github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/external-dns/templates/_helpers.tpl (about) 1 {{/* vim: set filetype=mustache: */}} 2 {{/* 3 Expand the name of the chart. 4 */}} 5 {{- define "external-dns.name" -}} 6 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 {{- end -}} 8 9 {{/* 10 Create a default fully qualified app name. 11 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 If release name contains chart name it will be used as a full name. 13 */}} 14 {{- define "external-dns.fullname" -}} 15 {{- if .Values.fullnameOverride -}} 16 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 {{- else -}} 18 {{- $name := default .Chart.Name .Values.nameOverride -}} 19 {{- if contains $name .Release.Name -}} 20 {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 {{- else -}} 22 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 {{- end -}} 24 {{- end -}} 25 {{- end -}} 26 27 {{/* 28 Create chart name and version as used by the chart label. 29 */}} 30 {{- define "external-dns.chart" -}} 31 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 {{- end -}} 33 34 {{/* Helm required labels */}} 35 {{- define "external-dns.labels" -}} 36 app.kubernetes.io/name: {{ template "external-dns.name" . }} 37 helm.sh/chart: {{ template "external-dns.chart" . }} 38 app.kubernetes.io/instance: {{ .Release.Name }} 39 app.kubernetes.io/managed-by: {{ .Release.Service }} 40 {{- if .Values.podLabels }} 41 {{ toYaml .Values.podLabels }} 42 {{- end }} 43 {{- end -}} 44 45 {{/* matchLabels */}} 46 {{- define "external-dns.matchLabels" -}} 47 app.kubernetes.io/name: {{ template "external-dns.name" . }} 48 app.kubernetes.io/instance: {{ .Release.Name }} 49 {{- end -}} 50 51 {{/* podAnnotations */}} 52 {{- define "external-dns.podAnnotations" -}} 53 {{- if .Values.podAnnotations }} 54 {{- toYaml .Values.podAnnotations }} 55 {{- end }} 56 {{- if .Values.metrics.podAnnotations }} 57 {{- toYaml .Values.metrics.podAnnotations }} 58 {{- end }} 59 {{- end -}} 60 61 {{/* 62 Return the proper External DNS image name 63 */}} 64 {{- define "external-dns.image" -}} 65 {{- $registryName := .Values.image.registry -}} 66 {{- $repositoryName := .Values.image.repository -}} 67 {{- $tag := .Values.image.tag | toString -}} 68 {{/* 69 Helm 2.11 supports the assignment of a value to a variable defined in a different scope, 70 but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. 71 Also, we can't use a single if because lazy evaluation is not an option 72 */}} 73 {{- if .Values.global }} 74 {{- if .Values.global.imageRegistry }} 75 {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} 76 {{- else -}} 77 {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 78 {{- end -}} 79 {{- else -}} 80 {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 81 {{- end -}} 82 {{- end -}} 83 84 {{/* 85 Return the proper Docker Image Registry Secret Names 86 */}} 87 {{- define "external-dns.imagePullSecrets" -}} 88 {{/* 89 Helm 2.11 supports the assignment of a value to a variable defined in a different scope, 90 but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. 91 Also, we can not use a single if because lazy evaluation is not an option 92 */}} 93 {{- if .Values.global }} 94 {{- if .Values.global.imagePullSecrets }} 95 imagePullSecrets: 96 {{- range .Values.global.imagePullSecrets }} 97 - name: {{ . }} 98 {{- end }} 99 {{- else if .Values.image.pullSecrets }} 100 imagePullSecrets: 101 {{- range .Values.image.pullSecrets }} 102 - name: {{ . }} 103 {{- end }} 104 {{- end -}} 105 {{- else if .Values.image.pullSecrets }} 106 imagePullSecrets: 107 {{- range .Values.image.pullSecrets }} 108 - name: {{ . }} 109 {{- end }} 110 {{- end -}} 111 {{- end -}} 112 113 {{/* 114 Return true if a secret object should be created 115 */}} 116 {{- define "external-dns.createSecret" -}} 117 {{- if and (eq .Values.provider "aws") .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey (not .Values.aws.credentials.secretName) }} 118 {{- true -}} 119 {{- else if and (eq .Values.provider "azure") (or (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.aadClientId .Values.azure.aadClientSecret (not .Values.azure.useManagedIdentityExtension)) (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.useManagedIdentityExtension)) (not .Values.azure.secretName) -}} 120 {{- true -}} 121 {{- else if and (eq .Values.provider "cloudflare") (or .Values.cloudflare.apiToken .Values.cloudflare.apiKey) (not .Values.cloudflare.secretName) -}} 122 {{- true -}} 123 {{- else if and (eq .Values.provider "designate") (or .Values.designate.username .Values.designate.password) -}} 124 {{- true -}} 125 {{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.apiToken (not .Values.digitalocean.secretName) -}} 126 {{- true -}} 127 {{- else if and (eq .Values.provider "google") .Values.google.serviceAccountKey (not .Values.google.serviceAccountSecret) -}} 128 {{- true -}} 129 {{- else if and (eq .Values.provider "infoblox") (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) -}} 130 {{- true -}} 131 {{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.tsigSecret -}} 132 {{- true -}} 133 {{- else if and (eq .Values.provider "pdns") .Values.pdns.apiKey -}} 134 {{- true -}} 135 {{- else if and (eq .Values.provider "transip") .Values.transip.apiKey -}} 136 {{- true -}} 137 {{- else -}} 138 {{- end -}} 139 {{- end -}} 140 141 {{/* 142 Return the name of the Secret used to store the passwords 143 */}} 144 {{- define "external-dns.secretName" -}} 145 {{- if and (eq .Values.provider "aws") .Values.aws.credentials.secretName }} 146 {{- .Values.aws.credentials.secretName }} 147 {{- else if and (eq .Values.provider "azure") .Values.azure.secretName }} 148 {{- .Values.azure.secretName }} 149 {{- else if and (eq .Values.provider "cloudflare") .Values.cloudflare.secretName }} 150 {{- .Values.cloudflare.secretName }} 151 {{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.secretName }} 152 {{- .Values.digitalocean.secretName }} 153 {{- else if and (eq .Values.provider "google") .Values.google.serviceAccountSecret }} 154 {{- .Values.google.serviceAccountSecret }} 155 {{- else -}} 156 {{- template "external-dns.fullname" . }} 157 {{- end -}} 158 {{- end -}} 159 160 {{- define "external-dns.aws-credentials" }} 161 [default] 162 aws_access_key_id = {{ .Values.aws.credentials.accessKey }} 163 aws_secret_access_key = {{ .Values.aws.credentials.secretKey }} 164 {{ end }} 165 166 {{- define "external-dns.aws-config" }} 167 [profile default] 168 region = {{ .Values.aws.region }} 169 {{ end }} 170 171 {{- define "external-dns.azure-credentials" -}} 172 { 173 {{- if .Values.azure.cloud }} 174 "cloud": "{{ .Values.azure.cloud }}", 175 {{- end}} 176 "tenantId": "{{ .Values.azure.tenantId }}", 177 "subscriptionId": "{{ .Values.azure.subscriptionId }}", 178 "resourceGroup": "{{ .Values.azure.resourceGroup }}", 179 {{- if not .Values.azure.useManagedIdentityExtension }} 180 "aadClientId": "{{ .Values.azure.aadClientId }}", 181 "aadClientSecret": "{{ .Values.azure.aadClientSecret }}" 182 {{- end }} 183 {{- if .Values.azure.useManagedIdentityExtension }} 184 "useManagedIdentityExtension": true 185 {{- end }} 186 } 187 {{ end }} 188 189 {{/* 190 Compile all warnings into a single message, and call fail. 191 */}} 192 {{- define "external-dns.validateValues" -}} 193 {{- $messages := list -}} 194 {{- $messages := append $messages (include "external-dns.validateValues.provider" .) -}} 195 {{- $messages := append $messages (include "external-dns.validateValues.sources" .) -}} 196 {{- $messages := append $messages (include "external-dns.validateValues.aws" .) -}} 197 {{- $messages := append $messages (include "external-dns.validateValues.infoblox.gridHost" .) -}} 198 {{- $messages := append $messages (include "external-dns.validateValues.infoblox.wapiPassword" .) -}} 199 {{- $messages := append $messages (include "external-dns.validateValues.pdns.apiUrl" .) -}} 200 {{- $messages := append $messages (include "external-dns.validateValues.pdns.apiKey" .) -}} 201 {{- $messages := append $messages (include "external-dns.validateValues.azure.resourceGroup" .) -}} 202 {{- $messages := append $messages (include "external-dns.validateValues.azure.tenantId" .) -}} 203 {{- $messages := append $messages (include "external-dns.validateValues.azure.subscriptionId" .) -}} 204 {{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" .) -}} 205 {{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" .) -}} 206 {{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientId" .) -}} 207 {{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientSecret" .) -}} 208 {{- $messages := append $messages (include "external-dns.validateValues.transip.account" .) -}} 209 {{- $messages := append $messages (include "external-dns.validateValues.transip.apiKey" .) -}} 210 {{- $messages := without $messages "" -}} 211 {{- $message := join "\n" $messages -}} 212 213 {{- if $message -}} 214 {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} 215 {{- end -}} 216 {{- end -}} 217 218 {{/* 219 Validate values of External DNS: 220 - must set a provider 221 */}} 222 {{- define "external-dns.validateValues.provider" -}} 223 {{- if not .Values.provider -}} 224 external-dns: provider 225 You must set a provider (options: aws, google, azure, cloudflare, ...) 226 Please set the provider parameter (--set provider="xxxx") 227 {{- end -}} 228 {{- end -}} 229 230 {{/* 231 Validate values of External DNS: 232 - must provide sources to be observed for new DNS entries by ExternalDNS 233 */}} 234 {{- define "external-dns.validateValues.sources" -}} 235 {{- if empty .Values.sources -}} 236 external-dns: sources 237 You must provide sources to be observed for new DNS entries by ExternalDNS 238 Please set the sources parameter (--set sources="xxxx") 239 {{- end -}} 240 {{- end -}} 241 242 {{/* 243 Validate values of External DNS: 244 - The AWS Role to assume must follow ARN format when provider is "aws" 245 */}} 246 {{- define "external-dns.validateValues.aws" -}} 247 {{- if and (eq .Values.provider "aws") .Values.aws.assumeRoleArn -}} 248 {{- if not (regexMatch "^arn:aws:iam::.*$" .Values.aws.assumeRoleArn) -}} 249 external-dns: aws.assumeRoleArn 250 The AWS Role to assume must follow ARN format: `arn:aws:iam::123455567:role/external-dns` 251 Ref: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html 252 Please set a valid ARN (--set aws.assumeRoleARN="xxxx") 253 {{- end -}} 254 {{- end -}} 255 {{- end -}} 256 257 {{/* 258 Validate values of External DNS: 259 - must provide the Grid Manager host when provider is "infoblox" 260 */}} 261 {{- define "external-dns.validateValues.infoblox.gridHost" -}} 262 {{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.gridHost) -}} 263 external-dns: infoblox.gridHost 264 You must provide the the Grid Manager host when provider="infoblox". 265 Please set the gridHost parameter (--set infoblox.gridHost="xxxx") 266 {{- end -}} 267 {{- end -}} 268 269 {{/* 270 Validate values of External DNS: 271 - must provide a WAPI password when provider is "infoblox" 272 */}} 273 {{- define "external-dns.validateValues.infoblox.wapiPassword" -}} 274 {{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.wapiPassword) -}} 275 external-dns: infoblox.wapiPassword 276 You must provide a WAPI password when provider="infoblox". 277 Please set the wapiPassword parameter (--set infoblox.wapiPassword="xxxx") 278 {{- end -}} 279 {{- end -}} 280 281 {{/* 282 Return the appropriate apiVersion for PodSecurityPolicy. 283 */}} 284 {{- define "podSecurityPolicy.apiVersion" -}} 285 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 286 {{- print "policy/v1beta1" -}} 287 {{- else -}} 288 {{- print "extensions/v1beta1" -}} 289 {{- end -}} 290 {{- end -}} 291 292 {{/* 293 Validate values of External DNS: 294 - must provide the PowerDNS API URL when provider is "pdns" 295 */}} 296 {{- define "external-dns.validateValues.pdns.apiUrl" -}} 297 {{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiUrl) -}} 298 external-dns: pdns.apiUrl 299 You must provide the the PowerDNS API URL when provider="pdns". 300 Please set the apiUrl parameter (--set pdns.apiUrl="xxxx") 301 {{- end -}} 302 {{- end -}} 303 304 {{/* 305 Validate values of External DNS: 306 - must provide the PowerDNS API key when provider is "pdns" 307 */}} 308 {{- define "external-dns.validateValues.pdns.apiKey" -}} 309 {{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiKey) -}} 310 external-dns: pdns.apiKey 311 You must provide the the PowerDNS API key when provider="pdns". 312 Please set the apiKey parameter (--set pdns.apiKey="xxxx") 313 {{- end -}} 314 {{- end -}} 315 316 {{/* Check if there are rolling tags in the images */}} 317 {{- define "external-dns.checkRollingTags" -}} 318 {{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} 319 WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. 320 +info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ 321 {{- end }} 322 {{- end -}} 323 324 {{/* 325 Validate values of Azure DNS: 326 - must provide the Azure Resource Group when provider is "azure" 327 */}} 328 {{- define "external-dns.validateValues.azure.resourceGroup" -}} 329 {{- if and (eq .Values.provider "azure") (not .Values.azure.resourceGroup) -}} 330 external-dns: azure.resourceGroup 331 You must provide the Azure Resource Group when provider="azure". 332 Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx") 333 {{- end -}} 334 {{- end -}} 335 336 {{/* 337 Validate values of Azure DNS: 338 - must provide the Azure Tenant ID when provider is "azure" and secretName is not set 339 */}} 340 {{- define "external-dns.validateValues.azure.tenantId" -}} 341 {{- if and (eq .Values.provider "azure") (not .Values.azure.tenantId) (not .Values.azure.secretName) -}} 342 external-dns: azure.tenantId 343 You must provide the Azure Tenant ID when provider="azure". 344 Please set the tenantId parameter (--set azure.tenantId="xxxx") 345 {{- end -}} 346 {{- end -}} 347 348 {{/* 349 Validate values of Azure DNS: 350 - must provide the Azure Subscription ID when provider is "azure" and secretName is not set 351 */}} 352 {{- define "external-dns.validateValues.azure.subscriptionId" -}} 353 {{- if and (eq .Values.provider "azure") (not .Values.azure.subscriptionId) (not .Values.azure.secretName) -}} 354 external-dns: azure.subscriptionId 355 You must provide the Azure Subscription ID when provider="azure". 356 Please set the subscriptionId parameter (--set azure.subscriptionId="xxxx") 357 {{- end -}} 358 {{- end -}} 359 360 {{/* 361 Validate values of Azure DNS: 362 - must not provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is enabled 363 */}} 364 {{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" -}} 365 {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientId .Values.azure.useManagedIdentityExtension -}} 366 external-dns: azure.seManagedIdentityExtension 367 You must not provide the Azure AAD Client ID when provider="azure" and useManagedIdentityExtension is "true". 368 Please unset the aadClientId parameter (--set azure.aadClientId="xxxx") 369 {{- end -}} 370 {{- end -}} 371 372 {{/* 373 Validate values of Azure DNS: 374 - must not provide the Azure AAD Client Secret when provider is "azure", secretName is not set and MSI is enabled 375 */}} 376 {{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" -}} 377 {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientSecret .Values.azure.useManagedIdentityExtension -}} 378 external-dns: azure.seManagedIdentityExtension 379 You must not provide the Azure AAD Client Secret when provider="azure" and useManagedIdentityExtension is "true". 380 Please unset set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx") 381 {{- end -}} 382 {{- end -}} 383 384 {{/* 385 Validate values of Azure DNS: 386 - must provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is disabled 387 */}} 388 {{- define "external-dns.validateValues.azure.aadClientId" -}} 389 {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) -}} 390 external-dns: azure.seManagedIdentityExtension 391 You must provide the Azure AAD Client ID when provider="azure" and useManagedIdentityExtension is not set. 392 Please set the aadClientId parameter (--set azure.aadClientId="xxxx"). 393 {{- end -}} 394 {{- end -}} 395 396 {{/* 397 Validate values of Azure DNS: 398 - must provide the Azure AAD Client Secret when provider is "azure", secretName is not set and MSI is disabled 399 */}} 400 {{- define "external-dns.validateValues.azure.aadClientSecret" -}} 401 {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) -}} 402 external-dns: azure.seManagedIdentityExtension 403 You must provide the Azure AAD Client Secret when provider="azure" and useManagedIdentityExtension is not set. 404 Please set set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx") 405 {{- end -}} 406 {{- end -}} 407 408 {{/* 409 Validate values of TransIP DNS: 410 - must provide the account name when provider is "transip" 411 */}} 412 {{- define "external-dns.validateValues.transip.account" -}} 413 {{- if and (eq .Values.provider "transip") (not .Values.transip.account) -}} 414 external-dns: transip.account 415 You must provide the TransIP account name when provider="transip". 416 Please set the account parameter (--set transip.account="xxxx") 417 {{- end -}} 418 {{- end -}} 419 420 {{/* 421 Validate values of TransIP DNS: 422 - must provide the API key when provider is "transip" 423 */}} 424 {{- define "external-dns.validateValues.transip.apiKey" -}} 425 {{- if and (eq .Values.provider "transip") (not .Values.transip.apiKey) -}} 426 external-dns: transip.apiKey 427 You must provide the TransIP API key when provider="transip". 428 Please set the apiKey parameter (--set transip.apiKey="xxxx") 429 {{- end -}} 430 {{- end -}}