mirror of
https://github.com/bitnami/charts.git
synced 2026-03-09 15:38:00 +08:00
556b6028e1
* [bitnami/external-dns] Fix markdown errors in README.md * [bitnami/external-dns] Update components versions Signed-off-by: Bitnami Containers <containers@bitnami.com> * Bump chart version Co-authored-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
535 lines
15 KiB
YAML
535 lines
15 KiB
YAML
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
|
|
##
|
|
# global:
|
|
# imageRegistry: myRegistryName
|
|
# imagePullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Bitnami external-dns image version
|
|
## ref: https://hub.docker.com/r/bitnami/external-dns/tags/
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/external-dns
|
|
tag: 0.7.1-debian-10-r2
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## String to partially override external-dns.fullname template (will maintain the release name)
|
|
# nameOverride:
|
|
|
|
## String to fully override external-dns.fullname template
|
|
# fullnameOverride:
|
|
|
|
## K8s resources type to be observed for new DNS entries by ExternalDNS
|
|
##
|
|
sources:
|
|
# - crd
|
|
- service
|
|
- ingress
|
|
|
|
## DNS provider where the DNS records will be created. Available providers are:
|
|
## - aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, infoblox, rfc2136, transip
|
|
##
|
|
provider: aws
|
|
|
|
## Flags related to processing sources
|
|
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272
|
|
##
|
|
## Limit sources of endpoints to a specific namespace (default: all namespaces)
|
|
##
|
|
namespace: ""
|
|
## Templated strings that are used to generate DNS names from sources that don't define a hostname themselves
|
|
##
|
|
fqdnTemplates: []
|
|
## Combine FQDN template and annotations instead of overwriting
|
|
##
|
|
combineFQDNAnnotation: false
|
|
## Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set
|
|
##
|
|
ignoreHostnameAnnotation: false
|
|
## Allow external-dns to publish DNS records for ClusterIP services
|
|
##
|
|
publishInternalServices: false
|
|
## Allow external-dns to publish host-ip for headless services
|
|
##
|
|
publishHostIP: false
|
|
## The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName)
|
|
##
|
|
serviceTypeFilter: []
|
|
|
|
## AWS configuration to be set via arguments/env. variables
|
|
##
|
|
aws:
|
|
## AWS credentials
|
|
##
|
|
credentials:
|
|
secretKey: ""
|
|
accessKey: ""
|
|
## pre external-dns 0.5.9 home dir should be `/root/.aws`
|
|
##
|
|
mountPath: "/.aws"
|
|
## Use an existing secret with key "credentials" defined.
|
|
## This ignores aws.credentials.secretKey, and aws.credentials.accessKey
|
|
##
|
|
# secretName:
|
|
|
|
## AWS region
|
|
##
|
|
region: "us-east-1"
|
|
## Zone Filter. Available values are: public, private
|
|
##
|
|
zoneType: ""
|
|
## AWS Role to assume
|
|
##
|
|
assumeRoleArn: ""
|
|
## Maximum number of changes that will be applied in each batch
|
|
##
|
|
batchChangeSize: 1000
|
|
## AWS Zone tags
|
|
##
|
|
zoneTags: []
|
|
## Enable AWS Prefer CNAME. Available values are: true, false
|
|
##
|
|
preferCNAME: ""
|
|
## Enable AWS evaluation of target health. Available values are: true, false
|
|
##
|
|
evaluateTargetHealth: ""
|
|
## Azure configuration to be set via arguments/env. variables
|
|
##
|
|
azure:
|
|
## When a secret to load azure.json is not specified,
|
|
## the host's /etc/kubernetes/azure.json will be used
|
|
##
|
|
## Deprecated: please use tenantId, subscriptionId, aadClientId and aadClientSecret values instead.
|
|
##
|
|
secretName: ""
|
|
## Azure resource group to use
|
|
##
|
|
cloud: ""
|
|
## Azure Cloud to use
|
|
##
|
|
resourceGroup: ""
|
|
## Azure tenant ID to use
|
|
##
|
|
tenantId: ""
|
|
## Azure subscription ID to use
|
|
##
|
|
subscriptionId: ""
|
|
## Azure Application Client ID to use
|
|
##
|
|
aadClientId: ""
|
|
## Azure Application Client Secret to use
|
|
##
|
|
aadClientSecret: ""
|
|
## If you use Azure MSI, this should be set to true
|
|
##
|
|
useManagedIdentityExtension: false
|
|
|
|
## Cloudflare configuration to be set via arguments/env. variables
|
|
##
|
|
cloudflare:
|
|
## `CF_API_TOKEN` to set in the environment
|
|
##
|
|
apiToken: ""
|
|
## `CF_API_KEY` to set in the environment
|
|
##
|
|
apiKey: ""
|
|
## Use an existing secret with keys "cloudflare_api_token" or "cloudflare_api_key" defined.
|
|
## This ignores cloudflare.apiToken, and cloudflare.apiKey
|
|
##
|
|
# secretName:
|
|
## `CF_API_EMAIL` to set in the environment
|
|
##
|
|
email: ""
|
|
## Enable the proxy feature of Cloudflare
|
|
##
|
|
proxied: true
|
|
|
|
## CoreDNS configuration to be set via arguments/env variables
|
|
##
|
|
coredns:
|
|
## Comma-separated list of the etcd endpoints
|
|
## Secure (https) endpoints can be used as well, in that case `etcdTLS` section
|
|
## should be filled in accordingly
|
|
##
|
|
etcdEndpoints: "http://etcd-extdns:2379"
|
|
## Configuration of the secure communication and client authentication to the etcd cluster
|
|
## If enabled all the values under this key must hold a valid data
|
|
##
|
|
etcdTLS:
|
|
## Enable or disable secure communication and client authentication to the etcd cluster
|
|
##
|
|
enabled: false
|
|
## Name of the existing secret containing cert files for client communication
|
|
## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md
|
|
## ref (secret creation):
|
|
## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication
|
|
##
|
|
secretName: "etcd-client-certs"
|
|
## Location of the mounted certificates inside external-dns pod
|
|
##
|
|
mountPath: "/etc/coredns/tls/etcd"
|
|
## CA PEM file used to sign etcd TLS cert, should exist in the secret provided above
|
|
##
|
|
caFilename: "ca.crt"
|
|
## Certificate PEM file, should exist in the secret provided above
|
|
## Will be used by external-dns to authenticate against etcd
|
|
##
|
|
certFilename: "cert.pem"
|
|
## Private key PEM file, should exist in the secret provided above
|
|
## Will be used by external-dns to authenticate against etcd
|
|
##
|
|
keyFilename: "key.pem"
|
|
|
|
## OpenStack Designate provider configuration to be set via arguments/env. variables
|
|
##
|
|
designate:
|
|
## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret
|
|
## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument
|
|
##
|
|
# username: "someuser"
|
|
# password: "p@55w0rd"
|
|
# authUrl: "https://mykeystone.example.net:5000/v3/"
|
|
# regionName: "dev"
|
|
# userDomainName: "development"
|
|
# projectName: "myteamname"
|
|
|
|
## Use a host path custom CA (optional)
|
|
## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath
|
|
##
|
|
# customCAHostPath: /path/to/cafile
|
|
|
|
## Use a custom CA (optional)
|
|
##
|
|
customCA:
|
|
enabled: false
|
|
## The content of the custom CA file
|
|
##
|
|
content: ""
|
|
## Location to mount custom CA
|
|
##
|
|
mountPath: "/config/designate"
|
|
## Custom CA filename
|
|
##
|
|
filename: "designate-ca.pem"
|
|
|
|
## DigitalOcean configuration to be set via arguments/env. variables
|
|
##
|
|
digitalocean:
|
|
## `DO_TOKEN` to set in the environment
|
|
##
|
|
apiToken: ""
|
|
## Use an existing secret with key "digitalocean_api_token" defined.
|
|
## This ignores digitalocean.apiToken
|
|
##
|
|
# secretName:
|
|
|
|
## Google configuration to be set via arguments/env. variables
|
|
##
|
|
google:
|
|
## Google Project to use
|
|
##
|
|
project: ""
|
|
## Google Application Credentials
|
|
##
|
|
serviceAccountSecret: ""
|
|
serviceAccountSecretKey: "credentials.json"
|
|
serviceAccountKey: ""
|
|
|
|
## Infoblox configuration to be set via arguments/env. variables
|
|
##
|
|
infoblox:
|
|
## Required keys
|
|
##
|
|
wapiUsername: "admin"
|
|
wapiPassword: ""
|
|
gridHost: ""
|
|
## Optional keys
|
|
##
|
|
domainFilter: ""
|
|
noSslVerify: false
|
|
wapiPort: ""
|
|
wapiVersion: ""
|
|
wapiConnectionPoolSize: ""
|
|
wapiHttpTimeout: ""
|
|
|
|
## RFC 2136 configuration to be set via arguments/env. variables
|
|
##
|
|
rfc2136:
|
|
host: ""
|
|
port: 53
|
|
zone: ""
|
|
tsigSecret: ""
|
|
tsigSecretAlg: hmac-sha256
|
|
tsigKeyname: externaldns-key
|
|
tsigAxfr: true
|
|
|
|
## PowerDNS configuration to be set via arguments/env. variables
|
|
##
|
|
pdns:
|
|
apiUrl: ""
|
|
apiPort: "8081"
|
|
apiKey: ""
|
|
|
|
## TransIP configuration to be set via arguments/env. variables
|
|
##
|
|
transip:
|
|
## Account name to be used
|
|
##
|
|
account: ""
|
|
##
|
|
## API key that is authorised for the account
|
|
apiKey: ""
|
|
|
|
## Limit possible target zones by domain suffixes (optional)
|
|
##
|
|
domainFilters: []
|
|
## Limit possible target zones by zone id (optional)
|
|
##
|
|
zoneIdFilters: []
|
|
## Filter sources managed by external-dns via annotation using label selector semantics (optional)
|
|
##
|
|
annotationFilter: ""
|
|
## When enabled, prints DNS record changes rather than actually performing them
|
|
##
|
|
dryRun: false
|
|
## When enabled, triggers run loop on create/update/delete events (optional, in addition of regular interval)
|
|
##
|
|
triggerLoopOnEvent: false
|
|
## Adjust the interval for DNS updates
|
|
##
|
|
interval: "1m"
|
|
## Verbosity of the ExternalDNS logs. Available values are:
|
|
## - panic, debug, info, warn, error, fatal
|
|
##
|
|
logLevel: info
|
|
## Formats of the ExternalDNS logs. Available values are:
|
|
## - text, json
|
|
##
|
|
logFormat: text
|
|
## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only)
|
|
##
|
|
policy: upsert-only
|
|
## Registry Type. Available types are: txt, noop
|
|
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md
|
|
##
|
|
registry: "txt"
|
|
## TXT Registry Identifier
|
|
##
|
|
txtOwnerId: ""
|
|
## Prefix to create a TXT record with a name following the pattern prefix.<CNAME record>
|
|
##
|
|
# txtPrefix: ""
|
|
## Load balancer service to be used; ie: custom-istio-namespace/custom-istio-ingressgateway.
|
|
## Omit to use the default (istio-system/istio-ingressgateway)
|
|
##
|
|
istioIngressGateways: []
|
|
|
|
## Extra Arguments to passed to external-dns
|
|
##
|
|
extraArgs: {}
|
|
## Extra env. variable to set on external-dns container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
extraEnv: []
|
|
|
|
## Replica count
|
|
##
|
|
replicas: 1
|
|
|
|
## Affinity for pod assignment (this value is evaluated as a template)
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
## Node labels for pod assignment (this value is evaluated as a template)
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
##
|
|
nodeSelector: {}
|
|
## Tolerations for pod assignment (this value is evaluated as a template)
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
|
|
##
|
|
tolerations: []
|
|
## Annotations for external-dns pods
|
|
##
|
|
podAnnotations: {}
|
|
## Additional labels for the pod(s).
|
|
##
|
|
podLabels: {}
|
|
## Pod priority class name
|
|
##
|
|
priorityClassName: ""
|
|
|
|
## Options for the source type "crd"
|
|
##
|
|
crd:
|
|
## Install and use the integrated DNSEndpoint CRD
|
|
create: false
|
|
## Change these to use an external DNSEndpoint CRD (E.g. from kubefed)
|
|
apiversion: ""
|
|
kind: ""
|
|
|
|
## Kubernetes svc configutarion
|
|
##
|
|
service:
|
|
## Kubernetes svc type
|
|
##
|
|
type: ClusterIP
|
|
port: 7979
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types for the client port
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Static clusterIP or None for headless services
|
|
##
|
|
# clusterIP: ""
|
|
## External IP list to use with ClusterIP service type
|
|
##
|
|
externalIPs: []
|
|
## Use loadBalancerIP to request a specific static IP,
|
|
## otherwise leave blank
|
|
##
|
|
# loadBalancerIP:
|
|
## Address that are allowed when svc is LoadBalancer
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## Provide any additional annotations which may be required. This can be used to
|
|
## set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
annotations: {}
|
|
|
|
## RBAC parameteres
|
|
## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
|
|
##
|
|
rbac:
|
|
create: true
|
|
## Determine whether a Service Account should be created
|
|
## or reuse a exiting one
|
|
##
|
|
serviceAccountCreate: true
|
|
|
|
## Service Account for pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
##
|
|
serviceAccountName:
|
|
|
|
## Annotations for the Service Account
|
|
##
|
|
serviceAccountAnnotations: {}
|
|
## RBAC API version
|
|
##
|
|
apiVersion: v1beta1
|
|
## Podsecuritypolicy
|
|
##
|
|
pspEnabled: false
|
|
|
|
## Kubernetes Security Context
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## Example:
|
|
## securityContext:
|
|
## allowPrivilegeEscalation: false
|
|
## readOnlyRootFilesystem: true
|
|
## capabilities:
|
|
## drop: ["ALL"]
|
|
##
|
|
securityContext: {}
|
|
podSecurityContext:
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
# runAsNonRoot: true
|
|
|
|
## Configure resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 50m
|
|
# memory: 50Mi
|
|
# requests:
|
|
# memory: 50Mi
|
|
# cpu: 10m
|
|
|
|
## Liveness Probe. The block is directly forwarded into the deployment, so you can use whatever livenessProbe configuration you want.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
|
|
##
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 2
|
|
successThreshold: 1
|
|
## Readiness Probe. The block is directly forwarded into the deployment, so you can use whatever readinessProbe configuration you want.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
|
|
##
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Configure extra volumes
|
|
extraVolumes: []
|
|
|
|
## Configure extra volumeMounts
|
|
extraVolumeMounts: []
|
|
|
|
## Prometheus Exporter / Metrics
|
|
##
|
|
metrics:
|
|
enabled: false
|
|
## Metrics exporter pod Annotation and Labels
|
|
##
|
|
# podAnnotations:
|
|
# prometheus.io/scrape: "true"
|
|
# prometheus.io/port: "7979"
|
|
|
|
## Prometheus Operator ServiceMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
enabled: false
|
|
## Namespace in which Prometheus is running
|
|
##
|
|
# namespace: monitoring
|
|
|
|
## Interval at which metrics should be scraped.
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
# interval: 10s
|
|
|
|
## Timeout after which the scrape is ended
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
# scrapeTimeout: 10s
|
|
|
|
## ServiceMonitor selector labels
|
|
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
|
|
##
|
|
# selector:
|
|
# prometheus: my-prometheus
|