github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/external-dns/templates/_helpers.tpl (about)

     1  {{/* vim: set filetype=mustache: */}}
     2  {{/*
     3  Expand the name of the chart.
     4  */}}
     5  {{- define "external-dns.name" -}}
     6  {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
     7  {{- end -}}
     8  
     9  {{/*
    10  Create a default fully qualified app name.
    11  We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
    12  If release name contains chart name it will be used as a full name.
    13  */}}
    14  {{- define "external-dns.fullname" -}}
    15  {{- if .Values.fullnameOverride -}}
    16  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
    17  {{- else -}}
    18  {{- $name := default .Chart.Name .Values.nameOverride -}}
    19  {{- if contains $name .Release.Name -}}
    20  {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
    21  {{- else -}}
    22  {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
    23  {{- end -}}
    24  {{- end -}}
    25  {{- end -}}
    26  
    27  {{/*
    28  Create chart name and version as used by the chart label.
    29  */}}
    30  {{- define "external-dns.chart" -}}
    31  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
    32  {{- end -}}
    33  
    34  {{/* Helm required labels */}}
    35  {{- define "external-dns.labels" -}}
    36  app.kubernetes.io/name: {{ template "external-dns.name" . }}
    37  helm.sh/chart: {{ template "external-dns.chart" . }}
    38  app.kubernetes.io/instance: {{ .Release.Name }}
    39  app.kubernetes.io/managed-by: {{ .Release.Service }}
    40  {{- if .Values.podLabels }}
    41  {{ toYaml .Values.podLabels }}
    42  {{- end }}
    43  {{- end -}}
    44  
    45  {{/* matchLabels */}}
    46  {{- define "external-dns.matchLabels" -}}
    47  app.kubernetes.io/name: {{ template "external-dns.name" . }}
    48  app.kubernetes.io/instance: {{ .Release.Name }}
    49  {{- end -}}
    50  
    51  {{/* podAnnotations */}}
    52  {{- define "external-dns.podAnnotations" -}}
    53  {{- if .Values.podAnnotations }}
    54  {{- toYaml .Values.podAnnotations }}
    55  {{- end }}
    56  {{- if .Values.metrics.podAnnotations }}
    57  {{- toYaml .Values.metrics.podAnnotations }}
    58  {{- end }}
    59  {{- end -}}
    60  
    61  {{/*
    62  Return the proper External DNS image name
    63  */}}
    64  {{- define "external-dns.image" -}}
    65  {{- $registryName := .Values.image.registry -}}
    66  {{- $repositoryName := .Values.image.repository -}}
    67  {{- $tag := .Values.image.tag | toString -}}
    68  {{/*
    69  Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
    70  but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
    71  Also, we can't use a single if because lazy evaluation is not an option
    72  */}}
    73  {{- if .Values.global }}
    74      {{- if .Values.global.imageRegistry }}
    75          {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
    76      {{- else -}}
    77          {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
    78      {{- end -}}
    79  {{- else -}}
    80      {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
    81  {{- end -}}
    82  {{- end -}}
    83  
    84  {{/*
    85  Return the proper Docker Image Registry Secret Names
    86  */}}
    87  {{- define "external-dns.imagePullSecrets" -}}
    88  {{/*
    89  Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
    90  but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
    91  Also, we can not use a single if because lazy evaluation is not an option
    92  */}}
    93  {{- if .Values.global }}
    94  {{- if .Values.global.imagePullSecrets }}
    95  imagePullSecrets:
    96  {{- range .Values.global.imagePullSecrets }}
    97    - name: {{ . }}
    98  {{- end }}
    99  {{- else if .Values.image.pullSecrets }}
   100  imagePullSecrets:
   101  {{- range .Values.image.pullSecrets }}
   102    - name: {{ . }}
   103  {{- end }}
   104  {{- end -}}
   105  {{- else if .Values.image.pullSecrets }}
   106  imagePullSecrets:
   107  {{- range .Values.image.pullSecrets }}
   108    - name: {{ . }}
   109  {{- end }}
   110  {{- end -}}
   111  {{- end -}}
   112  
   113  {{/*
   114  Return true if a secret object should be created
   115  */}}
   116  {{- define "external-dns.createSecret" -}}
   117  {{- if and (eq .Values.provider "aws") .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey (not .Values.aws.credentials.secretName) }}
   118      {{- true -}}
   119  {{- else if and (eq .Values.provider "azure") (or (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.aadClientId .Values.azure.aadClientSecret (not .Values.azure.useManagedIdentityExtension)) (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.useManagedIdentityExtension)) (not .Values.azure.secretName) -}}
   120      {{- true -}}
   121  {{- else if and (eq .Values.provider "cloudflare") (or .Values.cloudflare.apiToken .Values.cloudflare.apiKey) (not .Values.cloudflare.secretName) -}}
   122      {{- true -}}
   123  {{- else if and (eq .Values.provider "designate") (or .Values.designate.username .Values.designate.password) -}}
   124      {{- true -}}
   125  {{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.apiToken (not .Values.digitalocean.secretName) -}}
   126      {{- true -}}
   127  {{- else if and (eq .Values.provider "google") .Values.google.serviceAccountKey (not .Values.google.serviceAccountSecret) -}}
   128      {{- true -}}
   129  {{- else if and (eq .Values.provider "infoblox") (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) -}}
   130      {{- true -}}
   131  {{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.tsigSecret -}}
   132      {{- true -}}
   133  {{- else if and (eq .Values.provider "pdns") .Values.pdns.apiKey -}}
   134      {{- true -}}
   135  {{- else if and (eq .Values.provider "transip") .Values.transip.apiKey -}}
   136      {{- true -}}
   137  {{- else -}}
   138  {{- end -}}
   139  {{- end -}}
   140  
   141  {{/*
   142  Return the name of the Secret used to store the passwords
   143  */}}
   144  {{- define "external-dns.secretName" -}}
   145  {{- if and (eq .Values.provider "aws") .Values.aws.credentials.secretName }}
   146  {{- .Values.aws.credentials.secretName }}
   147  {{- else if and (eq .Values.provider "azure") .Values.azure.secretName }}
   148  {{- .Values.azure.secretName }}
   149  {{- else if and (eq .Values.provider "cloudflare") .Values.cloudflare.secretName }}
   150  {{- .Values.cloudflare.secretName }}
   151  {{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.secretName }}
   152  {{- .Values.digitalocean.secretName }}
   153  {{- else if and (eq .Values.provider "google") .Values.google.serviceAccountSecret }}
   154  {{- .Values.google.serviceAccountSecret }}
   155  {{- else -}}
   156  {{- template "external-dns.fullname" . }}
   157  {{- end -}}
   158  {{- end -}}
   159  
   160  {{- define "external-dns.aws-credentials" }}
   161  [default]
   162  aws_access_key_id = {{ .Values.aws.credentials.accessKey }}
   163  aws_secret_access_key = {{ .Values.aws.credentials.secretKey }}
   164  {{ end }}
   165  
   166  {{- define "external-dns.aws-config" }}
   167  [profile default]
   168  region = {{ .Values.aws.region }}
   169  {{ end }}
   170  
   171  {{- define "external-dns.azure-credentials" -}}
   172  {
   173    {{- if .Values.azure.cloud }}
   174    "cloud": "{{ .Values.azure.cloud }}",
   175    {{- end}}
   176    "tenantId": "{{ .Values.azure.tenantId }}",
   177    "subscriptionId": "{{ .Values.azure.subscriptionId }}",
   178    "resourceGroup": "{{ .Values.azure.resourceGroup }}",
   179    {{- if not .Values.azure.useManagedIdentityExtension }}
   180    "aadClientId": "{{ .Values.azure.aadClientId }}",
   181    "aadClientSecret": "{{ .Values.azure.aadClientSecret }}"
   182    {{- end }}
   183    {{- if .Values.azure.useManagedIdentityExtension }}
   184    "useManagedIdentityExtension": true
   185    {{- end }}
   186  }
   187  {{ end }}
   188  
   189  {{/*
   190  Compile all warnings into a single message, and call fail.
   191  */}}
   192  {{- define "external-dns.validateValues" -}}
   193  {{- $messages := list -}}
   194  {{- $messages := append $messages (include "external-dns.validateValues.provider" .) -}}
   195  {{- $messages := append $messages (include "external-dns.validateValues.sources" .) -}}
   196  {{- $messages := append $messages (include "external-dns.validateValues.aws" .) -}}
   197  {{- $messages := append $messages (include "external-dns.validateValues.infoblox.gridHost" .) -}}
   198  {{- $messages := append $messages (include "external-dns.validateValues.infoblox.wapiPassword" .) -}}
   199  {{- $messages := append $messages (include "external-dns.validateValues.pdns.apiUrl" .) -}}
   200  {{- $messages := append $messages (include "external-dns.validateValues.pdns.apiKey" .) -}}
   201  {{- $messages := append $messages (include "external-dns.validateValues.azure.resourceGroup" .) -}}
   202  {{- $messages := append $messages (include "external-dns.validateValues.azure.tenantId" .) -}}
   203  {{- $messages := append $messages (include "external-dns.validateValues.azure.subscriptionId" .) -}}
   204  {{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" .) -}}
   205  {{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" .) -}}
   206  {{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientId" .) -}}
   207  {{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientSecret" .) -}}
   208  {{- $messages := append $messages (include "external-dns.validateValues.transip.account" .) -}}
   209  {{- $messages := append $messages (include "external-dns.validateValues.transip.apiKey" .) -}}
   210  {{- $messages := without $messages "" -}}
   211  {{- $message := join "\n" $messages -}}
   212  
   213  {{- if $message -}}
   214  {{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
   215  {{- end -}}
   216  {{- end -}}
   217  
   218  {{/*
   219  Validate values of External DNS:
   220  - must set a provider
   221  */}}
   222  {{- define "external-dns.validateValues.provider" -}}
   223  {{- if not .Values.provider -}}
   224  external-dns: provider
   225      You must set a provider (options: aws, google, azure, cloudflare, ...)
   226      Please set the provider parameter (--set provider="xxxx")
   227  {{- end -}}
   228  {{- end -}}
   229  
   230  {{/*
   231  Validate values of External DNS:
   232  - must provide sources to be observed for new DNS entries by ExternalDNS
   233  */}}
   234  {{- define "external-dns.validateValues.sources" -}}
   235  {{- if empty .Values.sources -}}
   236  external-dns: sources
   237      You must provide sources to be observed for new DNS entries by ExternalDNS
   238      Please set the sources parameter (--set sources="xxxx")
   239  {{- end -}}
   240  {{- end -}}
   241  
   242  {{/*
   243  Validate values of External DNS:
   244  - The AWS Role to assume must follow ARN format when provider is "aws"
   245  */}}
   246  {{- define "external-dns.validateValues.aws" -}}
   247  {{- if and (eq .Values.provider "aws") .Values.aws.assumeRoleArn -}}
   248  {{- if not (regexMatch "^arn:aws:iam::.*$" .Values.aws.assumeRoleArn) -}}
   249  external-dns: aws.assumeRoleArn
   250      The AWS Role to assume must follow ARN format: `arn:aws:iam::123455567:role/external-dns`
   251      Ref: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
   252      Please set a valid ARN (--set aws.assumeRoleARN="xxxx")
   253  {{- end -}}
   254  {{- end -}}
   255  {{- end -}}
   256  
   257  {{/*
   258  Validate values of External DNS:
   259  - must provide the Grid Manager host when provider is "infoblox"
   260  */}}
   261  {{- define "external-dns.validateValues.infoblox.gridHost" -}}
   262  {{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.gridHost) -}}
   263  external-dns: infoblox.gridHost
   264      You must provide the the Grid Manager host when provider="infoblox".
   265      Please set the gridHost parameter (--set infoblox.gridHost="xxxx")
   266  {{- end -}}
   267  {{- end -}}
   268  
   269  {{/*
   270  Validate values of External DNS:
   271  - must provide a WAPI password when provider is "infoblox"
   272  */}}
   273  {{- define "external-dns.validateValues.infoblox.wapiPassword" -}}
   274  {{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.wapiPassword) -}}
   275  external-dns: infoblox.wapiPassword
   276      You must provide a WAPI password when provider="infoblox".
   277      Please set the wapiPassword parameter (--set infoblox.wapiPassword="xxxx")
   278  {{- end -}}
   279  {{- end -}}
   280  
   281  {{/*
   282  Return the appropriate apiVersion for PodSecurityPolicy.
   283  */}}
   284  {{- define "podSecurityPolicy.apiVersion" -}}
   285  {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
   286  {{- print "policy/v1beta1" -}}
   287  {{- else -}}
   288  {{- print "extensions/v1beta1" -}}
   289  {{- end -}}
   290  {{- end -}}
   291  
   292  {{/*
   293  Validate values of External DNS:
   294  - must provide the PowerDNS API URL when provider is "pdns"
   295  */}}
   296  {{- define "external-dns.validateValues.pdns.apiUrl" -}}
   297  {{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiUrl) -}}
   298  external-dns: pdns.apiUrl
   299      You must provide the the PowerDNS API URL when provider="pdns".
   300      Please set the apiUrl parameter (--set pdns.apiUrl="xxxx")
   301  {{- end -}}
   302  {{- end -}}
   303  
   304  {{/*
   305  Validate values of External DNS:
   306  - must provide the PowerDNS API key when provider is "pdns"
   307  */}}
   308  {{- define "external-dns.validateValues.pdns.apiKey" -}}
   309  {{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiKey) -}}
   310  external-dns: pdns.apiKey
   311      You must provide the the PowerDNS API key when provider="pdns".
   312      Please set the apiKey parameter (--set pdns.apiKey="xxxx")
   313  {{- end -}}
   314  {{- end -}}
   315  
   316  {{/* Check if there are rolling tags in the images */}}
   317  {{- define "external-dns.checkRollingTags" -}}
   318  {{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
   319  WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
   320  +info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
   321  {{- end }}
   322  {{- end -}}
   323  
   324  {{/*
   325  Validate values of Azure DNS:
   326  - must provide the Azure Resource Group when provider is "azure"
   327  */}}
   328  {{- define "external-dns.validateValues.azure.resourceGroup" -}}
   329  {{- if and (eq .Values.provider "azure") (not .Values.azure.resourceGroup) -}}
   330  external-dns: azure.resourceGroup
   331      You must provide the Azure Resource Group when provider="azure".
   332      Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx")
   333  {{- end -}}
   334  {{- end -}}
   335  
   336  {{/*
   337  Validate values of Azure DNS:
   338  - must provide the Azure Tenant ID when provider is "azure" and secretName is not set
   339  */}}
   340  {{- define "external-dns.validateValues.azure.tenantId" -}}
   341  {{- if and (eq .Values.provider "azure") (not .Values.azure.tenantId) (not .Values.azure.secretName) -}}
   342  external-dns: azure.tenantId
   343      You must provide the Azure Tenant ID when provider="azure".
   344      Please set the tenantId parameter (--set azure.tenantId="xxxx")
   345  {{- end -}}
   346  {{- end -}}
   347  
   348  {{/*
   349  Validate values of Azure DNS:
   350  - must provide the Azure Subscription ID when provider is "azure" and secretName is not set
   351  */}}
   352  {{- define "external-dns.validateValues.azure.subscriptionId" -}}
   353  {{- if and (eq .Values.provider "azure") (not .Values.azure.subscriptionId) (not .Values.azure.secretName) -}}
   354  external-dns: azure.subscriptionId
   355      You must provide the Azure Subscription ID when provider="azure".
   356      Please set the subscriptionId parameter (--set azure.subscriptionId="xxxx")
   357  {{- end -}}
   358  {{- end -}}
   359  
   360  {{/*
   361  Validate values of Azure DNS:
   362  - must not provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is enabled
   363  */}}
   364  {{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" -}}
   365  {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientId .Values.azure.useManagedIdentityExtension -}}
   366  external-dns: azure.seManagedIdentityExtension
   367      You must not provide the Azure AAD Client ID when provider="azure" and useManagedIdentityExtension is "true".
   368      Please unset the aadClientId parameter (--set azure.aadClientId="xxxx")
   369  {{- end -}}
   370  {{- end -}}
   371  
   372  {{/*
   373  Validate values of Azure DNS:
   374  - must not provide the Azure AAD Client Secret when provider is "azure", secretName is not set and MSI is enabled
   375  */}}
   376  {{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" -}}
   377  {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientSecret .Values.azure.useManagedIdentityExtension -}}
   378  external-dns: azure.seManagedIdentityExtension
   379      You must not provide the Azure AAD Client Secret when provider="azure" and useManagedIdentityExtension is "true".
   380      Please unset set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx")
   381  {{- end -}}
   382  {{- end -}}
   383  
   384  {{/*
   385  Validate values of Azure DNS:
   386  - must provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is disabled
   387  */}}
   388  {{- define "external-dns.validateValues.azure.aadClientId" -}}
   389  {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) -}}
   390  external-dns: azure.seManagedIdentityExtension
   391      You must provide the Azure AAD Client ID when provider="azure" and useManagedIdentityExtension is not set.
   392      Please set the aadClientId parameter (--set azure.aadClientId="xxxx").
   393  {{- end -}}
   394  {{- end -}}
   395  
   396  {{/*
   397  Validate values of Azure DNS:
   398  - must provide the Azure AAD Client Secret when provider is "azure", secretName is not set and MSI is disabled
   399  */}}
   400  {{- define "external-dns.validateValues.azure.aadClientSecret" -}}
   401  {{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) -}}
   402  external-dns: azure.seManagedIdentityExtension
   403      You must provide the Azure AAD Client Secret when provider="azure" and useManagedIdentityExtension is not set.
   404      Please set set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx")
   405  {{- end -}}
   406  {{- end -}}
   407  
   408  {{/*
   409  Validate values of TransIP DNS:
   410  - must provide the account name when provider is "transip"
   411  */}}
   412  {{- define "external-dns.validateValues.transip.account" -}}
   413  {{- if and (eq .Values.provider "transip") (not .Values.transip.account) -}}
   414  external-dns: transip.account
   415      You must provide the TransIP account name when provider="transip".
   416      Please set the account parameter (--set transip.account="xxxx")
   417  {{- end -}}
   418  {{- end -}}
   419  
   420  {{/*
   421  Validate values of TransIP DNS:
   422  - must provide the API key when provider is "transip"
   423  */}}
   424  {{- define "external-dns.validateValues.transip.apiKey" -}}
   425  {{- if and (eq .Values.provider "transip") (not .Values.transip.apiKey) -}}
   426  external-dns: transip.apiKey
   427      You must provide the TransIP API key when provider="transip".
   428      Please set the apiKey parameter (--set transip.apiKey="xxxx")
   429  {{- end -}}
   430  {{- end -}}