mirror of
https://github.com/bitnami/charts.git
synced 2026-03-15 14:57:16 +08:00
428 lines
17 KiB
YAML
Executable File
428 lines
17 KiB
YAML
Executable File
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
labels: {{ include "external-dns.labels" . | nindent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.replicas }}
|
|
selector:
|
|
matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
labels: {{ include "external-dns.labels" . | nindent 8 }}
|
|
annotations:
|
|
{{- if or .Values.podAnnotations .Values.metrics.enabled }}
|
|
{{ include "external-dns.podAnnotations" . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) (or .Values.cloudflare.apiToken .Values.cloudflare.apiKey) .Values.digitalocean.apiToken (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.rfc2136.tsigSecret .Values.extraEnv .Values.google.serviceAccountKey }}
|
|
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
|
{{- end }}
|
|
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
|
|
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
{{- end }}
|
|
spec:
|
|
{{- include "external-dns.imagePullSecrets" . | indent 6 }}
|
|
{{- if .Values.podSecurityContext }}
|
|
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity: {{ tpl (toYaml .) $ | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations: {{ tpl (toYaml .) $ | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.rbac.create }}
|
|
serviceAccountName: {{ template "external-dns.fullname" . }}
|
|
{{- else }}
|
|
serviceAccountName: {{ .Values.rbac.serviceAccountName | quote }}
|
|
{{- end }}
|
|
{{- if .Values.priorityClassName }}
|
|
priorityClassName: {{ .Values.priorityClassName | quote }}
|
|
{{- end }}
|
|
containers:
|
|
- name: external-dns
|
|
image: "{{ template "external-dns.image" . }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
|
args:
|
|
# Generic arguments
|
|
{{- if .Values.logLevel }}
|
|
- --log-level={{ .Values.logLevel }}
|
|
{{- end }}
|
|
{{- if .Values.logFormat }}
|
|
- --log-format={{ .Values.logFormat }}
|
|
{{- end }}
|
|
{{- if .Values.dryRun }}
|
|
- --dry-run
|
|
{{- end }}
|
|
{{- if .Values.namespace }}
|
|
- --namespace={{ .Values.namespace }}
|
|
{{- end }}
|
|
{{- if .Values.fqdnTemplates }}
|
|
- --fqdn-template={{ join "," .Values.fqdnTemplates }}{{/* Explicitly wants comma separated list */}}
|
|
{{- end }}
|
|
{{- if .Values.combineFQDNAnnotation }}
|
|
- --combine-fqdn-annotation
|
|
{{- end }}
|
|
{{- if and .Values.ignoreHostnameAnnotation .Values.fqdnTemplates }}
|
|
- --ignore-hostname-annotation
|
|
{{- end }}
|
|
{{- if .Values.publishInternalServices }}
|
|
- --publish-internal-services
|
|
{{- end }}
|
|
{{- if .Values.publishHostIP }}
|
|
- --publish-host-ip
|
|
{{- end }}
|
|
{{- range .Values.serviceTypeFilter }}
|
|
- --service-type-filter={{ . }}
|
|
{{- end }}
|
|
{{- range .Values.domainFilters }}
|
|
- --domain-filter={{ . }}
|
|
{{- end }}
|
|
{{- range .Values.zoneIdFilters }}
|
|
- --zone-id-filter={{ . }}
|
|
{{- end }}
|
|
- --policy={{ .Values.policy }}
|
|
- --provider={{ .Values.provider }}
|
|
- --registry={{ .Values.registry }}
|
|
- --interval={{ .Values.interval }}
|
|
{{- if eq .Values.registry "txt" }}
|
|
{{- if .Values.txtOwnerId }}
|
|
- --txt-owner-id={{ .Values.txtOwnerId }}
|
|
{{- end }}
|
|
{{- if .Values.txtPrefix }}
|
|
- --txt-prefix={{ .Values.txtPrefix }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.annotationFilter }}
|
|
- --annotation-filter={{ .Values.annotationFilter }}
|
|
{{- end }}
|
|
{{- if .Values.crd.apiversion }}
|
|
- --crd-source-apiversion={{ .Values.crd.apiversion }}
|
|
{{- end }}
|
|
{{- if .Values.crd.kind }}
|
|
- --crd-source-kind={{ .Values.crd.kind }}
|
|
{{- end }}
|
|
{{- range .Values.istioIngressGateways }}
|
|
- --istio-ingress-gateway={{ . }}
|
|
{{- end }}
|
|
{{- range .Values.sources }}
|
|
- --source={{ . }}
|
|
{{- end }}
|
|
# AWS arguments
|
|
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
|
|
{{- if .Values.aws.zoneType }}
|
|
- --aws-zone-type={{ .Values.aws.zoneType }}
|
|
{{- end }}
|
|
{{- if .Values.aws.assumeRoleArn }}
|
|
- --aws-assume-role={{ .Values.aws.assumeRoleArn }}
|
|
{{- end }}
|
|
{{- if .Values.aws.batchChangeSize }}
|
|
- --aws-batch-change-size={{ .Values.aws.batchChangeSize }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- range .Values.aws.zoneTags }}
|
|
- --aws-zone-tags={{ . }}
|
|
{{- end }}
|
|
{{- if .Values.aws.preferCNAME }}
|
|
- --aws-prefer-cname
|
|
{{- end }}
|
|
{{- if .Values.aws.evaluateTargetHealth }}
|
|
- --aws-evaluate-target-health={{ . }}
|
|
{{- end }}
|
|
# Azure Arguments
|
|
{{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }}
|
|
{{- if .Values.azure.resourceGroup }}
|
|
- --azure-resource-group={{ .Values.azure.resourceGroup }}
|
|
{{- end }}
|
|
{{- if .Values.azure.subscriptionId }}
|
|
- --azure-subscription-id={{ .Values.azure.subscriptionId }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# Cloudflare arguments
|
|
{{- if eq .Values.provider "cloudflare" }}
|
|
{{- if .Values.cloudflare.proxied }}
|
|
- --cloudflare-proxied
|
|
{{- end }}
|
|
{{- end }}
|
|
# Google Arguments
|
|
{{- if eq .Values.provider "google" }}
|
|
- --google-project={{ .Values.google.project }}
|
|
{{- end }}
|
|
# Infloblox Arguments
|
|
{{- if eq .Values.provider "infoblox" }}
|
|
- --infoblox-grid-host={{ .Values.infoblox.gridHost }}
|
|
{{- if .Values.infoblox.domainFilter }}
|
|
- --domain-filter={{ .Values.infoblox.domainFilter }}
|
|
{{- end }}
|
|
{{- if .Values.infoblox.wapiPort }}
|
|
- --infoblox-wapi-port={{ .Values.infoblox.wapiPort }}
|
|
{{- end }}
|
|
{{- if .Values.infoblox.wapiVersion }}
|
|
- --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }}
|
|
{{- end }}
|
|
{{- if .Values.infoblox.noSslVerify }}
|
|
- --no-infoblox-ssl-verify
|
|
{{- else }}
|
|
- --infoblox-ssl-verify
|
|
{{- end }}
|
|
{{- end }}
|
|
# RFC 2136 arguments
|
|
{{- if eq .Values.provider "rfc2136" }}
|
|
- --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }}
|
|
- --rfc2136-port={{ .Values.rfc2136.port }}
|
|
- --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }}
|
|
{{- if .Values.rfc2136.tsigKeyname }}
|
|
- --rfc2136-tsig-secret-alg={{ .Values.rfc2136.tsigSecretAlg }}
|
|
- --rfc2136-tsig-keyname={{ .Values.rfc2136.tsigKeyname }}
|
|
{{- if .Values.rfc2136.tsigAxfr }}
|
|
- --rfc2136-tsig-axfr
|
|
{{- end }}
|
|
{{- else }}
|
|
- --rfc2136-insecure
|
|
{{- end }}
|
|
{{- end }}
|
|
# PowerDNS arguments
|
|
{{- if eq .Values.provider "pdns" }}
|
|
- --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }}
|
|
- --pdns-api-key=$(PDNS_API_KEY)
|
|
{{- end }}
|
|
# Extra arguments
|
|
{{- range $key, $value := .Values.extraArgs }}
|
|
{{- if $value }}
|
|
- --{{ $key }}={{ $value }}
|
|
{{- else }}
|
|
- --{{ $key }}
|
|
{{- end }}
|
|
{{- end }}
|
|
env:
|
|
# AWS environment variables
|
|
{{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }}
|
|
{{- if .Values.aws.region }}
|
|
- name: AWS_DEFAULT_REGION
|
|
value: {{ .Values.aws.region }}
|
|
{{- end }}
|
|
{{- if .Values.aws.roleArn }}
|
|
- name: AWS_CONFIG_FILE
|
|
value: {{ .Values.aws.credentials.mountPath }}/config
|
|
{{- end }}
|
|
{{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }}
|
|
- name: AWS_SHARED_CREDENTIALS_FILE
|
|
value: {{ .Values.aws.credentials.mountPath }}/credentials
|
|
{{- end }}
|
|
{{- end }}
|
|
# Azure Private DNS variables
|
|
{{- if eq .Values.provider "azure-private-dns" }}
|
|
{{- if .Values.azure.tenantId }}
|
|
- name: AZURE_TENANT_ID
|
|
value: {{ .Values.azure.tenantId }}
|
|
{{- end }}
|
|
{{- if .Values.azure.aadClientId }}
|
|
- name: AZURE_CLIENT_ID
|
|
value: {{ .Values.azure.aadClientId }}
|
|
{{- end }}
|
|
{{- if .Values.azure.aadClientSecret }}
|
|
- name: AZURE_CLIENT_SECRET
|
|
value: {{ .Values.azure.aadClientSecret }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# Cloudflare environment variables
|
|
{{- if eq .Values.provider "cloudflare" }}
|
|
{{- if .Values.cloudflare.apiToken }}
|
|
- name: CF_API_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
key: cloudflare_api_token
|
|
{{- else }}
|
|
- name: CF_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
key: cloudflare_api_key
|
|
- name: CF_API_EMAIL
|
|
value: {{ required "cloudflare.email is required if cloudflare.apiToken is not provided" .Values.cloudflare.email | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# CoreDNS environment variables
|
|
{{- if eq .Values.provider "coredns" }}
|
|
- name: ETCD_URLS
|
|
value: {{ .Values.coredns.etcdEndpoints | quote }}
|
|
{{- if .Values.coredns.etcdTLS.enabled }}
|
|
- name: ETCD_CERT_FILE
|
|
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.certFilename }}
|
|
- name: ETCD_KEY_FILE
|
|
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.keyFilename }}
|
|
- name: ETCD_CA_FILE
|
|
value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.caFilename }}
|
|
{{- end }}
|
|
{{- end }}
|
|
# DigitalOcean environment variables
|
|
{{- if eq .Values.provider "digitalocean" }}
|
|
{{- if .Values.digitalocean.apiToken }}
|
|
- name: DO_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
key: digitalocean_api_token
|
|
{{- end }}
|
|
{{- end }}
|
|
# Google environment variables
|
|
{{- if eq .Values.provider "google" }}
|
|
{{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }}
|
|
- name: GOOGLE_APPLICATION_CREDENTIALS
|
|
value: /etc/secrets/service-account/credentials.json
|
|
{{- end }}
|
|
{{- end }}
|
|
# Infloblox environment variables
|
|
{{- if eq .Values.provider "infoblox" }}
|
|
{{- if .Values.infoblox.wapiConnectionPoolSize }}
|
|
- name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS
|
|
value: "{{ .Values.infoblox.wapiConnectionPoolSize }}"
|
|
{{- end }}
|
|
{{- if .Values.infoblox.wapiHttpTimeout }}
|
|
- name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT
|
|
value: "{{ .Values.infoblox.wapiHttpTimeout }}"
|
|
{{- end }}
|
|
{{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }}
|
|
- name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
key: infoblox_wapi_username
|
|
- name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
key: infoblox_wapi_password
|
|
{{- end }}
|
|
{{- end }}
|
|
# RFC 2136 environment variables
|
|
{{- if and .Values.rfc2136.tsigSecret }}
|
|
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
key: rfc2136_tsig_secret
|
|
{{- end }}
|
|
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
|
|
- name: OPENSTACK_CA_FILE
|
|
value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }}
|
|
{{- end }}
|
|
# PowerDNS environment variables
|
|
{{- if and (eq .Values.provider "pdns") .Values.pdns.apiKey }}
|
|
- name: PDNS_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
key: pdns_api_key
|
|
{{- end }}
|
|
# Extra environment variables
|
|
{{- if .Values.extraEnv }}
|
|
{{ toYaml .Values.extraEnv | nindent 8 }}
|
|
{{- end }}
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.service.port }}
|
|
readinessProbe: {{ toYaml .Values.readinessProbe | nindent 10 }}
|
|
livenessProbe: {{ toYaml .Values.livenessProbe | nindent 10 }}
|
|
{{- if .Values.securityContext }}
|
|
securityContext: {{ toYaml .Values.securityContext | nindent 10 }}
|
|
{{- end }}
|
|
{{- if .Values.resources }}
|
|
resources: {{ toYaml .Values.resources | nindent 10 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
# AWS mountPath(s)
|
|
{{- if and (eq .Values.provider "aws") (or .Values.aws.assumeRoleArn (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey)) }}
|
|
- name: aws-credentials
|
|
mountPath: {{ .Values.aws.credentials.mountPath }}
|
|
readOnly: true
|
|
{{- end }}
|
|
# Azure mountPath(s)
|
|
{{- if eq .Values.provider "azure" }}
|
|
- name: azure-config-file
|
|
{{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
|
|
mountPath: /etc/kubernetes/
|
|
{{- else if not .Values.azure.useManagedIdentityExtension }}
|
|
mountPath: /etc/kubernetes/azure.json
|
|
{{- end }}
|
|
readOnly: true
|
|
{{- end }}
|
|
# CoreDNS mountPath(s)
|
|
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
|
|
- name: {{ .Values.coredns.etcdTLS.secretName }}
|
|
mountPath: {{ .Values.coredns.etcdTLS.mountPath }}
|
|
readOnly: true
|
|
{{- end }}
|
|
# Google mountPath(s)
|
|
{{- if eq .Values.provider "google" }}
|
|
{{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }}
|
|
- name: google-service-account
|
|
mountPath: /etc/secrets/service-account/
|
|
{{- end }}
|
|
{{- end }}
|
|
# Designate mountPath(s)
|
|
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
|
|
- name: designate-custom-ca
|
|
mountPath: {{ .Values.designate.customCA.mountPath }}
|
|
readOnly: true
|
|
{{- end }}
|
|
volumes:
|
|
# AWS volume(s)
|
|
{{- if and (eq .Values.provider "aws") (or .Values.aws.assumeRoleArn (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey)) }}
|
|
- name: aws-credentials
|
|
secret:
|
|
secretName: {{ template "external-dns.fullname" . }}
|
|
{{- end }}
|
|
# Azure volume(s)
|
|
{{- if eq .Values.provider "azure" }}
|
|
- name: azure-config-file
|
|
{{- if .Values.azure.secretName }}
|
|
secret:
|
|
secretName: {{ .Values.azure.secretName }}
|
|
{{- else if (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }}
|
|
secret:
|
|
secretName: {{ template "external-dns.fullname" . }}
|
|
{{- else if not .Values.azure.useManagedIdentityExtension }}
|
|
hostPath:
|
|
path: /etc/kubernetes/azure.json
|
|
type: File
|
|
{{- end }}
|
|
{{- end }}
|
|
# CoreDNS volume(s)
|
|
{{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }}
|
|
- name: {{ .Values.coredns.etcdTLS.secretName }}
|
|
secret:
|
|
secretName: {{ .Values.coredns.etcdTLS.secretName }}
|
|
defaultMode: 400
|
|
{{- end }}
|
|
# Google volume(s)
|
|
{{- if eq .Values.provider "google" }}
|
|
{{- if .Values.google.serviceAccountSecret }}
|
|
- name: google-service-account
|
|
secret:
|
|
secretName: {{ .Values.google.serviceAccountSecret | quote }}
|
|
{{- if .Values.google.serviceAccountSecretKey }}
|
|
items:
|
|
- key: {{ .Values.google.serviceAccountSecretKey | quote }}
|
|
path: credentials.json
|
|
{{- end }}
|
|
{{- else if .Values.google.serviceAccountKey }}
|
|
- name: google-service-account
|
|
secret:
|
|
secretName: {{ template "external-dns.fullname" . }}
|
|
{{- end}}
|
|
{{- end }}
|
|
# Designate volume(s)
|
|
{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }}
|
|
- name: designate-custom-ca
|
|
configMap:
|
|
name: {{ template "external-dns.fullname" . }}
|
|
items:
|
|
- key: {{ .Values.designate.customCA.filename }}
|
|
path: {{ .Values.designate.customCA.filename }}
|
|
{{- end }}
|