diff --git a/bitnami/external-dns/Chart.lock b/bitnami/external-dns/Chart.lock index 25c090e811..ae9af03e9e 100644 --- a/bitnami/external-dns/Chart.lock +++ b/bitnami/external-dns/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.11.1 -digest: sha256:a000bcd4d4cdd813c67d633b5523b4a4cd478fb95f1cae665d9b0ba5c45b40e2 -generated: "2022-02-09T10:47:10.878081658Z" + version: 1.11.3 +digest: sha256:d5f850d857edd58b32c0e10652f6ec3ce5018def5542f2bcef38fd7fa0079d6b +generated: "2022-03-08T11:53:10.50033852+01:00" diff --git a/bitnami/external-dns/Chart.yaml b/bitnami/external-dns/Chart.yaml index 12e3226f0d..ca2b997d1d 100644 --- a/bitnami/external-dns/Chart.yaml +++ b/bitnami/external-dns/Chart.yaml @@ -24,4 +24,4 @@ sources: - https://github.com/kubernetes-sigs/external-dns - https://github.com/bitnami/bitnami-docker-external-dns - https://github.com/kubernetes-sigs/external-dns -version: 6.1.8 +version: 6.2.0 diff --git a/bitnami/external-dns/README.md b/bitnami/external-dns/README.md index d7d6256b4d..d226415fd8 100755 --- a/bitnami/external-dns/README.md +++ b/bitnami/external-dns/README.md @@ -73,242 +73,248 @@ The command removes all the Kubernetes components associated with the chart and ### external-dns parameters -| Name | Description | Value | -| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `image.registry` | ExternalDNS image registry | `docker.io` | -| `image.repository` | ExternalDNS image repository | `bitnami/external-dns` | -| `image.tag` | ExternalDNS Image tag (immutable tags are recommended) | `0.10.2-debian-10-r27` | -| `image.pullPolicy` | ExternalDNS image pull policy | `IfNotPresent` | -| `image.pullSecrets` | ExternalDNS image pull secrets | `[]` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `updateStrategy` | update strategy type | `{}` | -| `command` | Override kiam default command | `[]` | -| `args` | Override kiam default args | `[]` | -| `sources` | K8s resources type to be observed for new DNS entries by ExternalDNS | `[]` | -| `provider` | DNS provider where the DNS records will be created. | `aws` | -| `initContainers` | Attach additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `namespace` | Limit sources of endpoints to a specific namespace (default: all namespaces) | `""` | -| `fqdnTemplates` | Templated strings that are used to generate DNS names from sources that don't define a hostname themselves | `[]` | -| `containerPorts.http` | HTTP Container port | `7979` | -| `combineFQDNAnnotation` | Combine FQDN template and annotations instead of overwriting | `false` | -| `ignoreHostnameAnnotation` | Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set | `false` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services | `false` | -| `publishHostIP` | Allow external-dns to publish host-ip for headless services | `false` | -| `serviceTypeFilter` | The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName) | `[]` | -| `alibabacloud.accessKeyId` | When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional) | `""` | -| `alibabacloud.accessKeySecret` | When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional) | `""` | -| `alibabacloud.regionId` | When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional) | `""` | -| `alibabacloud.vpcId` | Alibaba Cloud VPC Id | `""` | -| `alibabacloud.secretName` | Use an existing secret with key "alibaba-cloud.json" defined. | `""` | -| `alibabacloud.zoneType` | Zone Filter. Available values are: public, private, or no value for both | `""` | -| `aws.credentials.secretKey` | When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional) | `""` | -| `aws.credentials.accessKey` | When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional) | `""` | -| `aws.credentials.mountPath` | When using the AWS provider, determine `mountPath` for `credentials` secret | `/.aws` | -| `aws.credentials.secretName` | Use an existing secret with key "credentials" defined. | `""` | -| `aws.region` | When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional) | `us-east-1` | -| `aws.zoneType` | When using the AWS provider, filter for zones of this type (optional, options: public, private) | `""` | -| `aws.assumeRoleArn` | When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon | `""` | -| `aws.roleArn` | Specify role ARN to the external-dns daemon | `""` | -| `aws.apiRetries` | Maximum number of retries for AWS API calls before giving up | `3` | -| `aws.batchChangeSize` | When using the AWS provider, set the maximum number of changes that will be applied in each batch | `1000` | -| `aws.zoneTags` | When using the AWS provider, filter for zones with these tags | `[]` | -| `aws.preferCNAME` | When using the AWS provider, replaces Alias records with CNAME (options: true, false) | `""` | -| `aws.evaluateTargetHealth` | When using the AWS provider, sets the evaluate target health flag (options: true, false) | `""` | -| `azure.secretName` | When using the Azure provider, set the secret containing the `azure.json` file | `""` | -| `azure.cloud` | When using the Azure provider, set the Azure Cloud | `""` | -| `azure.resourceGroup` | When using the Azure provider, set the Azure Resource Group | `""` | -| `azure.tenantId` | When using the Azure provider, set the Azure Tenant ID | `""` | -| `azure.subscriptionId` | When using the Azure provider, set the Azure Subscription ID | `""` | -| `azure.aadClientId` | When using the Azure provider, set the Azure AAD Client ID | `""` | -| `azure.aadClientSecret` | When using the Azure provider, set the Azure AAD Client Secret | `""` | -| `azure.useManagedIdentityExtension` | When using the Azure provider, set if you use Azure MSI | `false` | -| `azure.userAssignedIdentityID` | When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used) | `""` | -| `cloudflare.apiToken` | When using the Cloudflare provider, `CF_API_TOKEN` to set (optional) | `""` | -| `cloudflare.apiKey` | When using the Cloudflare provider, `CF_API_KEY` to set (optional) | `""` | -| `cloudflare.secretName` | When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key. | `""` | -| `cloudflare.email` | When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY | `""` | -| `cloudflare.proxied` | When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional) | `true` | -| `coredns.etcdEndpoints` | When using the CoreDNS provider, set etcd backend endpoints (comma-separated list) | `http://etcd-extdns:2379` | -| `coredns.etcdTLS.enabled` | When using the CoreDNS provider, enable secure communication with etcd | `false` | -| `coredns.etcdTLS.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | -| `coredns.etcdTLS.secretName` | When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys | `etcd-client-certs` | -| `coredns.etcdTLS.mountPath` | When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to | `/etc/coredns/tls/etcd` | -| `coredns.etcdTLS.caFilename` | When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName` | `ca.crt` | -| `coredns.etcdTLS.certFilename` | When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName` | `cert.pem` | -| `coredns.etcdTLS.keyFilename` | When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName` | `key.pem` | -| `designate.username` | When using the Designate provider, specify the OpenStack authentication username. (optional) | `""` | -| `designate.password` | When using the Designate provider, specify the OpenStack authentication password. (optional) | `""` | -| `designate.authUrl` | When using the Designate provider, specify the OpenStack authentication Url. (optional) | `""` | -| `designate.regionName` | When using the Designate provider, specify the OpenStack region name. (optional) | `""` | -| `designate.userDomainName` | When using the Designate provider, specify the OpenStack user domain name. (optional) | `""` | -| `designate.projectName` | When using the Designate provider, specify the OpenStack project name. (optional) | `""` | -| `designate.username` | When using the Designate provider, specify the OpenStack authentication username. (optional) | `""` | -| `designate.customCAHostPath` | When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled` | `""` | -| `designate.customCA.enabled` | When using the Designate provider, enable a custom CA (optional) | `false` | -| `designate.customCA.content` | When using the Designate provider, set the content of the custom CA | `""` | -| `designate.customCA.mountPath` | When using the Designate provider, set the mountPath in which to mount the custom CA configuration | `/config/designate` | -| `designate.customCA.filename` | When using the Designate provider, set the custom CA configuration filename | `designate-ca.pem` | -| `digitalocean.apiToken` | When using the DigitalOcean provider, `DO_TOKEN` to set (optional) | `""` | -| `digitalocean.secretName` | Use an existing secret with key "digitalocean_api_token" defined. | `""` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google) | `""` | -| `google.serviceAccountSecret` | When using the Google provider, specify the existing secret which contains credentials.json (optional) | `""` | -| `google.serviceAccountSecretKey` | When using the Google provider with an existing secret, specify the key name (optional) | `credentials.json` | -| `google.serviceAccountKey` | When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional) | `""` | -| `google.zoneVisibility` | When using the Google provider, fiter for zones of a specific visibility (private or public) | `""` | -| `hetzner.token` | When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.) | `""` | -| `hetzner.secretName` | When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional) | `""` | -| `hetzner.secretKey` | When using the Hetzner provider with an existing secret, specify the key name (optional) | `hetzner_token` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username | `admin` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox) | `""` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox) | `""` | -| `infoblox.view` | Infoblox view | `""` | -| `infoblox.secretName` | Existing secret name, when in place wapiUsername and wapiPassword are not required | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, specify the domain (optional) | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, disable SSL verification (optional) | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, specify the Infoblox WAPI port (optional) | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, specify the Infoblox WAPI version (optional) | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional) | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional) | `""` | -| `infoblox.maxResults` | When using the Infoblox provider, specify the Infoblox Max Results (optional) | `""` | -| `linode.apiToken` | When using the Linode provider, `LINODE_TOKEN` to set (optional) | `""` | -| `linode.secretName` | Use an existing secret with key "linode_api_token" defined. | `""` | -| `ns1.minTTL` | When using the ns1 provider, specify minimal TTL, as an integer, for records | `10` | -| `ovh.consumerKey` | When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | -| `ovh.applicationKey` | When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | -| `ovh.applicationSecret` | When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | -| `ovh.secretName` | When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh`. | `""` | -| `scaleway.scwAccessKey` | When using the Scaleway provider, specify an existing access key. (required when provider=scaleway) | `""` | -| `scaleway.scwSecretKey` | When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway) | `""` | -| `scaleway.scwDefaultOrganizationId` | When using the Scaleway provider, specify the existing organization id. (required when provider=scaleway) | `""` | -| `rfc2136.host` | When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136) | `""` | -| `rfc2136.port` | When using the rfc2136 provider, specify the RFC2136 port (optional) | `53` | -| `rfc2136.zone` | When using the rfc2136 provider, specify the zone (required when provider=rfc2136) | `""` | -| `rfc2136.tsigSecret` | When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional) | `""` | -| `rfc2136.secretName` | When using the rfc2136 provider, specify the existing secret which contains your tsig secret. Disables the usage of `rfc2136.tsigSecret` (optional) | `""` | -| `rfc2136.tsigSecretAlg` | When using the rfc2136 provider, specify the tsig secret to enable security (optional) | `hmac-sha256` | -| `rfc2136.tsigKeyname` | When using the rfc2136 provider, specify the tsig keyname to enable security (optional) | `externaldns-key` | -| `rfc2136.tsigAxfr` | When using the rfc2136 provider, enable AFXR to enable security (optional) | `true` | -| `rfc2136.minTTL` | When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration | `0s` | -| `rfc2136.rfc3645Enabled` | When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG | `false` | -| `rfc2136.kerberosConfig` | When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional) | `""` | -| `rfc2136.kerberosUsername` | When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional) | `""` | -| `rfc2136.kerberosPassword` | When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional) | `""` | -| `rfc2136.kerberosRealm` | When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true) | `""` | -| `pdns.apiUrl` | When using the PowerDNS provider, specify the API URL of the server. | `""` | -| `pdns.apiPort` | When using the PowerDNS provider, specify the API port of the server. | `8081` | -| `pdns.apiKey` | When using the PowerDNS provider, specify the API key of the server. | `""` | -| `pdns.secretName` | When using the PowerDNS provider, specify as secret name containing the API Key | `""` | -| `transip.account` | When using the TransIP provider, specify the account name. | `""` | -| `transip.apiKey` | When using the TransIP provider, specify the API key to use. | `""` | -| `vinyldns.host` | When using the VinylDNS provider, specify the VinylDNS API host. | `""` | -| `vinyldns.accessKey` | When using the VinylDNS provider, specify the Access Key to use. | `""` | -| `vinyldns.secretKey` | When using the VinylDNS provider, specify the Secret key to use. | `""` | -| `domainFilters` | Limit possible target zones by domain suffixes (optional) | `[]` | -| `excludeDomains` | Exclude subdomains (optional) | `[]` | -| `regexDomainFilter` | Limit possible target zones by regex domain suffixes (optional) | `""` | -| `regexDomainExclusion` | Exclude subdomains by using regex pattern (optional) | `""` | -| `zoneNameFilters` | Filter target zones by zone domain (optional) | `[]` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector (optional) | `""` | -| `labelFilter` | Select sources managed by external-dns using label selector (optional) | `""` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional) | `false` | -| `triggerLoopOnEvent` | When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional) | `false` | -| `interval` | Interval update period to use | `1m` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace) | `info` | -| `logFormat` | Which format to output logs in (options: text, json) | `text` | -| `policy` | Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only ) | `upsert-only` | -| `registry` | Registry method to use (options: txt, aws-sd, noop) | `txt` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) (Mutual exclusive with txt-suffix) | `""` | -| `txtSuffix` | When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix) | `""` | -| `txtOwnerId` | A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional) | `""` | -| `forceTxtOwnerId` | (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional) | `false` | -| `extraArgs` | Extra arguments to be passed to external-dns | `{}` | -| `extraEnvVars` | An array to add extra env vars | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `lifecycleHooks` | Override default etcd container hooks | `{}` | -| `schedulerName` | Alternative scheduler | `""` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `replicaCount` | Desired number of ExternalDNS replicas | `1` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `podLabels` | Additional labels to be added to pods | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `secretAnnotations` | Additional annotations to apply to the secret | `{}` | -| `crd.create` | Install and use the integrated DNSEndpoint CRD | `false` | -| `crd.apiversion` | Sets the API version for the CRD to watch | `""` | -| `crd.kind` | Sets the kind for the CRD to watch | `""` | -| `service.enabled` | Whether to create Service resource or not | `true` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.ports.http` | ExternalDNS client port | `7979` | -| `service.nodePorts.http` | Port to bind to for NodePort service type (client port) | `""` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.labels` | Provide any additional labels which may be required. | `{}` | -| `serviceAccount.create` | Determine whether a Service Account should be created or it should reuse a exiting one. | `true` | -| `serviceAccount.name` | ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set | `""` | -| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` | -| `rbac.create` | Whether to create & use RBAC resources or not | `true` | -| `rbac.clusterRole` | Whether to create Cluster Role. When set to false creates a Role in `namespace` | `true` | -| `rbac.apiVersion` | Version of the RBAC API | `v1` | -| `rbac.pspEnabled` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `containerSecurityContext` | Security context for the container | `{}` | -| `podSecurityContext.enabled` | Enable pod security context | `true` | -| `podSecurityContext.fsGroup` | Group ID for the container | `1001` | -| `podSecurityContext.runAsUser` | User ID for the container | `1001` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `2` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `extraVolumes` | A list of volumes to be added to the pod | `[]` | -| `extraVolumeMounts` | A list of volume mounts to be added to the pod | `[]` | -| `podDisruptionBudget` | Configure PodDisruptionBudget | `{}` | -| `metrics.enabled` | Enable prometheus to access external-dns metrics endpoint | `false` | -| `metrics.podAnnotations` | Annotations for enabling prometheus to access the metrics endpoint | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Additional labels for ServiceMonitor object | `{}` | -| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.relabelings` | Prometheus relabeling rules | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | - +| Name | Description | Value | +|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------| +| `image.registry` | ExternalDNS image registry | `docker.io` | +| `image.repository` | ExternalDNS image repository | `bitnami/external-dns` | +| `image.tag` | ExternalDNS Image tag (immutable tags are recommended) | `0.10.2-debian-10-r27` | +| `image.pullPolicy` | ExternalDNS image pull policy | `IfNotPresent` | +| `image.pullSecrets` | ExternalDNS image pull secrets | `[]` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `updateStrategy` | update strategy type | `{}` | +| `command` | Override kiam default command | `[]` | +| `args` | Override kiam default args | `[]` | +| `sources` | K8s resources type to be observed for new DNS entries by ExternalDNS | `[]` | +| `provider` | DNS provider where the DNS records will be created. | `aws` | +| `initContainers` | Attach additional init containers to the pod (evaluated as a template) | `[]` | +| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | +| `namespace` | Limit sources of endpoints to a specific namespace (default: all namespaces) | `""` | +| `fqdnTemplates` | Templated strings that are used to generate DNS names from sources that don't define a hostname themselves | `[]` | +| `containerPorts.http` | HTTP Container port | `7979` | +| `combineFQDNAnnotation` | Combine FQDN template and annotations instead of overwriting | `false` | +| `ignoreHostnameAnnotation` | Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set | `false` | +| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services | `false` | +| `publishHostIP` | Allow external-dns to publish host-ip for headless services | `false` | +| `serviceTypeFilter` | The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName) | `[]` | +| `alibabacloud.accessKeyId` | When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional) | `""` | +| `alibabacloud.accessKeySecret` | When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional) | `""` | +| `alibabacloud.regionId` | When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional) | `""` | +| `alibabacloud.vpcId` | Alibaba Cloud VPC Id | `""` | +| `alibabacloud.secretName` | Use an existing secret with key "alibaba-cloud.json" defined. | `""` | +| `alibabacloud.zoneType` | Zone Filter. Available values are: public, private, or no value for both | `""` | +| `aws.credentials.secretKey` | When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional) | `""` | +| `aws.credentials.accessKey` | When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional) | `""` | +| `aws.credentials.mountPath` | When using the AWS provider, determine `mountPath` for `credentials` secret | `/.aws` | +| `aws.credentials.secretName` | Use an existing secret with key "credentials" defined. | `""` | +| `aws.region` | When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional) | `us-east-1` | +| `aws.zoneType` | When using the AWS provider, filter for zones of this type (optional, options: public, private) | `""` | +| `aws.assumeRoleArn` | When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon | `""` | +| `aws.roleArn` | Specify role ARN to the external-dns daemon | `""` | +| `aws.apiRetries` | Maximum number of retries for AWS API calls before giving up | `3` | +| `aws.batchChangeSize` | When using the AWS provider, set the maximum number of changes that will be applied in each batch | `1000` | +| `aws.zoneTags` | When using the AWS provider, filter for zones with these tags | `[]` | +| `aws.preferCNAME` | When using the AWS provider, replaces Alias records with CNAME (options: true, false) | `""` | +| `aws.evaluateTargetHealth` | When using the AWS provider, sets the evaluate target health flag (options: true, false) | `""` | +| `azure.secretName` | When using the Azure provider, set the secret containing the `azure.json` file | `""` | +| `azure.cloud` | When using the Azure provider, set the Azure Cloud | `""` | +| `azure.resourceGroup` | When using the Azure provider, set the Azure Resource Group | `""` | +| `azure.tenantId` | When using the Azure provider, set the Azure Tenant ID | `""` | +| `azure.subscriptionId` | When using the Azure provider, set the Azure Subscription ID | `""` | +| `azure.aadClientId` | When using the Azure provider, set the Azure AAD Client ID | `""` | +| `azure.aadClientSecret` | When using the Azure provider, set the Azure AAD Client Secret | `""` | +| `azure.useManagedIdentityExtension` | When using the Azure provider, set if you use Azure MSI | `false` | +| `azure.userAssignedIdentityID` | When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used) | `""` | +| `cloudflare.apiToken` | When using the Cloudflare provider, `CF_API_TOKEN` to set (optional) | `""` | +| `cloudflare.apiKey` | When using the Cloudflare provider, `CF_API_KEY` to set (optional) | `""` | +| `cloudflare.secretName` | When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key. | `""` | +| `cloudflare.email` | When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY | `""` | +| `cloudflare.proxied` | When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional) | `true` | +| `coredns.etcdEndpoints` | When using the CoreDNS provider, set etcd backend endpoints (comma-separated list) | `http://etcd-extdns:2379` | +| `coredns.etcdTLS.enabled` | When using the CoreDNS provider, enable secure communication with etcd | `false` | +| `coredns.etcdTLS.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `coredns.etcdTLS.secretName` | When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys | `etcd-client-certs` | +| `coredns.etcdTLS.mountPath` | When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to | `/etc/coredns/tls/etcd` | +| `coredns.etcdTLS.caFilename` | When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName` | `ca.crt` | +| `coredns.etcdTLS.certFilename` | When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName` | `cert.pem` | +| `coredns.etcdTLS.keyFilename` | When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName` | `key.pem` | +| `designate.username` | When using the Designate provider, specify the OpenStack authentication username. (optional) | `""` | +| `designate.password` | When using the Designate provider, specify the OpenStack authentication password. (optional) | `""` | +| `designate.authUrl` | When using the Designate provider, specify the OpenStack authentication Url. (optional) | `""` | +| `designate.regionName` | When using the Designate provider, specify the OpenStack region name. (optional) | `""` | +| `designate.userDomainName` | When using the Designate provider, specify the OpenStack user domain name. (optional) | `""` | +| `designate.projectName` | When using the Designate provider, specify the OpenStack project name. (optional) | `""` | +| `designate.username` | When using the Designate provider, specify the OpenStack authentication username. (optional) | `""` | +| `designate.customCAHostPath` | When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled` | `""` | +| `designate.customCA.enabled` | When using the Designate provider, enable a custom CA (optional) | `false` | +| `designate.customCA.content` | When using the Designate provider, set the content of the custom CA | `""` | +| `designate.customCA.mountPath` | When using the Designate provider, set the mountPath in which to mount the custom CA configuration | `/config/designate` | +| `designate.customCA.filename` | When using the Designate provider, set the custom CA configuration filename | `designate-ca.pem` | +| `digitalocean.apiToken` | When using the DigitalOcean provider, `DO_TOKEN` to set (optional) | `""` | +| `digitalocean.secretName` | Use an existing secret with key "digitalocean_api_token" defined. | `""` | +| `google.project` | When using the Google provider, specify the Google project (required when provider=google) | `""` | +| `google.serviceAccountSecret` | When using the Google provider, specify the existing secret which contains credentials.json (optional) | `""` | +| `google.serviceAccountSecretKey` | When using the Google provider with an existing secret, specify the key name (optional) | `credentials.json` | +| `google.serviceAccountKey` | When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional) | `""` | +| `google.zoneVisibility` | When using the Google provider, fiter for zones of a specific visibility (private or public) | `""` | +| `hetzner.token` | When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.) | `""` | +| `hetzner.secretName` | When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional) | `""` | +| `hetzner.secretKey` | When using the Hetzner provider with an existing secret, specify the key name (optional) | `hetzner_token` | +| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username | `admin` | +| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox) | `""` | +| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox) | `""` | +| `infoblox.view` | Infoblox view | `""` | +| `infoblox.secretName` | Existing secret name, when in place wapiUsername and wapiPassword are not required | `""` | +| `infoblox.domainFilter` | When using the Infoblox provider, specify the domain (optional) | `""` | +| `infoblox.noSslVerify` | When using the Infoblox provider, disable SSL verification (optional) | `false` | +| `infoblox.wapiPort` | When using the Infoblox provider, specify the Infoblox WAPI port (optional) | `""` | +| `infoblox.wapiVersion` | When using the Infoblox provider, specify the Infoblox WAPI version (optional) | `""` | +| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional) | `""` | +| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional) | `""` | +| `infoblox.maxResults` | When using the Infoblox provider, specify the Infoblox Max Results (optional) | `""` | +| `linode.apiToken` | When using the Linode provider, `LINODE_TOKEN` to set (optional) | `""` | +| `linode.secretName` | Use an existing secret with key "linode_api_token" defined. | `""` | +| `ns1.minTTL` | When using the ns1 provider, specify minimal TTL, as an integer, for records | `10` | +| `oci.region` | When using the OCI provider, specify the region, where your zone is located in. | `""` | +| `oci.tenancyOCID` | When using the OCI provider, specify your Tenancy OCID | `""` | +| `oci.userOCID` | When using the OCI provider, specify your User OCID | `""` | +| `oci.compartmentOCID` | When using the OCI provider, specify your Compartment OCID where your DNS Zone is located in. | `""` | +| `oci.privateKey` | When using the OCI provider, paste in your RSA private key file for the Oracle API | `""` | +| `oci.privateKeyFingerprint` | When using the OCI provider, put in the fingerprint of your privateKey | `-----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----` | +| `oci.privateKeyPassphrase` | When using the OCI provider and your privateKey has a passphrase, put it in here. (optional) | `""` | +| `ovh.consumerKey` | When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | +| `ovh.applicationKey` | When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | +| `ovh.applicationSecret` | When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | +| `ovh.secretName` | When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh`. | `""` | +| `scaleway.scwAccessKey` | When using the Scaleway provider, specify an existing access key. (required when provider=scaleway) | `""` | +| `scaleway.scwSecretKey` | When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway) | `""` | +| `scaleway.scwDefaultOrganizationId` | When using the Scaleway provider, specify the existing organization id. (required when provider=scaleway) | `""` | +| `rfc2136.host` | When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136) | `""` | +| `rfc2136.port` | When using the rfc2136 provider, specify the RFC2136 port (optional) | `53` | +| `rfc2136.zone` | When using the rfc2136 provider, specify the zone (required when provider=rfc2136) | `""` | +| `rfc2136.tsigSecret` | When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional) | `""` | +| `rfc2136.secretName` | When using the rfc2136 provider, specify the existing secret which contains your tsig secret. Disables the usage of `rfc2136.tsigSecret` (optional) | `""` | +| `rfc2136.tsigSecretAlg` | When using the rfc2136 provider, specify the tsig secret to enable security (optional) | `hmac-sha256` | +| `rfc2136.tsigKeyname` | When using the rfc2136 provider, specify the tsig keyname to enable security (optional) | `externaldns-key` | +| `rfc2136.tsigAxfr` | When using the rfc2136 provider, enable AFXR to enable security (optional) | `true` | +| `rfc2136.minTTL` | When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration | `0s` | +| `rfc2136.rfc3645Enabled` | When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG | `false` | +| `rfc2136.kerberosConfig` | When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional) | `""` | +| `rfc2136.kerberosUsername` | When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional) | `""` | +| `rfc2136.kerberosPassword` | When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional) | `""` | +| `rfc2136.kerberosRealm` | When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true) | `""` | +| `pdns.apiUrl` | When using the PowerDNS provider, specify the API URL of the server. | `""` | +| `pdns.apiPort` | When using the PowerDNS provider, specify the API port of the server. | `8081` | +| `pdns.apiKey` | When using the PowerDNS provider, specify the API key of the server. | `""` | +| `pdns.secretName` | When using the PowerDNS provider, specify as secret name containing the API Key | `""` | +| `transip.account` | When using the TransIP provider, specify the account name. | `""` | +| `transip.apiKey` | When using the TransIP provider, specify the API key to use. | `""` | +| `vinyldns.host` | When using the VinylDNS provider, specify the VinylDNS API host. | `""` | +| `vinyldns.accessKey` | When using the VinylDNS provider, specify the Access Key to use. | `""` | +| `vinyldns.secretKey` | When using the VinylDNS provider, specify the Secret key to use. | `""` | +| `domainFilters` | Limit possible target zones by domain suffixes (optional) | `[]` | +| `excludeDomains` | Exclude subdomains (optional) | `[]` | +| `regexDomainFilter` | Limit possible target zones by regex domain suffixes (optional) | `""` | +| `regexDomainExclusion` | Exclude subdomains by using regex pattern (optional) | `""` | +| `zoneNameFilters` | Filter target zones by zone domain (optional) | `[]` | +| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | +| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector (optional) | `""` | +| `labelFilter` | Select sources managed by external-dns using label selector (optional) | `""` | +| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional) | `false` | +| `triggerLoopOnEvent` | When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional) | `false` | +| `interval` | Interval update period to use | `1m` | +| `logLevel` | Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace) | `info` | +| `logFormat` | Which format to output logs in (options: text, json) | `text` | +| `policy` | Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only ) | `upsert-only` | +| `registry` | Registry method to use (options: txt, aws-sd, noop) | `txt` | +| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) (Mutual exclusive with txt-suffix) | `""` | +| `txtSuffix` | When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix) | `""` | +| `txtOwnerId` | A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional) | `""` | +| `forceTxtOwnerId` | (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional) | `false` | +| `extraArgs` | Extra arguments to be passed to external-dns | `{}` | +| `extraEnvVars` | An array to add extra env vars | `[]` | +| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | +| `lifecycleHooks` | Override default etcd container hooks | `{}` | +| `schedulerName` | Alternative scheduler | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `replicaCount` | Desired number of ExternalDNS replicas | `1` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | +| `podLabels` | Additional labels to be added to pods | `{}` | +| `priorityClassName` | priorityClassName | `""` | +| `secretAnnotations` | Additional annotations to apply to the secret | `{}` | +| `crd.create` | Install and use the integrated DNSEndpoint CRD | `false` | +| `crd.apiversion` | Sets the API version for the CRD to watch | `""` | +| `crd.kind` | Sets the kind for the CRD to watch | `""` | +| `service.enabled` | Whether to create Service resource or not | `true` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.ports.http` | ExternalDNS client port | `7979` | +| `service.nodePorts.http` | Port to bind to for NodePort service type (client port) | `""` | +| `service.clusterIP` | IP address to assign to service | `""` | +| `service.externalIPs` | Service external IP addresses | `[]` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | +| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Annotations to add to service | `{}` | +| `service.labels` | Provide any additional labels which may be required. | `{}` | +| `serviceAccount.create` | Determine whether a Service Account should be created or it should reuse a exiting one. | `true` | +| `serviceAccount.name` | ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` | +| `rbac.create` | Whether to create & use RBAC resources or not | `true` | +| `rbac.clusterRole` | Whether to create Cluster Role. When set to false creates a Role in `namespace` | `true` | +| `rbac.apiVersion` | Version of the RBAC API | `v1` | +| `rbac.pspEnabled` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `containerSecurityContext` | Security context for the container | `{}` | +| `podSecurityContext.enabled` | Enable pod security context | `true` | +| `podSecurityContext.fsGroup` | Group ID for the container | `1001` | +| `podSecurityContext.runAsUser` | User ID for the container | `1001` | +| `resources.limits` | The resources limits for the container | `{}` | +| `resources.requests` | The requested resources for the container | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `2` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `extraVolumes` | A list of volumes to be added to the pod | `[]` | +| `extraVolumeMounts` | A list of volume mounts to be added to the pod | `[]` | +| `podDisruptionBudget` | Configure PodDisruptionBudget | `{}` | +| `metrics.enabled` | Enable prometheus to access external-dns metrics endpoint | `false` | +| `metrics.podAnnotations` | Annotations for enabling prometheus to access the metrics endpoint | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.selector` | Additional labels for ServiceMonitor object | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | +| `metrics.serviceMonitor.relabelings` | Prometheus relabeling rules | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/bitnami/external-dns/templates/_helpers.tpl b/bitnami/external-dns/templates/_helpers.tpl index cc0b5a6fd8..0c748a3b63 100644 --- a/bitnami/external-dns/templates/_helpers.tpl +++ b/bitnami/external-dns/templates/_helpers.tpl @@ -134,6 +134,8 @@ Return true if a secret object should be created {{- true -}} {{- else if and (eq .Values.provider "linode") .Values.linode.apiToken (not .Values.linode.secretName) -}} {{- true -}} +{{- else if and (eq .Values.provider "oci") .Values.oci.privateKeyFingerprint (not .Values.oci.secretName) -}} + {{- true -}} {{- else if and (eq .Values.provider "rfc2136") (or .Values.rfc2136.tsigSecret (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword)) (not .Values.rfc2136.secretName) -}} {{- true -}} {{- else if and (eq .Values.provider "pdns") .Values.pdns.apiKey (not .Values.pdns.secretName) -}} @@ -183,6 +185,8 @@ Return the name of the Secret used to store the passwords {{- .Values.hetzner.secretName -}} {{- else if and (eq .Values.provider "linode") .Values.linode.secretName }} {{- .Values.linode.secretName }} +{{- else if and (eq .Values.provider "oci") .Values.oci.secretName }} +{{- .Values.oci.secretName }} {{- else if and (eq .Values.provider "ovh") .Values.ovh.secretName }} {{- .Values.ovh.secretName }} {{- else if and (eq .Values.provider "pdns") .Values.pdns.secretName }} @@ -244,6 +248,19 @@ region = {{ .Values.aws.region }} {{- end }} } {{ end }} +{{- define "external-dns.oci-credentials" -}} +auth: + region: {{ .Values.oci.region }} + tenancy: {{ .Values.oci.tenancyOCID }} + user: {{ .Values.oci.userOCID }} + key: {{ toYaml .Values.oci.privateKey | indent 4 }} + fingerprint: {{ .Values.oci.privateKeyFingerprint }} + # Omit if there is not a password for the key + {{- if .Values.oci.privateKeyPassphrase }} + passphrase: {{ .Values.oci.privateKeyPassphrase }} + {{- end }} +compartment: {{ .Values.oci.compartmentOCID }} +{{ end }} {{/* Compile all warnings into a single message, and call fail. diff --git a/bitnami/external-dns/templates/deployment.yaml b/bitnami/external-dns/templates/deployment.yaml index fd1c932768..8eb4c417b0 100755 --- a/bitnami/external-dns/templates/deployment.yaml +++ b/bitnami/external-dns/templates/deployment.yaml @@ -628,6 +628,10 @@ spec: - name: google-service-account mountPath: /etc/secrets/service-account/ {{- end }} + {{- if eq .Values.provider "oci" }} + - name: oci-config-file + mountPath: /etc/kubernetes/ + {{- end }} {{- if eq .Values.provider "designate" }} # Designate mountPath(s) {{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }} @@ -688,6 +692,11 @@ spec: type: File {{- end }} {{- end }} + {{- if (eq .Values.provider "oci")}} + - name: oci-config-file + secret: + secretName: {{ template "external-dns.secretName" . }} + {{- end }} {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} # CoreDNS volume(s) - name: {{ include "external-dns.tlsSecretName" . }} diff --git a/bitnami/external-dns/templates/secret.yaml b/bitnami/external-dns/templates/secret.yaml index 55e68f8183..81ffeebec7 100644 --- a/bitnami/external-dns/templates/secret.yaml +++ b/bitnami/external-dns/templates/secret.yaml @@ -53,6 +53,9 @@ data: {{- if eq .Values.provider "linode" }} linode_api_token: {{ .Values.linode.apiToken | b64enc | quote }} {{- end }} + {{- if eq .Values.provider "oci" }} + oci.yaml: {{ include "external-dns.oci-credentials" . | b64enc | quote }} + {{- end }} {{- if eq .Values.provider "pdns" }} pdns_api_key: {{ .Values.pdns.apiKey | b64enc | quote }} {{- end }} diff --git a/bitnami/external-dns/values.yaml b/bitnami/external-dns/values.yaml index 684f0d88dd..fa232b3d59 100644 --- a/bitnami/external-dns/values.yaml +++ b/bitnami/external-dns/values.yaml @@ -97,7 +97,7 @@ sources: # - contour-httpproxy ## @param provider DNS provider where the DNS records will be created. ## Available providers are: -## - alibabacloud, aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, hetzner, infoblox, linode, rfc2136, transip +## - alibabacloud, aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, hetzner, infoblox, linode, rfc2136, transip, oci ## provider: aws ## @param initContainers Attach additional init containers to the pod (evaluated as a template) @@ -423,11 +423,40 @@ linode: ## This ignores linode.apiToken ## secretName: "" + ## NS1 configuration to be set via arguments/env. variables ## @param ns1.minTTL When using the ns1 provider, specify minimal TTL, as an integer, for records ## ns1: minTTL: 10 + +## oci configuration to be set via arguments/env. variables +## +oci: + ## @param oci.region When using the OCI provider, specify the region, where your zone is located in. + ## + region: "" + ## @param oci.tenancyOCID When using the OCI provider, specify your Tenancy OCID + ## + tenancyOCID: "" + ## @param oci.userOCID When using the OCI provider, specify your User OCID + ## + userOCID: "" + ## @param oci.compartmentOCID When using the OCI provider, specify your Compartment OCID where your DNS Zone is located in. + ## + compartmentOCID: "" + ## @param oci.privateKey When using the OCI provider, paste in your RSA private key file for the Oracle API + ## + privateKey: | + -----BEGIN RSA PRIVATE KEY----- + -----END RSA PRIVATE KEY----- + ## @param oci.privateKeyFingerprint When using the OCI provider, put in the fingerprint of your privateKey + ## + privateKeyFingerprint: "" + ## @param oci.privateKeyPassphrase When using the OCI provider and your privateKey has a passphrase, put it in here. (optional) + ## + privateKeyPassphrase: "" + ## OVH configuration to be set via arguments/env. variables ## ovh: