diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index 061e27b9..6cd88fbb 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -142,8 +142,14 @@ releases: namespace: cozy-telepresence dependsOn: [] +- name: external-dns + releaseName: external-dns + chart: cozy-external-dns + namespace: cozy-external-dns + dependsOn: [cilium] + - name: external-secrets-operator releaseName: external-secrets-operator chart: cozy-external-secrets-operator namespace: cozy-external-secrets-operator - dependsOn: [cilium] \ No newline at end of file + dependsOn: [cilium] diff --git a/packages/core/platform/bundles/distro-hosted.yaml b/packages/core/platform/bundles/distro-hosted.yaml index 5be68fbb..09f6f1f5 100644 --- a/packages/core/platform/bundles/distro-hosted.yaml +++ b/packages/core/platform/bundles/distro-hosted.yaml @@ -93,6 +93,12 @@ releases: namespace: cozy-telepresence dependsOn: [] +- name: external-dns + releaseName: external-dns + chart: cozy-external-dns + namespace: cozy-external-dns + dependsOn: [] + - name: external-secrets-operator releaseName: external-secrets-operator chart: cozy-external-secrets-operator diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index ed9a81c5..78481828 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -217,8 +217,14 @@ releases: privileged: true dependsOn: [cilium,kubeovn,capi-operator] +- name: external-dns + releaseName: external-dns + chart: cozy-external-dns + namespace: cozy-external-dns + dependsOn: [cilium,kubeovn] + - name: external-secrets-operator releaseName: external-secrets-operator chart: cozy-external-secrets-operator namespace: cozy-external-secrets-operator - dependsOn: [cilium,kubeovn] \ No newline at end of file + dependsOn: [cilium,kubeovn] diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 2f63f870..63500982 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -99,6 +99,12 @@ releases: namespace: cozy-telepresence dependsOn: [] +- name: external-dns + releaseName: external-dns + chart: cozy-external-dns + namespace: cozy-external-dns + dependsOn: [cilium,kubeovn] + - name: external-secrets-operator releaseName: external-secrets-operator chart: cozy-external-secrets-operator diff --git a/packages/extra/ingress/templates/dashboard.yaml b/packages/extra/ingress/templates/dashboard.yaml index 940fdefe..106f2e6a 100644 --- a/packages/extra/ingress/templates/dashboard.yaml +++ b/packages/extra/ingress/templates/dashboard.yaml @@ -1,29 +1,36 @@ -{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} -{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} -{{- if .Values.dashboard }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - acme.cert-manager.io/http01-ingress-class: tenant-root - name: dashboard-{{ .Release.Namespace }} - namespace: cozy-dashboard -spec: - ingressClassName: {{ .Release.Namespace }} - rules: - - host: dashboard.{{ $host }} - http: - paths: - - backend: - service: - name: dashboard - port: - number: 80 - path: / - pathType: Prefix - tls: - - hosts: - - dashboard.{{ $host }} - secretName: dashboard-{{ .Release.Namespace }}-tls +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + +{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} +{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} + +{{- if .Values.dashboard }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + {{- if eq $issuerType "cloudflare" }} + {{- else }} + acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }} + {{- end }} + name: dashboard-{{ .Release.Namespace }} + namespace: cozy-dashboard +spec: + ingressClassName: {{ .Release.Namespace }} + rules: + - host: dashboard.{{ $host }} + http: + paths: + - backend: + service: + name: dashboard + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - dashboard.{{ $host }} + secretName: dashboard-{{ .Release.Namespace }}-tls {{- end }} diff --git a/packages/extra/monitoring/templates/alerta/alerta.yaml b/packages/extra/monitoring/templates/alerta/alerta.yaml index e723661e..18932f56 100644 --- a/packages/extra/monitoring/templates/alerta/alerta.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta.yaml @@ -1,3 +1,6 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} @@ -146,7 +149,9 @@ metadata: app: alerta annotations: acme.cert-manager.io/http01-ingress-class: {{ $ingress }} - cert-manager.io/cluster-issuer: letsencrypt-prod + {{- if ne $issuerType "cloudflare" }} + acme.cert-manager.io/http01-ingress-class: {{ $ingress }} + {{- end }} spec: ingressClassName: {{ $ingress }} tls: diff --git a/packages/extra/monitoring/templates/grafana/grafana.yaml b/packages/extra/monitoring/templates/grafana/grafana.yaml index 5cbff82f..4e1e65a6 100644 --- a/packages/extra/monitoring/templates/grafana/grafana.yaml +++ b/packages/extra/monitoring/templates/grafana/grafana.yaml @@ -1,3 +1,6 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} @@ -90,7 +93,9 @@ spec: ingress: metadata: annotations: - acme.cert-manager.io/http01-ingress-class: "{{ $ingress }}" + {{- if ne $issuerType "cloudflare" }} + acme.cert-manager.io/http01-ingress-class: "{{ $ingress }}" + {{- end }} cert-manager.io/cluster-issuer: letsencrypt-prod spec: ingressClassName: "{{ $ingress }}" diff --git a/packages/system/cert-manager-issuers/templates/cluster-issuers.yaml b/packages/system/cert-manager-issuers/templates/cluster-issuers.yaml index ec52575f..2d8b050d 100644 --- a/packages/system/cert-manager-issuers/templates/cluster-issuers.yaml +++ b/packages/system/cert-manager-issuers/templates/cluster-issuers.yaml @@ -1,35 +1,56 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - annotations: - name: letsencrypt-prod -spec: - acme: - privateKeySecretRef: - name: letsencrypt-prod - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - class: nginx ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-stage -spec: - acme: - privateKeySecretRef: +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + privateKeySecretRef: + name: letsencrypt-prod + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - {{- if eq $issuerType "cloudflare" }} + dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token + {{- else }} + http01: + ingress: + class: nginx + {{- end }} + +--- + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-stage + acme: + privateKeySecretRef: name: letsencrypt-stage - server: https://acme-staging-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - class: nginx ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned-cluster-issuer -spec: - selfSigned: {} + server: https://acme-staging-v02.api.letsencrypt.org/directory + solvers: + - {{- if eq $issuerType "cloudflare" }} + dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token + {{- else }} + http01: + ingress: + class: nginx + {{- end }} + +--- + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-cluster-issuer +spec: + selfSigned: {} \ No newline at end of file diff --git a/packages/system/external-dns/.helmignore b/packages/system/external-dns/.helmignore new file mode 100644 index 00000000..d5c178e8 --- /dev/null +++ b/packages/system/external-dns/.helmignore @@ -0,0 +1,3 @@ +images +hack +.gitkeep diff --git a/packages/system/external-dns/Chart.yaml b/packages/system/external-dns/Chart.yaml new file mode 100644 index 00000000..5223150a --- /dev/null +++ b/packages/system/external-dns/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-external-dns +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/external-dns/Makefile b/packages/system/external-dns/Makefile new file mode 100644 index 00000000..1ddfa773 --- /dev/null +++ b/packages/system/external-dns/Makefile @@ -0,0 +1,10 @@ +export NAME=external-dns +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package.mk + +update: + rm -rf charts + helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ + helm repo update external-dns + helm pull external-dns/external-dns --untar --untardir charts \ No newline at end of file diff --git a/packages/system/external-dns/charts/external-dns/.helmignore b/packages/system/external-dns/charts/external-dns/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system/external-dns/charts/external-dns/CHANGELOG.md b/packages/system/external-dns/charts/external-dns/CHANGELOG.md new file mode 100644 index 00000000..02b467e1 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/CHANGELOG.md @@ -0,0 +1,219 @@ +# ExternalDNS Helm Chart Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +--- + + + +## [UNRELEASED] + +## [v1.15.0] - 2023-09-10 + +### Changed + +- Updated _ExternalDNS_ OCI image version to [v0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0). ([#xxxx](https://github.com/kubernetes-sigs/external-dns/pull/xxxx)) _@stevehipwell_ + +### Fixed + +- Fixed `provider.webhook.resources` behavior to correctly leverage resource limits. ([#4560](https://github.com/kubernetes-sigs/external-dns/pull/4560)) _@crutonjohn_ +- Fixed `provider.webhook.imagePullPolicy` behavior to correctly leverage pull policy. ([#4643](https://github.com/kubernetes-sigs/external-dns/pull/4643)) _@kimsondrup_ +- Fixed to add correct webhook metric port to `Service` and `ServiceMonitor`. ([#4643](https://github.com/kubernetes-sigs/external-dns/pull/4643)) _@kimsondrup_ +- Fixed to no longer require the unauthenticated webhook provider port to be exposed for health probes. ([#4691](https://github.com/kubernetes-sigs/external-dns/pull/4691)) _@kimsondrup_ & _@hatrx_ + +## [v1.14.5] - 2023-06-10 + +### Added + +- Added support for `extraContainers` argument. ([#4432](https://github.com/kubernetes-sigs/external-dns/pull/4432)) _@omerap12_ +- Added support for setting `excludeDomains` argument. ([#4380](https://github.com/kubernetes-sigs/external-dns/pull/4380)) _@bford-evs_ + +### Changed + +- Updated _ExternalDNS_ OCI image version to [v0.14.2](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.14.2). ([#4541](https://github.com/kubernetes-sigs/external-dns/pull/4541)) _@stevehipwell_ +- Updated `DNSEndpoint` CRD. ([#4541](https://github.com/kubernetes-sigs/external-dns/pull/4541)) _@stevehipwell_ +- Changed the implementation for `revisionHistoryLimit` to be more generic. ([#4541](https://github.com/kubernetes-sigs/external-dns/pull/4541)) _@stevehipwell_ + +### Fixed + +- Fixed the `ServiceMonitor` job name to correctly use the instance label. ([#4541](https://github.com/kubernetes-sigs/external-dns/pull/4541)) _@stevehipwell_ + +## [v1.14.4] - 2023-04-03 + +### Added + +- Added support for setting `dnsConfig`. ([#4265](https://github.com/kubernetes-sigs/external-dns/pull/4265)) _@davhdavh_ +- Added support for `DNSEndpoint` CRD. ([#4322](https://github.com/kubernetes-sigs/external-dns/pull/4322)) _@onedr0p_ + +### Changed + +- Updated _ExternalDNS_ OCI image version to [v0.14.1](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.14.1). ([#4357](https://github.com/kubernetes-sigs/external-dns/pull/4357)) _@stevehipwell_ + +## [v1.14.3] - 2023-01-26 + +### Fixed + +- Fixed args for webhook deployment. ([#4202](https://github.com/kubernetes-sigs/external-dns/pull/4202)) [@webwurst](https://github.com/webwurst) +- Fixed support for `gateway-grpcroute`, `gateway-tlsroute`, `gateway-tcproute` & `gateway-udproute`. ([#4205](https://github.com/kubernetes-sigs/external-dns/pull/4205)) [@orenlevi111](https://github.com/orenlevi111) +- Fixed incorrect implementation for setting the `automountServiceAccountToken`. ([#4208](https://github.com/kubernetes-sigs/external-dns/pull/4208)) [@stevehipwell](https://github.com/stevehipwell) + +## [v1.14.2] - 2024-01-22 + +### Fixed + +- Restore template support in `.Values.provider` and `.Values.provider.name` + +## [v1.14.1] - 2024-01-11 + +### Fixed + +- Fixed webhook install failure: `"http-webhook-metrics": must be no more than 15 characters`. ([#4173](https://github.com/kubernetes-sigs/external-dns/pull/4173)) [@gabe565](https://github.com/gabe565) + +## [v1.14.0] - 2024-01-10 + +### Added + +- Added the option to explicitly enable or disable service account token automounting. ([#3983](https://github.com/kubernetes-sigs/external-dns/pull/3983)) [@gilles-gosuin](https://github.com/gilles-gosuin) +- Added the option to configure revisionHistoryLimit on the K8s Deployment resource. ([#4008](https://github.com/kubernetes-sigs/external-dns/pull/4008)) [@arnisoph](https://github.com/arnisoph) +- Added support for webhook providers, as a sidecar. ([#4032](https://github.com/kubernetes-sigs/external-dns/pull/4032) [@mloiseleur](https://github.com/mloiseleur) +- Added the option to configure ipFamilyPolicy and ipFamilies of external-dns Service. ([#4153](https://github.com/kubernetes-sigs/external-dns/pull/4153)) [@dongjiang1989](https://github.com/dongjiang1989) + +### Changed + +- Avoid unnecessary pod restart on each helm chart version. ([#4103](https://github.com/kubernetes-sigs/external-dns/pull/4103)) [@jkroepke](https://github.com/jkroepke) +- Updated _ExternalDNS_ OCI image version to [v0.14.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.14.0). ([#4073](https://github.com/kubernetes-sigs/external-dns/pull/4073)) [@appkins](https://github.com/appkins) + +### Deprecated + +- The `secretConfiguration` value has been deprecated in favour of creating secrets external to the Helm chart and configuring their use via the `extraVolumes` & `extraVolumeMounts` values. ([#4161](https://github.com/kubernetes-sigs/external-dns/pull/4161)) [@stevehipwell](https://github.com/stevehipwell) + +## [v1.13.1] - 2023-09-07 + +### Added + +- Added RBAC for Traefik to ClusterRole. ([#3325](https://github.com/kubernetes-sigs/external-dns/pull/3325)) [@ThomasK33](https://github.com/thomask33) +- Added support for init containers. ([#3325](https://github.com/kubernetes-sigs/external-dns/pull/3838)) [@calvinbui](https://github.com/calvinbui) + +### Changed + +- Disallowed privilege escalation in container security context and set the seccomp profile type to `RuntimeDefault`. ([#3689](https://github.com/kubernetes-sigs/external-dns/pull/3689)) [@nrvnrvn](https://github.com/nrvnrvn) +- Updated _ExternalDNS_ OCI image version to [v0.13.6](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.13.6). ([#3917](https://github.com/kubernetes-sigs/external-dns/pull/3917)) [@stevehipwell](https://github.com/stevehipwell) + +### Removed + +- Removed RBAC rule for already removed `contour-ingressroute` source. ([#3764](https://github.com/kubernetes-sigs/external-dns/pull/3764)) [@johngmyers](https://github.com/johngmyers) + +## [v1.13.0] - 2023-03-30 + +### All Changes + +- Updated _ExternalDNS_ version to [v0.13.5](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.13.5). ([#3661](https://github.com/kubernetes-sigs/external-dns/pull/3661)) [@GMartinez-Sisti](https://github.com/GMartinez-Sisti) +- Adding missing gateway-httproute cluster role permission. ([#3541](https://github.com/kubernetes-sigs/external-dns/pull/3541)) [@nicon89](https://github.com/nicon89) + +## [v1.12.2] - 2023-03-30 + +### All Changes + +- Added support for ServiceMonitor relabelling. ([#3366](https://github.com/kubernetes-sigs/external-dns/pull/3366)) [@jkroepke](https://github.com/jkroepke) +- Updated chart icon path. ([#3492](https://github.com/kubernetes-sigs/external-dns/pull/3494)) [kundan2707](https://github.com/kundan2707) +- Added RBAC for Gateway-API resources to ClusterRole. ([#3499](https://github.com/kubernetes-sigs/external-dns/pull/3499)) [@michaelvl](https://github.com/MichaelVL) +- Added RBAC for F5 VirtualServer to ClusterRole. ([#3503](https://github.com/kubernetes-sigs/external-dns/pull/3503)) [@mikejoh](https://github.com/mikejoh) +- Added support for running ExternalDNS with namespaced scope. ([#3403](https://github.com/kubernetes-sigs/external-dns/pull/3403)) [@jkroepke](https://github.com/jkroepke) +- Updated _ExternalDNS_ version to [v0.13.4](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.13.4). ([#3516](https://github.com/kubernetes-sigs/external-dns/pull/3516)) [@stevehipwell](https://github.com/stevehipwell) + +## [v1.12.1] - 2023-02-06 + +### All Changes + +- Updated _ExternalDNS_ version to [v0.13.2](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.13.2). ([#3371](https://github.com/kubernetes-sigs/external-dns/pull/3371)) [@stevehipwell](https://github.com/stevehipwell) +- Added `secretConfiguration.subPath` to mount specific files from secret as a sub-path. ([#3227](https://github.com/kubernetes-sigs/external-dns/pull/3227)) [@jkroepke](https://github.com/jkroepke) +- Changed to use `registry.k8s.io` instead of `k8s.gcr.io`. ([#3261](https://github.com/kubernetes-sigs/external-dns/pull/3261)) [@johngmyers](https://github.com/johngmyers) + +## [v1.12.0] - 2022-11-29 + +### All Changes + +- Added ability to provide ExternalDNS with secret configuration via `secretConfiguration`. ([#3144](https://github.com/kubernetes-sigs/external-dns/pull/3144)) [@jkroepke](https://github.com/jkroepke) +- Added the ability to template `provider` & `extraArgs`. ([#3144](https://github.com/kubernetes-sigs/external-dns/pull/3144)) [@jkroepke](https://github.com/jkroepke) +- Added the ability to customise the service account labels. ([#3145](https://github.com/kubernetes-sigs/external-dns/pull/3145)) [@jkroepke](https://github.com/jkroepke) +- Updated _ExternalDNS_ version to [v0.13.1](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.13.1). ([#3197](https://github.com/kubernetes-sigs/external-dns/pull/3197)) [@stevehipwell](https://github.com/stevehipwell) + +## [v1.11.0] - 2022-08-10 + +### Added + +- Added support to configure `dnsPolicy` on the Helm chart deployment. [@michelzanini](https://github.com/michelzanini) +- Added ability to customise the deployment strategy. [mac-chaffee](https://github.com/mac-chaffee) + +### Changed + +- Updated _ExternalDNS_ version to [v0.12.2](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.12.2). [@stevehipwell](https://github.com/stevehipwell) +- Changed default deployment strategy to `Recreate`. [mac-chaffee](https://github.com/mac-chaffee) + +## [v1.10.1] - 2022-07-11 + +### Fixed + +- Fixed incorrect addition of `namespace` to `ClusterRole` & `ClusterRoleBinding`. [@stevehipwell](https://github.com/stevehipwell) + +## [v1.10.0] - 2022-07-08 + +### Added + +- Added `commonLabels` value to allow the addition of labels to all resources. [@stevehipwell](https://github.com/stevehipwell) +- Added support for [Process Namespace Sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) via the `shareProcessNamespace` + value. ([#2715](https://github.com/kubernetes-sigs/external-dns/pull/2715)) [@wolffberg](https://github.com/wolffberg) + +### Changed + +- Update _ExternalDNS_ version to [v0.12.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.12.0). [@vojtechmares](https://github.com/vojtechmares) +- Set resource namespaces to `{{ .Release.Namespace }}` in the templates instead of waiting until apply time for inference. [@stevehipwell](https://github.com/stevehipwell) +- Fixed `rbac.additionalPermissions` default value.([#2796](https://github.com/kubernetes-sigs/external-dns/pull/2796)) [@tamalsaha](https://github.com/tamalsaha) + +## [v1.9.0] - 2022-04-19 + +### Changed + +- Update _ExternalDNS_ version to [v0.11.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.11.0). ([#2690](https://github.com/kubernetes-sigs/external-dns/pull/2690)) [@stevehipwell](https://github.com/stevehipwell) + +## [v1.8.0] - 2022-04-13 + +### Added + +- Add annotations to Deployment. ([#2477](https://github.com/kubernetes-sigs/external-dns/pull/2477)) [@beastob](https://github.com/beastob) + +### Changed + +- Fix RBAC for `istio-virtualservice` source when `istio-gateway` isn't also added. ([#2564](https://github.com/kubernetes-sigs/external-dns/pull/2564)) [@mcwarman](https://github.com/mcwarman) + + +[UNRELEASED]: https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns +[v1.15.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.15.0 +[v1.14.5]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.5 +[v1.14.4]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.4 +[v1.14.3]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.3 +[v1.14.2]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.2 +[v1.14.1]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.1 +[v1.14.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.0 +[v1.13.1]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.13.1 +[v1.13.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.13.0 +[v1.12.2]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.12.2 +[v1.12.1]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.12.1 +[v1.12.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.12.0 +[v1.11.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.11.0 +[v1.10.1]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.10.1 +[v1.10.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.10.0 +[v1.9.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.9.0 +[v1.8.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.8.0 diff --git a/packages/system/external-dns/charts/external-dns/Chart.yaml b/packages/system/external-dns/charts/external-dns/Chart.yaml new file mode 100644 index 00000000..c7245bd1 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/Chart.yaml @@ -0,0 +1,33 @@ +annotations: + artifacthub.io/changes: | + - kind: changed + description: "Updated _ExternalDNS_ OCI image version to [v0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0)." + - kind: fixed + description: "Fixed `provider.webhook.resources` behavior to correctly leverage resource limits." + - kind: fixed + description: "Fixed `provider.webhook.imagePullPolicy` behavior to correctly leverage pull policy." + - kind: fixed + description: "Fixed to add correct webhook metric port to `Service` and `ServiceMonitor`." + - kind: fixed + description: "Fixed to no longer require the unauthenticated webhook provider port to be exposed for health probes." +apiVersion: v2 +appVersion: 0.15.0 +description: ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with + DNS providers. +home: https://github.com/kubernetes-sigs/external-dns/ +icon: https://github.com/kubernetes-sigs/external-dns/raw/master/docs/img/external-dns.png +keywords: +- kubernetes +- externaldns +- external-dns +- dns +- service +- ingress +maintainers: +- email: steve.hipwell@gmail.com + name: stevehipwell +name: external-dns +sources: +- https://github.com/kubernetes-sigs/external-dns/ +type: application +version: 1.15.0 diff --git a/packages/system/external-dns/charts/external-dns/README.md b/packages/system/external-dns/charts/external-dns/README.md new file mode 100644 index 00000000..9b21ecde --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/README.md @@ -0,0 +1,182 @@ +# external-dns + +![Version: 1.15.0](https://img.shields.io/badge/Version-1.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square) + +ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| stevehipwell | | | + +## Source Code + +* + +## Installing the Chart + +Before you can install the chart you will need to add the `external-dns` repo to [Helm](https://helm.sh/). + +```shell +helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ +``` + +After you've installed the repo you can install the chart. + +```shell +helm upgrade --install external-dns external-dns/external-dns --version 1.15.0 +``` + +## Providers + +Configuring the _ExternalDNS_ provider should be done via the `provider.name` value with provider specific configuration being set via the `provider..` values, where supported, and the `extraArgs` value. For legacy support `provider` can be set to the name of the provider with all additional configuration being set via the `extraArgs` value. +See [documentation](https://kubernetes-sigs.github.io/external-dns/#new-providers) for more info on available providers and tutorials. + +### Providers with Specific Configuration Support + +| Provider | Supported | +|------------------------|------------| +| `webhook` | ✅ | + +### Other Providers + +For set up for a specific provider using the Helm chart, see the following links: + +- [AWS](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#using-helm-with-oidc) +- [akamai-edgedns](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/akamai-edgedns.md#using-helm) +- [cloudflare](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/cloudflare.md#using-helm) +- [digitalocean](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/digitalocean.md#using-helm) +- [godaddy](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/godaddy.md#using-helm) +- [ns1](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/ns1.md#using-helm) +- [plural](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/plural.md#using-helm) + +## Namespaced Scoped Installation + +external-dns supports running on a namespaced only scope, too. +If `namespaced=true` is defined, the helm chart will setup `Roles` and `RoleBindings` instead `ClusterRoles` and `ClusterRoleBindings`. + +### Limited Supported + +Not all sources are supported in namespaced scope, since some sources depends on cluster-wide resources. +For example: Source `node` isn't supported, since `kind: Node` has scope `Cluster`. +Sources like `istio-virtualservice` only work, if all resources like `Gateway` and `VirtualService` are present in the same +namespaces as `external-dns`. + +The annotation `external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP` is not supported. + +If `namespaced` is set to `true`, please ensure that `sources` my only contains supported sources (Default: `service,ingress`). + +### Support Matrix + +| Source | Supported | Infos | +|------------------------|------------|------------------------| +| `ingress` | ✅ | | +| `istio-gateway` | ✅ | | +| `istio-virtualservice` | ✅ | | +| `crd` | ✅ | | +| `kong-tcpingress` | ✅ | | +| `openshift-route` | ✅ | | +| `skipper-routegroup` | ✅ | | +| `gloo-proxy` | ✅ | | +| `contour-httpproxy` | ✅ | | +| `service` | ⚠️️ | NodePort not supported | +| `node` | ❌ | | +| `pod` | ❌ | | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. | +| automountServiceAccountToken | bool | `nil` | Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `Pod`. | +| commonLabels | object | `{}` | Labels to add to all chart resources. | +| deploymentAnnotations | object | `{}` | Annotations to add to the `Deployment`. | +| deploymentStrategy | object | `{"type":"Recreate"}` | [Deployment Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). | +| dnsConfig | object | `nil` | [DNS config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config) for the pod, if not set the default will be used. | +| dnsPolicy | string | `nil` | [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for the pod, if not set the default will be used. | +| domainFilters | list | `[]` | | +| env | list | `[]` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `external-dns` container. | +| excludeDomains | list | `[]` | | +| extraArgs | list | `[]` | Extra arguments to provide to _ExternalDNS_. | +| extraContainers | object | `{}` | Extra containers to add to the `Deployment`. | +| extraVolumeMounts | list | `[]` | Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `external-dns` container. | +| extraVolumes | list | `[]` | Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. | +| fullnameOverride | string | `nil` | Override the full name of the chart. | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `external-dns` container. | +| image.repository | string | `"registry.k8s.io/external-dns/external-dns"` | Image repository for the `external-dns` container. | +| image.tag | string | `nil` | Image tag for the `external-dns` container, this will default to `.Chart.AppVersion` if not set. | +| imagePullSecrets | list | `[]` | Image pull secrets. | +| initContainers | list | `[]` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) to add to the `Pod` definition. | +| interval | string | `"1m"` | Interval for DNS updates. | +| livenessProbe | object | See _values.yaml_ | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. | +| logFormat | string | `"text"` | Log format. | +| logLevel | string | `"info"` | Log level. | +| nameOverride | string | `nil` | Override the name of the chart. | +| namespaced | bool | `false` | if `true`, _ExternalDNS_ will run in a namespaced scope (`Role`` and `Rolebinding`` will be namespaced too). | +| nodeSelector | object | `{}` | Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | +| podAnnotations | object | `{}` | Annotations to add to the `Pod`. | +| podLabels | object | `{}` | Labels to add to the `Pod`. | +| podSecurityContext | object | See _values.yaml_ | [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. | +| policy | string | `"upsert-only"` | How DNS records are synchronized between sources and providers; available values are `sync` & `upsert-only`. | +| priorityClassName | string | `nil` | Priority class name for the `Pod`. | +| provider.name | string | `"aws"` | _ExternalDNS_ provider name; for the available providers and how to configure them see [README](https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/README.md#providers). | +| provider.webhook.args | list | `[]` | Extra arguments to provide for the `webhook` container. | +| provider.webhook.env | list | `[]` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `webhook` container. | +| provider.webhook.extraVolumeMounts | list | `[]` | Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `webhook` container. | +| provider.webhook.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `webhook` container. | +| provider.webhook.image.repository | string | `nil` | Image repository for the `webhook` container. | +| provider.webhook.image.tag | string | `nil` | Image tag for the `webhook` container. | +| provider.webhook.livenessProbe | object | See _values.yaml_ | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. | +| provider.webhook.readinessProbe | object | See _values.yaml_ | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `webhook` container. | +| provider.webhook.resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `webhook` container. | +| provider.webhook.securityContext | object | See _values.yaml_ | [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `webhook` container. | +| provider.webhook.service.port | int | `8080` | Webhook exposed HTTP port for the service. | +| provider.webhook.serviceMonitor | object | See _values.yaml_ | Optional [Service Monitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) configuration for the `webhook` container. | +| rbac.additionalPermissions | list | `[]` | Additional rules to add to the `ClusterRole`. | +| rbac.create | bool | `true` | If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API. | +| readinessProbe | object | See _values.yaml_ | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. | +| registry | string | `"txt"` | Specify the registry for storing ownership and labels. Valid values are `txt`, `aws-sd`, `dynamodb` & `noop`. | +| resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. | +| revisionHistoryLimit | int | `nil` | Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. | +| secretConfiguration.data | object | `{}` | `Secret` data. | +| secretConfiguration.enabled | bool | `false` | If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**). | +| secretConfiguration.mountPath | string | `nil` | Mount path for the `Secret`, this can be templated. | +| secretConfiguration.subPath | string | `nil` | Sub-path for mounting the `Secret`, this can be templated. | +| securityContext | object | See _values.yaml_ | [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `external-dns` container. | +| service.annotations | object | `{}` | Service annotations. | +| service.ipFamilies | list | `[]` | Service IP families. | +| service.ipFamilyPolicy | string | `nil` | Service IP family policy. | +| service.port | int | `7979` | Service HTTP port. | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | +| serviceAccount.automountServiceAccountToken | string | `nil` | Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`. | +| serviceAccount.create | bool | `true` | If `true`, create a new `ServiceAccount`. | +| serviceAccount.labels | object | `{}` | Labels to add to the service account. | +| serviceAccount.name | string | `nil` | If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. | +| serviceMonitor.additionalLabels | object | `{}` | Additional labels for the `ServiceMonitor`. | +| serviceMonitor.annotations | object | `{}` | Annotations to add to the `ServiceMonitor`. | +| serviceMonitor.bearerTokenFile | string | `nil` | Provide a bearer token file for the `ServiceMonitor`. | +| serviceMonitor.enabled | bool | `false` | If `true`, create a `ServiceMonitor` resource to support the _Prometheus Operator_. | +| serviceMonitor.interval | string | `nil` | If set override the _Prometheus_ default interval. | +| serviceMonitor.metricRelabelings | list | `[]` | [Metric relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion. | +| serviceMonitor.namespace | string | `nil` | If set create the `ServiceMonitor` in an alternate namespace. | +| serviceMonitor.relabelings | list | `[]` | [Relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before ingestion. | +| serviceMonitor.scheme | string | `nil` | If set overrides the _Prometheus_ default scheme. | +| serviceMonitor.scrapeTimeout | string | `nil` | If set override the _Prometheus_ default scrape timeout. | +| serviceMonitor.targetLabels | list | `[]` | Provide target labels for the `ServiceMonitor`. | +| serviceMonitor.tlsConfig | object | `{}` | Configure the `ServiceMonitor` [TLS config](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig). | +| shareProcessNamespace | bool | `false` | If `true`, the `Pod` will have [process namespace sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) enabled. | +| sources | list | `["service","ingress"]` | _Kubernetes_ resources to monitor for DNS entries. | +| terminationGracePeriodSeconds | int | `nil` | Termination grace period for the `Pod` in seconds. | +| tolerations | list | `[]` | Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | +| topologySpreadConstraints | list | `[]` | Topology spread constraints for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided one will be created from the pod selector labels. | +| triggerLoopOnEvent | bool | `false` | If `true`, triggers run loop on create/update/delete events in addition of regular interval. | +| txtOwnerId | string | `nil` | Specify an identifier for this instance of _ExternalDNS_ wWhen using a registry other than `noop`. | +| txtPrefix | string | `nil` | Specify a prefix for the domain names of TXT records created for the `txt` registry. Mutually exclusive with `txtSuffix`. | +| txtSuffix | string | `nil` | Specify a suffix for the domain names of TXT records created for the `txt` registry. Mutually exclusive with `txtPrefix`. | + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). diff --git a/packages/system/external-dns/charts/external-dns/README.md.gotmpl b/packages/system/external-dns/charts/external-dns/README.md.gotmpl new file mode 100644 index 00000000..e313a2ba --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/README.md.gotmpl @@ -0,0 +1,91 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +## Installing the Chart + +Before you can install the chart you will need to add the `external-dns` repo to [Helm](https://helm.sh/). + +```shell +helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ +``` + +After you've installed the repo you can install the chart. + +```shell +helm upgrade --install {{ template "chart.name" . }} external-dns/{{ template "chart.name" . }} --version {{ template "chart.version" . }} +``` + +## Providers + +Configuring the _ExternalDNS_ provider should be done via the `provider.name` value with provider specific configuration being set via the `provider..` values, where supported, and the `extraArgs` value. For legacy support `provider` can be set to the name of the provider with all additional configuration being set via the `extraArgs` value. +See [documentation](https://kubernetes-sigs.github.io/external-dns/#new-providers) for more info on available providers and tutorials. + +### Providers with Specific Configuration Support + +| Provider | Supported | +|------------------------|------------| +| `webhook` | ✅ | + +### Other Providers + +For set up for a specific provider using the Helm chart, see the following links: + +- [AWS](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#using-helm-with-oidc) +- [akamai-edgedns](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/akamai-edgedns.md#using-helm) +- [cloudflare](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/cloudflare.md#using-helm) +- [digitalocean](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/digitalocean.md#using-helm) +- [godaddy](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/godaddy.md#using-helm) +- [ns1](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/ns1.md#using-helm) +- [plural](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/plural.md#using-helm) + +## Namespaced Scoped Installation + +external-dns supports running on a namespaced only scope, too. +If `namespaced=true` is defined, the helm chart will setup `Roles` and `RoleBindings` instead `ClusterRoles` and `ClusterRoleBindings`. + +### Limited Supported + +Not all sources are supported in namespaced scope, since some sources depends on cluster-wide resources. +For example: Source `node` isn't supported, since `kind: Node` has scope `Cluster`. +Sources like `istio-virtualservice` only work, if all resources like `Gateway` and `VirtualService` are present in the same +namespaces as `external-dns`. + +The annotation `external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP` is not supported. + +If `namespaced` is set to `true`, please ensure that `sources` my only contains supported sources (Default: `service,ingress`). + +### Support Matrix + +| Source | Supported | Infos | +|------------------------|------------|------------------------| +| `ingress` | ✅ | | +| `istio-gateway` | ✅ | | +| `istio-virtualservice` | ✅ | | +| `crd` | ✅ | | +| `kong-tcpingress` | ✅ | | +| `openshift-route` | ✅ | | +| `skipper-routegroup` | ✅ | | +| `gloo-proxy` | ✅ | | +| `contour-httpproxy` | ✅ | | +| `service` | ⚠️️ | NodePort not supported | +| `node` | ❌ | | +| `pod` | ❌ | | + + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). diff --git a/packages/system/external-dns/charts/external-dns/RELEASE.md b/packages/system/external-dns/charts/external-dns/RELEASE.md new file mode 100644 index 00000000..02634a30 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/RELEASE.md @@ -0,0 +1,10 @@ +### Changed + +- Updated _ExternalDNS_ OCI image version to [v0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0). ([#xxxx](https://github.com/kubernetes-sigs/external-dns/pull/xxxx)) _@stevehipwell_ + +### Fixed + +- Fixed `provider.webhook.resources` behavior to correctly leverage resource limits. ([#4560](https://github.com/kubernetes-sigs/external-dns/pull/4560)) _@crutonjohn_ +- Fixed `provider.webhook.imagePullPolicy` behavior to correctly leverage pull policy. ([#4643](https://github.com/kubernetes-sigs/external-dns/pull/4643)) _@kimsondrup_ +- Fixed to add correct webhook metric port to `Service` and `ServiceMonitor`. ([#4643](https://github.com/kubernetes-sigs/external-dns/pull/4643)) _@kimsondrup_ +- Fixed to no longer require the unauthenticated webhook provider port to be exposed for health probes. ([#4691](https://github.com/kubernetes-sigs/external-dns/pull/4691)) _@kimsondrup_ & _@hatrx_ diff --git a/packages/system/external-dns/charts/external-dns/ci/ci-values.yaml b/packages/system/external-dns/charts/external-dns/ci/ci-values.yaml new file mode 100644 index 00000000..4d278e94 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/ci/ci-values.yaml @@ -0,0 +1,2 @@ +provider: + name: inmemory diff --git a/packages/system/external-dns/charts/external-dns/crds/dnsendpoint.yaml b/packages/system/external-dns/charts/external-dns/crds/dnsendpoint.yaml new file mode 100644 index 00000000..822cd850 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/crds/dnsendpoint.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dnsendpoints.externaldns.k8s.io + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/external-dns/pull/2007 +spec: + group: externaldns.k8s.io + names: + kind: DNSEndpoint + listKind: DNSEndpointList + plural: dnsendpoints + singular: dnsendpoint + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DNSEndpointSpec defines the desired state of DNSEndpoint + properties: + endpoints: + items: + description: + Endpoint is a high-level way of a connection between + a service and an IP + properties: + dnsName: + description: The hostname of the DNS record + type: string + labels: + additionalProperties: + type: string + description: Labels stores labels defined for the Endpoint + type: object + providerSpecific: + description: ProviderSpecific stores provider specific config + items: + description: + ProviderSpecificProperty holds the name and value + of a configuration which is specific to individual DNS providers + properties: + name: + type: string + value: + type: string + type: object + type: array + recordTTL: + description: TTL for the record + format: int64 + type: integer + recordType: + description: + RecordType type of record, e.g. CNAME, A, AAAA, + SRV, TXT etc + type: string + setIdentifier: + description: + Identifier to distinguish multiple records with + the same name and type (e.g. Route53 records with routing + policies other than 'simple') + type: string + targets: + description: The targets the DNS record points to + items: + type: string + type: array + type: object + type: array + type: object + status: + description: DNSEndpointStatus defines the observed state of DNSEndpoint + properties: + observedGeneration: + description: The generation observed by the external-dns controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/external-dns/charts/external-dns/templates/NOTES.txt b/packages/system/external-dns/charts/external-dns/templates/NOTES.txt new file mode 100644 index 00000000..5e37ecca --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/NOTES.txt @@ -0,0 +1,7 @@ +*********************************************************************** +* External DNS * +*********************************************************************** + Chart version: {{ .Chart.Version }} + App version: {{ .Chart.AppVersion }} + Image tag: {{ include "external-dns.image" . }} +*********************************************************************** diff --git a/packages/system/external-dns/charts/external-dns/templates/_helpers.tpl b/packages/system/external-dns/charts/external-dns/templates/_helpers.tpl new file mode 100644 index 00000000..3ce55cd8 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/_helpers.tpl @@ -0,0 +1,95 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "external-dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "external-dns.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "external-dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "external-dns.labels" -}} +helm.sh/chart: {{ include "external-dns.chart" . }} +{{ include "external-dns.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "external-dns.selectorLabels" -}} +app.kubernetes.io/name: {{ include "external-dns.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "external-dns.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "external-dns.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +The image to use +*/}} +{{- define "external-dns.image" -}} +{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} +{{- end }} + +{{/* +Provider name, Keeps backward compatibility on provider +*/}} +{{- define "external-dns.providerName" -}} +{{- if eq (typeOf .Values.provider) "string" }} +{{- .Values.provider }} +{{- else }} +{{- .Values.provider.name }} +{{- end }} +{{- end }} + +{{/* +The image to use for optional webhook sidecar +*/}} +{{- define "external-dns.webhookImage" -}} +{{- with .image }} +{{- if or (empty .repository) (empty .tag) }} +{{- fail "ERROR: webhook provider needs an image repository and a tag" }} +{{- end }} +{{- printf "%s:%s" .repository .tag }} +{{- end }} +{{- end }} diff --git a/packages/system/external-dns/charts/external-dns/templates/clusterrole.yaml b/packages/system/external-dns/charts/external-dns/templates/clusterrole.yaml new file mode 100644 index 00000000..44f72bd2 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/clusterrole.yaml @@ -0,0 +1,127 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.namespaced | ternary "Role" "ClusterRole" }} +metadata: + name: {{ template "external-dns.fullname" . }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} +rules: +{{- if and (not .Values.namespaced) (or (has "node" .Values.sources) (has "pod" .Values.sources) (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources)) }} + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] +{{- end }} +{{- if or (has "pod" .Values.sources) (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["get","watch","list"] +{{- end }} +{{- if or (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "istio-gateway" .Values.sources) (has "istio-virtualservice" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }} + - apiGroups: [""] + resources: ["services","endpoints"] + verbs: ["get","watch","list"] +{{- end }} +{{- if or (has "ingress" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }} + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] +{{- end }} +{{- if or (has "istio-gateway" .Values.sources) (has "istio-virtualservice" .Values.sources) }} + - apiGroups: ["networking.istio.io"] + resources: ["gateways"] + verbs: ["get","watch","list"] +{{- end }} + +{{- if has "istio-virtualservice" .Values.sources }} + - apiGroups: ["networking.istio.io"] + resources: ["virtualservices"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "ambassador-host" .Values.sources }} + - apiGroups: ["getambassador.io"] + resources: ["hosts","ingresses"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "contour-httpproxy" .Values.sources }} + - apiGroups: ["projectcontour.io"] + resources: ["httpproxies"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "crd" .Values.sources }} + - apiGroups: ["externaldns.k8s.io"] + resources: ["dnsendpoints"] + verbs: ["get","watch","list"] + - apiGroups: ["externaldns.k8s.io"] + resources: ["dnsendpoints/status"] + verbs: ["*"] +{{- end }} +{{- if or (has "gateway-httproute" .Values.sources) (has "gateway-grpcroute" .Values.sources) (has "gateway-tlsroute" .Values.sources) (has "gateway-tcproute" .Values.sources) (has "gateway-udproute" .Values.sources) }} + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["gateways"] + verbs: ["get","watch","list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "gateway-httproute" .Values.sources }} + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["httproutes"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "gateway-grpcroute" .Values.sources }} + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["grpcroutes"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "gateway-tlsroute" .Values.sources }} + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["tlsroutes"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "gateway-tcproute" .Values.sources }} + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["tcproutes"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "gateway-udproute" .Values.sources }} + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["udproutes"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "gloo-proxy" .Values.sources }} + - apiGroups: ["gloo.solo.io","gateway.solo.io"] + resources: ["proxies","virtualservices"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "kong-tcpingress" .Values.sources }} + - apiGroups: ["configuration.konghq.com"] + resources: ["tcpingresses"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "traefik-proxy" .Values.sources }} + - apiGroups: ["traefik.containo.us", "traefik.io"] + resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "openshift-route" .Values.sources }} + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get","watch","list"] +{{- end }} +{{- if has "skipper-routegroup" .Values.sources }} + - apiGroups: ["zalando.org"] + resources: ["routegroups"] + verbs: ["get","watch","list"] + - apiGroups: ["zalando.org"] + resources: ["routegroups/status"] + verbs: ["patch","update"] +{{- end }} +{{- if has "f5-virtualserver" .Values.sources }} + - apiGroups: ["cis.f5.com"] + resources: ["virtualservers"] + verbs: ["get","watch","list"] +{{- end }} +{{- with .Values.rbac.additionalPermissions }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/packages/system/external-dns/charts/external-dns/templates/clusterrolebinding.yaml b/packages/system/external-dns/charts/external-dns/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..74a51476 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }} +metadata: + name: {{ printf "%s-viewer" (include "external-dns.fullname" .) }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ .Values.namespaced | ternary "Role" "ClusterRole" }} + name: {{ template "external-dns.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "external-dns.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/system/external-dns/charts/external-dns/templates/deployment.yaml b/packages/system/external-dns/charts/external-dns/templates/deployment.yaml new file mode 100644 index 00000000..02e9b397 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/deployment.yaml @@ -0,0 +1,209 @@ +{{- $providerName := tpl (include "external-dns.providerName" .) $ }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "external-dns.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} + {{- with .Values.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "external-dns.selectorLabels" . | nindent 6 }} + strategy: + {{- toYaml .Values.deploymentStrategy | nindent 4 }} + {{- if not (has (quote .Values.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit | int64 }} + {{- end }} + template: + metadata: + labels: + {{- include "external-dns.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.secretConfiguration.enabled .Values.podAnnotations }} + annotations: + {{- if .Values.secretConfiguration.enabled }} + checksum/secret: {{ tpl (toYaml .Values.secretConfiguration.data) . | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if not (quote .Values.automountServiceAccountToken | empty) }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "external-dns.serviceAccountName" . }} + {{- with .Values.shareProcessNamespace }} + shareProcessNamespace: {{ . }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} + {{- with .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + {{- with .Values.dnsPolicy }} + dnsPolicy: {{ . }} + {{- end }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + {{- with .Values.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: external-dns + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + image: {{ include "external-dns.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + args: + - --log-level={{ .Values.logLevel }} + - --log-format={{ .Values.logFormat }} + - --interval={{ .Values.interval }} + {{- if .Values.triggerLoopOnEvent }} + - --events + {{- end }} + {{- range .Values.sources }} + - --source={{ . }} + {{- end }} + - --policy={{ .Values.policy }} + - --registry={{ .Values.registry }} + {{- if .Values.txtOwnerId }} + - --txt-owner-id={{ .Values.txtOwnerId }} + {{- end }} + {{- if .Values.txtPrefix }} + - --txt-prefix={{ .Values.txtPrefix }} + {{- end }} + {{- if and (eq .Values.txtPrefix "") (ne .Values.txtSuffix "") }} + - --txt-suffix={{ .Values.txtSuffix }} + {{- end }} + {{- if .Values.namespaced }} + - --namespace={{ .Release.Namespace }} + {{- end }} + {{- range .Values.domainFilters }} + - --domain-filter={{ . }} + {{- end }} + {{- range .Values.excludeDomains }} + - --exclude-domains={{ . }} + {{- end }} + - --provider={{ $providerName }} + {{- range .Values.extraArgs }} + - {{ tpl . $ }} + {{- end }} + ports: + - name: http + protocol: TCP + containerPort: 7979 + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- if or .Values.secretConfiguration.enabled .Values.extraVolumeMounts }} + volumeMounts: + {{- if .Values.secretConfiguration.enabled }} + - name: secrets + mountPath: {{ tpl .Values.secretConfiguration.mountPath $ }} + {{- with .Values.secretConfiguration.subPath }} + subPath: {{ tpl . $ }} + {{- end }} + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if eq $providerName "webhook" }} + {{- with .Values.provider.webhook }} + - name: webhook + image: {{ include "external-dns.webhookImage" . }} + imagePullPolicy: {{ .image.pullPolicy }} + {{- with .env }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .args }} + args: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http-webhook + protocol: TCP + containerPort: 8080 + livenessProbe: + {{- toYaml .livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .readinessProbe | nindent 12 }} + {{- if .extraVolumeMounts }} + volumeMounts: + {{- with .extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.secretConfiguration.enabled .Values.extraVolumes }} + volumes: + {{- if .Values.secretConfiguration.enabled }} + - name: secrets + secret: + secretName: {{ include "external-dns.fullname" . }} + {{- end }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/external-dns/charts/external-dns/templates/secret.yaml b/packages/system/external-dns/charts/external-dns/templates/secret.yaml new file mode 100644 index 00000000..89ec1fe5 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.secretConfiguration.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "external-dns.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.secretConfiguration.data }} + {{ $key }}: {{ tpl $value $ | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/packages/system/external-dns/charts/external-dns/templates/service.yaml b/packages/system/external-dns/charts/external-dns/templates/service.yaml new file mode 100644 index 00000000..e55e2a36 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/service.yaml @@ -0,0 +1,36 @@ +{{- $providerName := include "external-dns.providerName" . }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "external-dns.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- with .Values.service.ipFamilies }} + ipFamilies: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . }} +{{- end }} + type: ClusterIP + selector: + {{- include "external-dns.selectorLabels" . | nindent 4 }} + ports: + - name: http + port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + {{- if eq $providerName "webhook" }} + {{- with .Values.provider.webhook.service }} + - name: http-webhook + port: {{ .port }} + targetPort: http-webhook + protocol: TCP + {{- end }} + {{- end }} diff --git a/packages/system/external-dns/charts/external-dns/templates/serviceaccount.yaml b/packages/system/external-dns/charts/external-dns/templates/serviceaccount.yaml new file mode 100644 index 00000000..f627313a --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "external-dns.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packages/system/external-dns/charts/external-dns/templates/servicemonitor.yaml b/packages/system/external-dns/charts/external-dns/templates/servicemonitor.yaml new file mode 100644 index 00000000..004756c7 --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/templates/servicemonitor.yaml @@ -0,0 +1,86 @@ +{{- if .Values.serviceMonitor.enabled -}} +{{- $providerName := include "external-dns.providerName" . }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "external-dns.fullname" . }} + namespace: {{ default .Release.Namespace .Values.serviceMonitor.namespace }} + {{- with .Values.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} + {{- with .Values.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: app.kubernetes.io/instance + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "external-dns.selectorLabels" . | nindent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 8 }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if eq $providerName "webhook" }} + {{- with .Values.provider.webhook.serviceMonitor }} + - port: http-webhook + path: /metrics + {{- with .interval }} + interval: {{ . }} + {{- end }} + {{- with .scheme }} + scheme: {{ . }} + {{- end }} + {{- with .bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 8 }} + {{- end }} + {{- with .scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.serviceMonitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packages/system/external-dns/charts/external-dns/values.schema.json b/packages/system/external-dns/charts/external-dns/values.schema.json new file mode 100644 index 00000000..614deeac --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/values.schema.json @@ -0,0 +1,91 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "provider": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + ] + }, + "extraArgs": { + "type": "array", + "items": { + "type": "string" + } + }, + "secretConfiguration": { + "$comment": "This value is DEPRECATED as secrets should be configured external to the chart and exposed to the container via extraVolumes & extraVolumeMounts.", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "mountPath": { + "type": [ + "string", + "null" + ] + }, + "subPath": { + "type": [ + "string", + "null" + ] + }, + "data": { + "type": "object", + "patternProperties": { + ".+": { + "type": "string" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "ipFamilies": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "IPv6", + "IPv4" + ] + } + }, + "ipFamilyPolicy": { + "type": [ + "string", + "null" + ], + "items": { + "type": "string", + "enum": [ + "SingleStack", + "PreferDualStack", + "RequireDualStack" + ] + } + }, + "port": { + "type": "integer" + } + } + } + } +} diff --git a/packages/system/external-dns/charts/external-dns/values.yaml b/packages/system/external-dns/charts/external-dns/values.yaml new file mode 100644 index 00000000..9d7dea1b --- /dev/null +++ b/packages/system/external-dns/charts/external-dns/values.yaml @@ -0,0 +1,297 @@ +# Default values for external-dns. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + # -- Image repository for the `external-dns` container. + repository: registry.k8s.io/external-dns/external-dns + # -- (string) Image tag for the `external-dns` container, this will default to `.Chart.AppVersion` if not set. + tag: + # -- Image pull policy for the `external-dns` container. + pullPolicy: IfNotPresent + +# -- Image pull secrets. +imagePullSecrets: [] + +# -- (string) Override the name of the chart. +nameOverride: + +# -- (string) Override the full name of the chart. +fullnameOverride: + +# -- Labels to add to all chart resources. +commonLabels: {} + +serviceAccount: + # -- If `true`, create a new `ServiceAccount`. + create: true + # -- Labels to add to the service account. + labels: {} + # -- Annotations to add to the service account. + annotations: {} + # -- (string) If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. + name: + # -- Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`. + automountServiceAccountToken: + +service: + # -- Service annotations. + annotations: {} + # -- Service HTTP port. + port: 7979 + # -- Service IP families. + ipFamilies: [] + # -- (string) Service IP family policy. + ipFamilyPolicy: + +rbac: + # -- If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API. + create: true + # -- Additional rules to add to the `ClusterRole`. + additionalPermissions: [] + +# -- Annotations to add to the `Deployment`. +deploymentAnnotations: {} + +# -- Extra containers to add to the `Deployment`. +extraContainers: {} + +# -- [Deployment Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). +deploymentStrategy: + type: Recreate + +# -- (int) Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. +revisionHistoryLimit: + +# -- Labels to add to the `Pod`. +podLabels: {} + +# -- Annotations to add to the `Pod`. +podAnnotations: {} + +# -- (bool) Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `Pod`. +automountServiceAccountToken: + +# -- If `true`, the `Pod` will have [process namespace sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) enabled. +shareProcessNamespace: false + +# -- [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. +# @default -- See _values.yaml_ +podSecurityContext: + runAsNonRoot: true + fsGroup: 65534 + seccompProfile: + type: RuntimeDefault + +# -- (string) Priority class name for the `Pod`. +priorityClassName: + +# -- (int) Termination grace period for the `Pod` in seconds. +terminationGracePeriodSeconds: + +# -- (string) [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for the pod, if not set the default will be used. +dnsPolicy: + +# -- (object) [DNS config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config) for the pod, if not set the default will be used. +dnsConfig: + +# -- [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) to add to the `Pod` definition. +initContainers: [] + +# -- [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `external-dns` container. +# @default -- See _values.yaml_ +securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + capabilities: + drop: ["ALL"] + +# -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `external-dns` container. +env: [] + +# -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. +# @default -- See _values.yaml_ +livenessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + +# -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. +# @default -- See _values.yaml_ +readinessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +# -- Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. +extraVolumes: [] + +# -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `external-dns` container. +extraVolumeMounts: [] + +# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. +resources: {} + +# -- Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +nodeSelector: {} + +# -- Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. +affinity: {} + +# -- Topology spread constraints for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided one will be created from the pod selector labels. +topologySpreadConstraints: [] + +# -- Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +tolerations: [] + +serviceMonitor: + # -- If `true`, create a `ServiceMonitor` resource to support the _Prometheus Operator_. + enabled: false + # -- Additional labels for the `ServiceMonitor`. + additionalLabels: {} + # -- Annotations to add to the `ServiceMonitor`. + annotations: {} + # -- (string) If set create the `ServiceMonitor` in an alternate namespace. + namespace: + # -- (string) If set override the _Prometheus_ default interval. + interval: + # -- (string) If set override the _Prometheus_ default scrape timeout. + scrapeTimeout: + # -- (string) If set overrides the _Prometheus_ default scheme. + scheme: + # -- Configure the `ServiceMonitor` [TLS config](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig). + tlsConfig: {} + # -- (string) Provide a bearer token file for the `ServiceMonitor`. + bearerTokenFile: + # -- [Relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before ingestion. + relabelings: [] + # -- [Metric relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion. + metricRelabelings: [] + # -- Provide target labels for the `ServiceMonitor`. + targetLabels: [] + +# -- Log level. +logLevel: info + +# -- Log format. +logFormat: text + +# -- Interval for DNS updates. +interval: 1m + +# -- If `true`, triggers run loop on create/update/delete events in addition of regular interval. +triggerLoopOnEvent: false + +# -- if `true`, _ExternalDNS_ will run in a namespaced scope (`Role`` and `Rolebinding`` will be namespaced too). +namespaced: false + +# -- _Kubernetes_ resources to monitor for DNS entries. +sources: + - service + - ingress + +# -- How DNS records are synchronized between sources and providers; available values are `sync` & `upsert-only`. +policy: upsert-only + +# -- Specify the registry for storing ownership and labels. +# Valid values are `txt`, `aws-sd`, `dynamodb` & `noop`. +registry: txt +# -- (string) Specify an identifier for this instance of _ExternalDNS_ wWhen using a registry other than `noop`. +txtOwnerId: +# -- (string) Specify a prefix for the domain names of TXT records created for the `txt` registry. +# Mutually exclusive with `txtSuffix`. +txtPrefix: +# -- (string) Specify a suffix for the domain names of TXT records created for the `txt` registry. +# Mutually exclusive with `txtPrefix`. +txtSuffix: + +## - Limit possible target zones by domain suffixes. +domainFilters: [] + +## -- Intentionally exclude domains from being managed. +excludeDomains: [] + +provider: + # -- _ExternalDNS_ provider name; for the available providers and how to configure them see [README](https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/README.md#providers). + name: aws + webhook: + image: + # -- (string) Image repository for the `webhook` container. + repository: + # -- (string) Image tag for the `webhook` container. + tag: + # -- Image pull policy for the `webhook` container. + pullPolicy: IfNotPresent + # -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `webhook` container. + env: [] + # -- Extra arguments to provide for the `webhook` container. + args: [] + # -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `webhook` container. + extraVolumeMounts: [] + # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `webhook` container. + resources: {} + # -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `webhook` container. + # @default -- See _values.yaml_ + securityContext: {} + # -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. + # @default -- See _values.yaml_ + livenessProbe: + httpGet: + path: /healthz + port: http-webhook + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + # -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `webhook` container. + # @default -- See _values.yaml_ + readinessProbe: + httpGet: + path: /healthz + port: http-webhook + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + service: + # -- Webhook exposed HTTP port for the service. + port: 8080 + # -- Optional [Service Monitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) configuration for the `webhook` container. + # @default -- See _values.yaml_ + serviceMonitor: + interval: + scheme: + tlsConfig: {} + bearerTokenFile: + scrapeTimeout: + metricRelabelings: [] + relabelings: [] + +# -- Extra arguments to provide to _ExternalDNS_. +extraArgs: [] + +secretConfiguration: + # -- If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**). + enabled: false + # -- Mount path for the `Secret`, this can be templated. + mountPath: + # -- Sub-path for mounting the `Secret`, this can be templated. + subPath: + # -- `Secret` data. + data: {} diff --git a/packages/system/external-dns/values.yaml b/packages/system/external-dns/values.yaml new file mode 100644 index 00000000..33627179 --- /dev/null +++ b/packages/system/external-dns/values.yaml @@ -0,0 +1,23 @@ +external-dns: + # -- How DNS records are synchronized between sources and providers; available values are `sync` & `upsert-only`. + policy: upsert-only + # -- Specify the registry for storing ownership and labels. + # Valid values are `txt`, `aws-sd`, `dynamodb` & `noop`. + registry: txt + # -- (string) Specify an identifier for this instance of _ExternalDNS_ wWhen using a registry other than `noop`. + txtOwnerId: + # -- (string) Specify a prefix for the domain names of TXT records created for the `txt` registry. + # Mutually exclusive with `txtSuffix`. + txtPrefix: + # -- (string) Specify a suffix for the domain names of TXT records created for the `txt` registry. + # Mutually exclusive with `txtPrefix`. + txtSuffix: + + ## - Limit possible target zones by domain suffixes. + domainFilters: [] + ## -- Intentionally exclude domains from being managed. + excludeDomains: [] + + # -- Specify the DNS provider (e.g., "aws", "google", "azure", etc.) + provider: + name: ""