalPermissions: [] -initContainers: [] - -# Annotations to add to the Deployment +# -- Annotations to add to the `Deployment`. deploymentAnnotations: {} +# -- [Deployment Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). +deploymentStrategy: + type: Recreate + +# -- (int) Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. +revisionHistoryLimit: + +# -- Labels to add to the `Pod`. podLabels: {} -# Annotations to add to the Pod +# -- Annotations to add to the `Pod`. podAnnotations: {} +# -- (bool) Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `Pod`. +automountServiceAccountToken: + +# -- If `true`, the `Pod` will have [process namespace sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) enabled. shareProcessNamespace: false +# -- [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. +# @default -- See _values.yaml_ podSecurityContext: + runAsNonRoot: true fsGroup: 65534 seccompProfile: type: RuntimeDefault -securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 65534 - readOnlyRootFilesystem: true - capabilities: - drop: ["ALL"] - -# Defaults to `ClusterFirst`. -# Valid values are: `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. -dnsPolicy: - -priorityClassName: "" +# -- (string) Priority class name for the `Pod`. +priorityClassName: +# -- (int) Termination grace period for the `Pod` in seconds. terminationGracePeriodSeconds: -serviceMonitor: - enabled: false - # force namespace - # namespace: monitoring - - # Fallback to the prometheus default unless specified - # interval: 10s - - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - # scheme: "" - - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig - # tlsConfig: {} - - # bearerTokenFile: - # Fallback to the prometheus default unless specified - # scrapeTimeout: 30s - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} - - ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - annotations: {} - - ## Metric relabel configs to apply to samples before ingestion. - ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] +# -- (string) [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for the pod, if not set the default will be used. +dnsPolicy: - ## Relabel configs to apply to samples before ingestion. - ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace +# -- [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) to add to the `Pod` definition. +initContainers: [] - targetLabels: [] +# -- [Security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core) for the `external-dns` container. +# @default -- See _values.yaml_ +securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + capabilities: + drop: ["ALL"] +# -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `external-dns` container. env: [] +# -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. +# @default -- See _values.yaml_ livenessProbe: httpGet: path: /healthz @@ -125,6 +115,8 @@ livenessProbe: failureThreshold: 2 successThreshold: 1 +# -- Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. +# @default -- See _values.yaml_ readinessProbe: httpGet: path: /healthz @@ -135,70 +127,104 @@ readinessProbe: failureThreshold: 6 successThreshold: 1 -service: - port: 7979 - annotations: {} - +# -- Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. extraVolumes: [] +# -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `external-dns` container. extraVolumeMounts: [] +# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. resources: {} +# -- Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). nodeSelector: {} -tolerations: [] - +# -- Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. affinity: {} +# -- Topology spread constraints for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided one will be created from the pod selector labels. topologySpreadConstraints: [] +# -- Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +tolerations: [] + +serviceMonitor: + # -- If `true`, create a `ServiceMonitor` resource to support the _Prometheus Operator_. + enabled: false + # -- Additional labels for the `ServiceMonitor`. + additionalLabels: {} + # -- Annotations to add to the `ServiceMonitor`. + annotations: {} + # -- (string) If set create the `ServiceMonitor` in an alternate namespace. + namespace: + # -- (string) If set override the _Prometheus_ default interval. + interval: + # -- (string) If set override the _Prometheus_ default scrape timeout. + scrapeTimeout: + # -- (string) If set overrides the _Prometheus_ default scheme. + scheme: + # -- Configure the `ServiceMonitor` [TLS config](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig). + tlsConfig: {} + # -- (string) Provide a bearer token file for the `ServiceMonitor`. + bearerTokenFile: + # -- [Relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before ingestion. + relabelings: [] + # -- [Metric relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion. + metricRelabelings: [] + # -- Provide target labels for the `ServiceMonitor`. + targetLabels: [] + +# -- Log level. logLevel: info + +# -- Log format. logFormat: text +# -- Interval for DNS updates. interval: 1m + +# -- If `true`, triggers run loop on create/update/delete events in addition of regular interval. triggerLoopOnEvent: false +# -- if `true`, _ExternalDNS_ will run in a namespaced scope (`Role`` and `Rolebinding`` will be namespaced too). namespaced: false +# -- _Kubernetes_ resources to monitor for DNS entries. sources: - service - ingress +# -- How DNS records are synchronized between sources and providers; available values are `sync` & `upsert-only`. policy: upsert-only -# Specifies the registry for storing ownership and labels. -# Valid values are "aws-sd", "noop", "dynamodb", and "txt". +# -- Specify the registry for storing ownership and labels. +# Valid values are `txt`, `aws-sd`, `dynamodb` & `noop`. registry: txt -# When using a registry other than "noop", specifies a name that -# uniquely identifies this instance of external-dns. -txtOwnerId: "" -# Specifies a prefix for the domain names of TXT records created by the "txt" registry. Optional. Mutually exclusive with `txtSuffix`. -txtPrefix: "" -# Specifies a suffix for the domain names of TXT records created by the "txt" registry. Optional. Mutually exclusive with `txtPrefix`. -txtSuffix: "" - +# -- (string) Specify an identifier for this instance of _ExternalDNS_ wWhen using a registry other than `noop`. +txtOwnerId: +# -- (string) Specify a prefix for the domain names of TXT records created for the `txt` registry. +# Mutually exclusive with `txtSuffix`. +txtPrefix: +# -- (string) Specify a suffix for the domain names of TXT records created for the `txt` registry. +# Mutually exclusive with `txtPrefix`. +txtSuffix: + +## - Limit possible target zones by domain suffixes. domainFilters: [] -provider: aws +provider: + # -- _ExternalDNS_ provider name; for the available providers and how to configure them see the [README](https://github.com/kubernetes-sigs/external-dns#deploying-to-a-cluster). + name: aws +# -- Extra arguments to provide to _ExternalDNS_. extraArgs: [] secretConfiguration: + # -- If `true`, create a `Secret` to store sensitive provider configuration. enabled: false - mountPath: "" - subPath: "" + # -- Mount path for the `Secret`, this can be templated. + mountPath: + # -- Sub-path for mounting the `Secret`, this can be templated. + subPath: + # -- `Secret` data. data: {} - # credentials: | - # [default] - # aws_access_key_id = $SECRET_ACCESS_KEY - # aws_secret_access_key = $SECRET_ACCESS_KEY - -deploymentStrategy: - type: Recreate - -# Optional field that specifies the number of old ReplicaSets to retain to allow rollback with the Deployment. -revisionHistoryLimit: - -# opt out of the service account token automounting (at the pod level) -automountServiceAccountToken: