external dns helm chart

kubernetes/system/external-dns/argo-app.yaml

@@ -3,19 +3,26 @@ kind: Application
 metadata:
   name: external-dns
   namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
   finalizers:
-    - resources-finalizer.argocd.argoproj.io
+      - resources-finalizer.argocd.argoproj.io
 spec:
   project: default
   destination:
-    server: https://kubernetes.default.svc
     namespace: external-dns
-  source:
-    repoURL: https://github.com/ThomasCardin/homelab.git
-    path: kubernetes/system/external-dns/base
-    targetRevision: HEAD
+    server: https://kubernetes.default.svc
+  sources:
+    - chart: external-dns
+      helm:
+        releaseName: external-dns
+        valueFiles:
+          - $values/kubernetes/system/external-dns/helm/values.yaml
+      repoURL: https://kubernetes-sigs.github.io/external-dns/
+      targetRevision: 1.14.5
+    - repoURL: https://github.com/ThomasCardin/homelab.git
+      targetRevision: HEAD
+      ref: values
   syncPolicy:
     automated:
       selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

kubernetes/system/external-dns/helm/values.yaml

@@ -0,0 +1,301 @@
+# Default values for external-dns.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  # -- Image repository for the `external-dns` container.
+  repository: registry.k8s.io/external-dns/external-dns
+  # -- (string) Image tag for the `external-dns` container, this will default to `.Chart.AppVersion` if not set.
+  tag:
+  # -- Image pull policy for the `external-dns` container.
+  pullPolicy: IfNotPresent
+
+# -- Image pull secrets.
+imagePullSecrets: []
+
+# -- (string) Override the name of the chart.
+nameOverride:
+
+# -- (string) Override the full name of the chart.
+fullnameOverride:
+
+# -- Labels to add to all chart resources.
+commonLabels: {}
+
+serviceAccount:
+  # -- If `true`, create a new `ServiceAccount`.
+  create: true
+  # -- Labels to add to the service account.
+  labels: {}
+  # -- Annotations to add to the service account.
+  annotations: {}
+  # -- (string) If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use.
+  name:
+  # -- Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`.
+  automountServiceAccountToken:
+
+service:
+  # -- Service annotations.
+  annotations: {}
+  # -- Service HTTP port.
+  port: 7979
+  # -- Service IP families.
+  ipFamilies: []
+  # -- (string) Service IP family policy.
+  ipFamilyPolicy:
+
+rbac:
+  # -- If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API.
+  create: true
+  # -- Additional rules to add to the `ClusterRole`.
+  additionalPermissions: []
+
+# -- Annotations to add to the `Deployment`.
+deploymentAnnotations: {}
+
+# -- Extra containers to add to the `Deployment`.
+extraContainers: {}
+
+# -- [Deployment Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy).
+deploymentStrategy:
+  type: Recreate
+
+# -- (int) Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``.
+revisionHistoryLimit:
+
+# -- Labels to add to the `Pod`.
+podLabels: {}
+
+# -- Annotations to add to the `Pod`.
+podAnnotations: {}
+
+# -- (bool) Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `Pod`.
+automountServiceAccountToken:
+
+# -- If `true`, the `Pod` will have [process namespace sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) enabled.
+shareProcessNamespace: false
+
+# -- [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation.
+# @default -- See _values.yaml_
+podSecurityContext:
+  runAsNonRoot: true
+  fsGroup: 65534
+  seccompProfile:
+    type: RuntimeDefault
+
+# -- (string) Priority class name for the `Pod`.
+priorityClassName:
+
+# -- (int) Termination grace period for the `Pod` in seconds.
+terminationGracePeriodSeconds:
+
+# -- (string) [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for the pod, if not set the default will be used.
+dnsPolicy:
+
+# -- (object) [DNS config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config) for the pod, if not set the default will be used.
+dnsConfig:
+
+# -- [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) to add to the `Pod` definition.
+initContainers: []
+
+# -- [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `external-dns` container.
+# @default -- See _values.yaml_
+securityContext:
+  privileged: false
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 65532
+  runAsGroup: 65532
+  capabilities:
+    drop: ["ALL"]
+
+# -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `external-dns` container.
+env: []
+
+# -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container.
+# @default -- See _values.yaml_
+livenessProbe:
+  httpGet:
+    path: /healthz
+    port: http
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 2
+  successThreshold: 1
+
+# -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container.
+# @default -- See _values.yaml_
+readinessProbe:
+  httpGet:
+    path: /healthz
+    port: http
+  initialDelaySeconds: 5
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+# -- Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`.
+extraVolumes: []
+
+# -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `external-dns` container.
+extraVolumeMounts: []
+
+# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container.
+resources: {}
+
+# -- Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+nodeSelector: {}
+
+# -- Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels.
+affinity: {}
+
+# -- Topology spread constraints for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided one will be created from the pod selector labels.
+topologySpreadConstraints: []
+
+# -- Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+tolerations: []
+
+serviceMonitor:
+  # -- If `true`, create a `ServiceMonitor` resource to support the _Prometheus Operator_.
+  enabled: true
+  # -- Additional labels for the `ServiceMonitor`.
+  additionalLabels:
+    release: kube-prometheus-stack
+  # -- Annotations to add to the `ServiceMonitor`.
+  annotations: {}
+  # -- (string) If set create the `ServiceMonitor` in an alternate namespace.
+  namespace: monitoring
+  # -- (string) If set override the _Prometheus_ default interval.
+  interval: 30s
+  # -- (string) If set override the _Prometheus_ default scrape timeout.
+  scrapeTimeout: 10s
+  # -- (string) If set overrides the _Prometheus_ default scheme.
+  scheme:
+  # -- Configure the `ServiceMonitor` [TLS config](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig).
+  tlsConfig: {}
+  # -- (string) Provide a bearer token file for the `ServiceMonitor`.
+  bearerTokenFile:
+  # -- [Relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before ingestion.
+  relabelings: []
+  # -- [Metric relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion.
+  metricRelabelings: []
+  # -- Provide target labels for the `ServiceMonitor`.
+  targetLabels: []
+
+# -- Log level.
+logLevel: info
+
+# -- Log format.
+logFormat: text
+
+# -- Interval for DNS updates.
+interval: 1m
+
+# -- If `true`, triggers run loop on create/update/delete events in addition of regular interval.
+triggerLoopOnEvent: false
+
+# -- if `true`, _ExternalDNS_ will run in a namespaced scope (`Role`` and `Rolebinding`` will be namespaced too).
+namespaced: false
+
+# -- _Kubernetes_ resources to monitor for DNS entries.
+sources:
+  - service
+  - ingress
+
+# -- How DNS records are synchronized between sources and providers; available values are `sync` & `upsert-only`.
+policy: upsert-only
+
+# -- Specify the registry for storing ownership and labels.
+# Valid values are `txt`, `aws-sd`, `dynamodb` & `noop`.
+registry: txt
+# -- (string) Specify an identifier for this instance of _ExternalDNS_ wWhen using a registry other than `noop`.
+txtOwnerId:
+# -- (string) Specify a prefix for the domain names of TXT records created for the `txt` registry.
+# Mutually exclusive with `txtSuffix`.
+txtPrefix:
+# -- (string) Specify a suffix for the domain names of TXT records created for the `txt` registry.
+# Mutually exclusive with `txtPrefix`.
+txtSuffix:
+
+## - Limit possible target zones by domain suffixes.
+domainFilters: []
+
+## -- Intentionally exclude domains from being managed.
+excludeDomains: []
+
+provider:
+  # -- _ExternalDNS_ provider name; for the available providers and how to configure them see [README](https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/README.md#providers).
+  name: cloudflare
+  webhook:
+    image:
+      # -- (string) Image repository for the `webhook` container.
+      repository:
+      # -- (string) Image tag for the `webhook` container.
+      tag:
+      # -- Image pull policy for the `webhook` container.
+      pullPolicy: IfNotPresent
+    # -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `webhook` container.
+    env:
+      - name: CF_API_KEY
+        value: "ce2277909a5917bc9655fbe1b84180efedceb"
+      - name: CF_API_EMAIL
+        value: "[email protected]"
+    # -- Extra arguments to provide for the `webhook` container.
+    args:
+      - --cloudflare-proxied
+      - --domain-filter=ninebasetwo.net
+    # -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `webhook` container.
+    extraVolumeMounts: []
+    # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `webhook` container.
+    resources: {}
+    # -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `webhook` container.
+    # @default -- See _values.yaml_
+    securityContext: {}
+    # -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container.
+    # @default -- See _values.yaml_
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: http-webhook
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 5
+      failureThreshold: 2
+      successThreshold: 1
+    # -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `webhook` container.
+    # @default -- See _values.yaml_
+    readinessProbe:
+      httpGet:
+        path: /healthz
+        port: http-webhook
+      initialDelaySeconds: 5
+      periodSeconds: 10
+      timeoutSeconds: 5
+      failureThreshold: 6
+      successThreshold: 1
+    # -- Optional [Service Monitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) configuration for the `webhook` container.
+    # @default -- See _values.yaml_
+    serviceMonitor:
+      interval:
+      scheme:
+      tlsConfig: {}
+      bearerTokenFile:
+      scrapeTimeout:
+      metricRelabelings: []
+      relabelings: []
+
+# -- Extra arguments to provide to _ExternalDNS_.
+extraArgs: []
+
+secretConfiguration:
+  # -- If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**).
+  enabled: false
+  # -- Mount path for the `Secret`, this can be templated.
+  mountPath:
+  # -- Sub-path for mounting the `Secret`, this can be templated.
+  subPath:
+  # -- `Secret` data.
+  data: {}