From f78eaff58832036b457eba314a79839275f6a231 Mon Sep 17 00:00:00 2001 From: ThomasCardin Date: Thu, 4 Jul 2024 09:35:43 -0400 Subject: [PATCH] external dns helm chart --- kubernetes/system/external-dns/argo-app.yaml | 23 +- .../external-dns/base/external-dns.yaml | 28 -- .../system/external-dns/helm/values.yaml | 301 ++++++++++++++++++ 3 files changed, 316 insertions(+), 36 deletions(-) delete mode 100644 kubernetes/system/external-dns/base/external-dns.yaml create mode 100644 kubernetes/system/external-dns/helm/values.yaml diff --git a/kubernetes/system/external-dns/argo-app.yaml b/kubernetes/system/external-dns/argo-app.yaml index 2cadb17..fb1bdbb 100644 --- a/kubernetes/system/external-dns/argo-app.yaml +++ b/kubernetes/system/external-dns/argo-app.yaml @@ -3,19 +3,26 @@ kind: Application metadata: name: external-dns namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" finalizers: - - resources-finalizer.argocd.argoproj.io + - resources-finalizer.argocd.argoproj.io spec: project: default destination: - server: https://kubernetes.default.svc namespace: external-dns - source: - repoURL: https://github.com/ThomasCardin/homelab.git - path: kubernetes/system/external-dns/base - targetRevision: HEAD + server: https://kubernetes.default.svc + sources: + - chart: external-dns + helm: + releaseName: external-dns + valueFiles: + - $values/kubernetes/system/external-dns/helm/values.yaml + repoURL: https://kubernetes-sigs.github.io/external-dns/ + targetRevision: 1.14.5 + - repoURL: https://github.com/ThomasCardin/homelab.git + targetRevision: HEAD + ref: values syncPolicy: automated: selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/kubernetes/system/external-dns/base/external-dns.yaml b/kubernetes/system/external-dns/base/external-dns.yaml deleted file mode 100644 index 60dbd2d..0000000 --- a/kubernetes/system/external-dns/base/external-dns.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: external-dns -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: external-dns - template: - metadata: - labels: - app: external-dns - spec: - containers: - - name: external-dns - image: registry.k8s.io/external-dns/external-dns:v0.14.2 - args: - - --source=ingress # ingress is also possible - - --domain-filter=ninebasetwo.net # (optional) limit to only example.com domains; change to match the zone created above. - - --provider=cloudflare - - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...) - env: - - name: CF_API_KEY - value: "ce2277909a5917bc9655fbe1b84180efedceb" # this is supposed to be a secret - - name: CF_API_EMAIL - value: "tomcardin@outlook.com" \ No newline at end of file diff --git a/kubernetes/system/external-dns/helm/values.yaml b/kubernetes/system/external-dns/helm/values.yaml new file mode 100644 index 0000000..de43571 --- /dev/null +++ b/kubernetes/system/external-dns/helm/values.yaml @@ -0,0 +1,301 @@ +# Default values for external-dns. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + # -- Image repository for the `external-dns` container. + repository: registry.k8s.io/external-dns/external-dns + # -- (string) Image tag for the `external-dns` container, this will default to `.Chart.AppVersion` if not set. + tag: + # -- Image pull policy for the `external-dns` container. + pullPolicy: IfNotPresent + +# -- Image pull secrets. +imagePullSecrets: [] + +# -- (string) Override the name of the chart. +nameOverride: + +# -- (string) Override the full name of the chart. +fullnameOverride: + +# -- Labels to add to all chart resources. +commonLabels: {} + +serviceAccount: + # -- If `true`, create a new `ServiceAccount`. + create: true + # -- Labels to add to the service account. + labels: {} + # -- Annotations to add to the service account. + annotations: {} + # -- (string) If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. + name: + # -- Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`. + automountServiceAccountToken: + +service: + # -- Service annotations. + annotations: {} + # -- Service HTTP port. + port: 7979 + # -- Service IP families. + ipFamilies: [] + # -- (string) Service IP family policy. + ipFamilyPolicy: + +rbac: + # -- If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API. + create: true + # -- Additional rules to add to the `ClusterRole`. + additionalPermissions: [] + +# -- Annotations to add to the `Deployment`. +deploymentAnnotations: {} + +# -- Extra containers to add to the `Deployment`. +extraContainers: {} + +# -- [Deployment Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). +deploymentStrategy: + type: Recreate + +# -- (int) Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. +revisionHistoryLimit: + +# -- Labels to add to the `Pod`. +podLabels: {} + +# -- Annotations to add to the `Pod`. +podAnnotations: {} + +# -- (bool) Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `Pod`. +automountServiceAccountToken: + +# -- If `true`, the `Pod` will have [process namespace sharing](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) enabled. +shareProcessNamespace: false + +# -- [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. +# @default -- See _values.yaml_ +podSecurityContext: + runAsNonRoot: true + fsGroup: 65534 + seccompProfile: + type: RuntimeDefault + +# -- (string) Priority class name for the `Pod`. +priorityClassName: + +# -- (int) Termination grace period for the `Pod` in seconds. +terminationGracePeriodSeconds: + +# -- (string) [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for the pod, if not set the default will be used. +dnsPolicy: + +# -- (object) [DNS config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config) for the pod, if not set the default will be used. +dnsConfig: + +# -- [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) to add to the `Pod` definition. +initContainers: [] + +# -- [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `external-dns` container. +# @default -- See _values.yaml_ +securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + capabilities: + drop: ["ALL"] + +# -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `external-dns` container. +env: [] + +# -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. +# @default -- See _values.yaml_ +livenessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + +# -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. +# @default -- See _values.yaml_ +readinessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +# -- Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. +extraVolumes: [] + +# -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `external-dns` container. +extraVolumeMounts: [] + +# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. +resources: {} + +# -- Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +nodeSelector: {} + +# -- Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. +affinity: {} + +# -- Topology spread constraints for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided one will be created from the pod selector labels. +topologySpreadConstraints: [] + +# -- Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +tolerations: [] + +serviceMonitor: + # -- If `true`, create a `ServiceMonitor` resource to support the _Prometheus Operator_. + enabled: true + # -- Additional labels for the `ServiceMonitor`. + additionalLabels: + release: kube-prometheus-stack + # -- Annotations to add to the `ServiceMonitor`. + annotations: {} + # -- (string) If set create the `ServiceMonitor` in an alternate namespace. + namespace: monitoring + # -- (string) If set override the _Prometheus_ default interval. + interval: 30s + # -- (string) If set override the _Prometheus_ default scrape timeout. + scrapeTimeout: 10s + # -- (string) If set overrides the _Prometheus_ default scheme. + scheme: + # -- Configure the `ServiceMonitor` [TLS config](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig). + tlsConfig: {} + # -- (string) Provide a bearer token file for the `ServiceMonitor`. + bearerTokenFile: + # -- [Relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before ingestion. + relabelings: [] + # -- [Metric relabel configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion. + metricRelabelings: [] + # -- Provide target labels for the `ServiceMonitor`. + targetLabels: [] + +# -- Log level. +logLevel: info + +# -- Log format. +logFormat: text + +# -- Interval for DNS updates. +interval: 1m + +# -- If `true`, triggers run loop on create/update/delete events in addition of regular interval. +triggerLoopOnEvent: false + +# -- if `true`, _ExternalDNS_ will run in a namespaced scope (`Role`` and `Rolebinding`` will be namespaced too). +namespaced: false + +# -- _Kubernetes_ resources to monitor for DNS entries. +sources: + - service + - ingress + +# -- How DNS records are synchronized between sources and providers; available values are `sync` & `upsert-only`. +policy: upsert-only + +# -- Specify the registry for storing ownership and labels. +# Valid values are `txt`, `aws-sd`, `dynamodb` & `noop`. +registry: txt +# -- (string) Specify an identifier for this instance of _ExternalDNS_ wWhen using a registry other than `noop`. +txtOwnerId: +# -- (string) Specify a prefix for the domain names of TXT records created for the `txt` registry. +# Mutually exclusive with `txtSuffix`. +txtPrefix: +# -- (string) Specify a suffix for the domain names of TXT records created for the `txt` registry. +# Mutually exclusive with `txtPrefix`. +txtSuffix: + +## - Limit possible target zones by domain suffixes. +domainFilters: [] + +## -- Intentionally exclude domains from being managed. +excludeDomains: [] + +provider: + # -- _ExternalDNS_ provider name; for the available providers and how to configure them see [README](https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/README.md#providers). + name: cloudflare + webhook: + image: + # -- (string) Image repository for the `webhook` container. + repository: + # -- (string) Image tag for the `webhook` container. + tag: + # -- Image pull policy for the `webhook` container. + pullPolicy: IfNotPresent + # -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `webhook` container. + env: + - name: CF_API_KEY + value: "ce2277909a5917bc9655fbe1b84180efedceb" + - name: CF_API_EMAIL + value: "tomcardin@outlook.com" + # -- Extra arguments to provide for the `webhook` container. + args: + - --cloudflare-proxied + - --domain-filter=ninebasetwo.net + # -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `webhook` container. + extraVolumeMounts: [] + # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `webhook` container. + resources: {} + # -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `webhook` container. + # @default -- See _values.yaml_ + securityContext: {} + # -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `external-dns` container. + # @default -- See _values.yaml_ + livenessProbe: + httpGet: + path: /healthz + port: http-webhook + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + # -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `webhook` container. + # @default -- See _values.yaml_ + readinessProbe: + httpGet: + path: /healthz + port: http-webhook + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + # -- Optional [Service Monitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) configuration for the `webhook` container. + # @default -- See _values.yaml_ + serviceMonitor: + interval: + scheme: + tlsConfig: {} + bearerTokenFile: + scrapeTimeout: + metricRelabelings: [] + relabelings: [] + +# -- Extra arguments to provide to _ExternalDNS_. +extraArgs: [] + +secretConfiguration: + # -- If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**). + enabled: false + # -- Mount path for the `Secret`, this can be templated. + mountPath: + # -- Sub-path for mounting the `Secret`, this can be templated. + subPath: + # -- `Secret` data. + data: {}