Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-14 06:47:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7a09712495fc856b721b2a393a723eb9a6977bb3
charts/bitnami/external-dns/templates/deployment.yaml
Raphael Borg Ellul Vincenti c606938f87 [bitnami/external-dns] Fix/setting pdns api key (#2718) 
* fix the setting of an apiKey due to "not a method but has arguments"

* seperate definition of .Values.pdns.secretName

* bump Chart.yaml to 3.1.1

* Add suggested feedback

* Fix if condition

* [bitnami/external-dns] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: joancafom <jcarmona@bitnami.com>
Co-authored-by: Bitnami Containers <containers@bitnami.com>
2020-06-23 11:53:21 +02:00

563 lines
24 KiB
YAML
Executable File
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "external-dns.fullname" . }}
labels: {{ include "external-dns.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{ include "external-dns.labels" . | nindent 8 }}
annotations:
{{- if or .Values.podAnnotations .Values.metrics.enabled }}
{{ include "external-dns.podAnnotations" . | nindent 8 }}
{{- end }}
{{- if (include "external-dns.createSecret" .) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
spec:
{{- include "external-dns.imagePullSecrets" . | indent 6 }}
{{- if .Values.podSecurityContext }}
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity: {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "external-dns.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
containers:
- name: external-dns
image: "{{ template "external-dns.image" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
args:
# Generic arguments
{{- if .Values.logLevel }}
- --log-level={{ .Values.logLevel }}
{{- end }}
{{- if .Values.logFormat }}
- --log-format={{ .Values.logFormat }}
{{- end }}
{{- if .Values.dryRun }}
- --dry-run
{{- end }}
{{- if .Values.triggerLoopOnEvent }}
- --events
{{- end }}
{{- if .Values.namespace }}
- --namespace={{ .Values.namespace }}
{{- end }}
{{- if .Values.fqdnTemplates }}
- --fqdn-template={{ join "," .Values.fqdnTemplates }}{{/* Explicitly wants comma separated list */}}
{{- end }}
{{- if .Values.combineFQDNAnnotation }}
- --combine-fqdn-annotation
{{- end }}
{{- if and .Values.ignoreHostnameAnnotation .Values.fqdnTemplates }}
- --ignore-hostname-annotation
{{- end }}
{{- if .Values.publishInternalServices }}
- --publish-internal-services
{{- end }}
{{- if .Values.publishHostIP }}
- --publish-host-ip
{{- end }}
{{- range .Values.serviceTypeFilter }}
- --service-type-filter={{ . }}
{{- end }}
{{- range .Values.domainFilters }}
- --domain-filter={{ . }}
{{- end }}
{{- range .Values.excludeDomains }}
- --exclude-domains={{ . }}
{{- end }}
{{- range .Values.zoneIdFilters }}
- --zone-id-filter={{ . }}
{{- end }}
- --policy={{ .Values.policy }}
- --provider={{ .Values.provider }}
- --registry={{ .Values.registry }}
- --interval={{ .Values.interval }}
{{- if eq .Values.registry "txt" }}
{{- if .Values.txtOwnerId }}
- --txt-owner-id={{ .Values.txtOwnerId }}
{{- end }}
{{- if .Values.txtPrefix }}
- --txt-prefix={{ .Values.txtPrefix }}
{{- end }}
{{- end }}
{{- if .Values.annotationFilter }}
- --annotation-filter={{ .Values.annotationFilter }}
{{- end }}
{{- if .Values.crd.apiversion }}
- --crd-source-apiversion={{ .Values.crd.apiversion }}
{{- end }}
{{- if .Values.crd.kind }}
- --crd-source-kind={{ .Values.crd.kind }}
{{- end }}
{{- range .Values.sources }}
- --source={{ . }}
{{- end }}
{{- if eq .Values.provider "alibabacloud" }}
# Alibaba Cloud arguments
{{- if or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName }}
- --alibaba-cloud-config-file=/etc/kubernetes/alibaba-cloud.json
{{- end }}
{{- if .Values.alibabacloud.zoneType }}
- --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }}
{{- end }}
{{- end }}
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
# AWS arguments
{{- if .Values.aws.zoneType }}
- --aws-zone-type={{ .Values.aws.zoneType }}
{{- end }}
{{- if .Values.aws.assumeRoleArn }}
- --aws-assume-role={{ .Values.aws.assumeRoleArn }}
{{- end }}
{{- if .Values.aws.batchChangeSize }}
- --aws-batch-change-size={{ .Values.aws.batchChangeSize }}
{{- end }}
{{- end }}
{{- range .Values.aws.zoneTags }}
- --aws-zone-tags={{ . }}
{{- end }}
{{- if .Values.aws.preferCNAME }}
- --aws-prefer-cname
{{- end }}
{{- if and (kindIs "bool" .Values.aws.evaluateTargetHealth) (not .Values.aws.evaluateTargetHealth) }}
- --no-aws-evaluate-target-health
{{- end }}
{{- if or (and (eq .Values.provider "azure") (not .Values.azure.secretName)) (eq .Values.provider "azure-private-dns") }}
# Azure Arguments
{{- if .Values.azure.resourceGroup }}
- --azure-resource-group={{ .Values.azure.resourceGroup }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "azure-private-dns" }}
{{- if .Values.azure.subscriptionId }}
- --azure-subscription-id={{ .Values.azure.subscriptionId }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
# Cloudflare arguments
{{- if .Values.cloudflare.proxied }}
- --cloudflare-proxied
{{- end }}
{{- end }}
{{- if eq .Values.provider "google" }}
# Google Arguments
{{- if .Values.google.project }}
- --google-project={{ .Values.google.project }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
# Infloblox Arguments
- --infoblox-grid-host={{ .Values.infoblox.gridHost }}
{{- if .Values.infoblox.domainFilter }}
- --domain-filter={{ .Values.infoblox.domainFilter }}
{{- end }}
{{- if .Values.infoblox.wapiPort }}
- --infoblox-wapi-port={{ .Values.infoblox.wapiPort }}
{{- end }}
{{- if .Values.infoblox.wapiVersion }}
- --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }}
{{- end }}
{{- if .Values.infoblox.noSslVerify }}
- --no-infoblox-ssl-verify
{{- else }}
- --infoblox-ssl-verify
{{- end }}
{{- end }}
{{- if eq .Values.provider "rfc2136" }}
# RFC 2136 arguments
- --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }}
- --rfc2136-port={{ .Values.rfc2136.port }}
- --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }}
- --rfc2136-min-ttl={{ .Values.rfc2136.minTTL }}
{{- if .Values.rfc2136.tsigKeyname }}
- --rfc2136-tsig-secret-alg={{ .Values.rfc2136.tsigSecretAlg }}
- --rfc2136-tsig-keyname={{ .Values.rfc2136.tsigKeyname }}
{{- if .Values.rfc2136.tsigAxfr }}
- --rfc2136-tsig-axfr
{{- end }}
{{- else }}
- --rfc2136-insecure
{{- end }}
{{- end }}
{{- if eq .Values.provider "pdns" }}
# PowerDNS arguments
- --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }}
- --pdns-api-key=$(PDNS_API_KEY)
{{- end }}
{{- if eq .Values.provider "transip" }}
# TransIP arguments
- --transip-account={{ .Values.transip.account }}
- --transip-keyfile=/transip/transip-api-key
{{- end }}
{{- range $key, $value := .Values.extraArgs }}
# Extra arguments
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
env:
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
# AWS environment variables
{{- if .Values.aws.region }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.aws.region }}
{{- end }}
{{- if .Values.aws.roleArn }}
- name: AWS_CONFIG_FILE
value: {{ .Values.aws.credentials.mountPath }}/config
{{- end }}
{{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }}
- name: AWS_SHARED_CREDENTIALS_FILE
value: {{ .Values.aws.credentials.mountPath }}/credentials
{{- end }}
{{- end }}
{{- if eq .Values.provider "azure-private-dns" }}
# Azure Private DNS variables
{{- if .Values.azure.tenantId }}
- name: AZURE_TENANT_ID
value: {{ .Values.azure.tenantId }}
{{- end }}
{{- if or .Values.azure.aadClientId .Values.azure.aadClientSecret .Values.azure.secretName }}
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: azure_aad_client_secret
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: azure_aad_client_id
{{- end }}
{{- end }}
{{- if eq .Values.provider "cloudflare" }}
# Cloudflare environment variables
- name: CF_API_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: cloudflare_api_token
optional: true
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: cloudflare_api_key
optional: true
- name: CF_API_EMAIL
value: {{ .Values.cloudflare.email | quote }}
{{- end }}
{{- if eq .Values.provider "coredns" }}
# CoreDNS environment variables
- name: ETCD_URLS
value: {{ .Values.coredns.etcdEndpoints | quote }}
{{- if .Values.coredns.etcdTLS.enabled }}
- name: ETCD_CERT_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.certFilename }}
- name: ETCD_KEY_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.keyFilename }}
- name: ETCD_CA_FILE
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.caFilename }}
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate environment variables
{{- if .Values.designate.customCA.enabled }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: OPENSTACK_CA_FILE
value: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- if .Values.designate.username}}
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_username
{{- end }}
{{- if .Values.designate.password}}
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: designate_password
{{- end }}
{{- if .Values.designate.authUrl }}
- name: OS_AUTH_URL
value: {{ .Values.designate.authUrl }}
{{- end }}
{{- if .Values.designate.regionName }}
- name: OS_REGION_NAME
value: {{ .Values.designate.regionName }}
{{- end }}
{{- if .Values.designate.userDomainName }}
- name: OS_USER_DOMAIN_NAME
value: {{ .Values.designate.userDomainName }}
{{- end }}
{{- if .Values.designate.projectName }}
- name: OS_PROJECT_NAME
value: {{ .Values.designate.projectName }}
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }}
# DigitalOcean environment variables
- name: DO_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: digitalocean_api_token
{{- end }}
{{- if eq .Values.provider "google" }}
# Google environment variables
{{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /etc/secrets/service-account/credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "ovh" }}
# OVH environment variables
{{- if .Values.ovh.consumerKey }}
- name: OVH_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_consumer_key
{{- end }}
{{- if .Values.ovh.applicationKey }}
- name: OVH_APPLICATION_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_application_key
{{- end }}
{{- if .Values.ovh.applicationSecret }}
- name: OVH_APPLICATION_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: ovh_application_secret
{{- end }}
{{- end }}
{{- if eq .Values.provider "infoblox" }}
# Infloblox environment variables
{{- if .Values.infoblox.wapiConnectionPoolSize }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS
value: "{{ .Values.infoblox.wapiConnectionPoolSize }}"
{{- end }}
{{- if .Values.infoblox.wapiHttpTimeout }}
- name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT
value: "{{ .Values.infoblox.wapiHttpTimeout }}"
{{- end }}
{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }}
- name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_username
- name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: infoblox_wapi_password
{{- end }}
{{- end }}
{{- if and .Values.rfc2136.tsigSecret }}
# RFC 2136 environment variables
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: rfc2136_tsig_secret
{{- end }}
{{- if eq .Values.provider "pdns" }}
# PowerDNS environment variables
- name: PDNS_API_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: pdns_api_key
{{- end }}
{{- if eq .Values.provider "vinyldns" }}
# VinylDNS environment variables
{{- if .Values.vinyldns.host }}
- name: VINYLDNS_HOST
value: {{ .Values.vinyldns.host }}
{{- end }}
{{- if .Values.vinyldns.accessKey }}
- name: VINYLDNS_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-access-key
{{- end }}
{{- if .Values.vinyldns.secretKey }}
- name: VINYLDNS_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "external-dns.secretName" . }}
key: vinyldns-secret-key
{{- end }}
{{- end }}
{{- if .Values.extraEnv }}
# Extra environment variables
{{- toYaml .Values.extraEnv | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
readinessProbe: {{ toYaml .Values.readinessProbe | nindent 12 }}
livenessProbe: {{ toYaml .Values.livenessProbe | nindent 12 }}
{{- if .Values.securityContext }}
securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud mountPath(s)
- name: alibabacloud-config-file
mountPath: /etc/kubernetes/
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
# AWS mountPath(s)
- name: aws-credentials
mountPath: {{ .Values.aws.credentials.mountPath }}
readOnly: true
{{- end }}
{{- if eq .Values.provider "azure" }}
# Azure mountPath(s)
- name: azure-config-file
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
mountPath: /etc/kubernetes/
{{- else if not .Values.azure.useManagedIdentityExtension }}
mountPath: /etc/kubernetes/azure.json
{{- end }}
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
# CoreDNS mountPath(s)
- name: {{ .Values.coredns.etcdTLS.secretName }}
mountPath: {{ .Values.coredns.etcdTLS.mountPath }}
readOnly: true
{{- end }}
{{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }}
# Google mountPath(s)
- name: google-service-account
mountPath: /etc/secrets/service-account/
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate mountPath(s)
{{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }}
{{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true"}}
{{- else if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
mountPath: {{ .Values.designate.customCA.mountPath }}
readOnly: true
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
mountPath: {{ .Values.designate.customCAHostPath }}
readOnly: true
{{- end }}
{{- end }}
{{- if (eq .Values.provider "transip") }}
# TransIP mountPath(s)
- name: transip-api-key
mountPath: /transip
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
# Extra volume mount(s)
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
volumes:
{{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }}
# Alibaba Cloud volume(s)
- name: alibabacloud-config-file
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }}
# AWS volume(s)
- name: aws-credentials
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- end }}
{{- if eq .Values.provider "azure" }}
# Azure volume(s)
- name: azure-config-file
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- else if not .Values.azure.useManagedIdentityExtension }}
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
# CoreDNS volume(s)
- name: {{ .Values.coredns.etcdTLS.secretName }}
secret:
secretName: {{ .Values.coredns.etcdTLS.secretName }}
defaultMode: 400
{{- end }}
{{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }}
# Google volume(s)
- name: google-service-account
secret:
secretName: {{ template "external-dns.secretName" . }}
{{- if and .Values.google.serviceAccountSecret .Values.google.serviceAccountSecretKey }}
items:
- key: {{ .Values.google.serviceAccountSecretKey | quote }}
path: credentials.json
{{- end }}
{{- end }}
{{- if eq .Values.provider "designate" }}
# Designate volume(s)
{{- if .Values.designate.customCA.enabled }}
- name: designate-custom-ca
configMap:
name: {{ template "external-dns.fullname" . }}
items:
- key: {{ .Values.designate.customCA.filename }}
path: {{ .Values.designate.customCA.filename }}
{{- else if .Values.designate.customCAHostPath }}
- name: designate-custom-ca-hostpath
hostPath:
path: {{ .Values.designate.customCAHostPath }}
{{- end }}
{{- end }}
{{- if (eq .Values.provider "transip") }}
# TransIP volume(s)
- name: transip-api-key
secret:
name: {{ template "external-dns.fullname" . }}
{{- end }}
{{- if .Values.extraVolumes }}
# Extra volume(s)
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink