github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/external-dns/templates/deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: {{ template "external-dns.fullname" . }} 5 labels: {{ include "external-dns.labels" . | nindent 4 }} 6 spec: 7 replicas: {{ .Values.replicas }} 8 selector: 9 matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }} 10 template: 11 metadata: 12 labels: {{ include "external-dns.labels" . | nindent 8 }} 13 annotations: 14 {{- if or .Values.podAnnotations .Values.metrics.enabled }} 15 {{ include "external-dns.podAnnotations" . | nindent 8 }} 16 {{- end }} 17 {{- if (include "external-dns.createSecret" .) }} 18 checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} 19 {{- end }} 20 {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} 21 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 22 {{- end }} 23 spec: 24 {{- include "external-dns.imagePullSecrets" . | indent 6 }} 25 {{- if .Values.podSecurityContext }} 26 securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} 27 {{- end }} 28 {{- with .Values.affinity }} 29 affinity: {{ tpl (toYaml .) $ | nindent 8 }} 30 {{- end }} 31 {{- with .Values.nodeSelector }} 32 nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} 33 {{- end }} 34 {{- with .Values.tolerations }} 35 tolerations: {{ tpl (toYaml .) $ | nindent 8 }} 36 {{- end }} 37 {{- if .Values.rbac.create }} 38 serviceAccountName: {{ template "external-dns.fullname" . }} 39 {{- else }} 40 serviceAccountName: {{ .Values.rbac.serviceAccountName | quote }} 41 {{- end }} 42 {{- if .Values.priorityClassName }} 43 priorityClassName: {{ .Values.priorityClassName | quote }} 44 {{- end }} 45 containers: 46 - name: external-dns 47 image: "{{ template "external-dns.image" . }}" 48 imagePullPolicy: {{ .Values.image.pullPolicy | quote }} 49 args: 50 # Generic arguments 51 {{- if .Values.logLevel }} 52 - --log-level={{ .Values.logLevel }} 53 {{- end }} 54 {{- if .Values.logFormat }} 55 - --log-format={{ .Values.logFormat }} 56 {{- end }} 57 {{- if .Values.dryRun }} 58 - --dry-run 59 {{- end }} 60 {{- if .Values.triggerLoopOnEvent }} 61 - --events 62 {{- end }} 63 {{- if .Values.namespace }} 64 - --namespace={{ .Values.namespace }} 65 {{- end }} 66 {{- if .Values.fqdnTemplates }} 67 - --fqdn-template={{ join "," .Values.fqdnTemplates }}{{/* Explicitly wants comma separated list */}} 68 {{- end }} 69 {{- if .Values.combineFQDNAnnotation }} 70 - --combine-fqdn-annotation 71 {{- end }} 72 {{- if and .Values.ignoreHostnameAnnotation .Values.fqdnTemplates }} 73 - --ignore-hostname-annotation 74 {{- end }} 75 {{- if .Values.publishInternalServices }} 76 - --publish-internal-services 77 {{- end }} 78 {{- if .Values.publishHostIP }} 79 - --publish-host-ip 80 {{- end }} 81 {{- range .Values.serviceTypeFilter }} 82 - --service-type-filter={{ . }} 83 {{- end }} 84 {{- range .Values.domainFilters }} 85 - --domain-filter={{ . }} 86 {{- end }} 87 {{- range .Values.zoneIdFilters }} 88 - --zone-id-filter={{ . }} 89 {{- end }} 90 - --policy={{ .Values.policy }} 91 - --provider={{ .Values.provider }} 92 - --registry={{ .Values.registry }} 93 - --interval={{ .Values.interval }} 94 {{- if eq .Values.registry "txt" }} 95 {{- if .Values.txtOwnerId }} 96 - --txt-owner-id={{ .Values.txtOwnerId }} 97 {{- end }} 98 {{- if .Values.txtPrefix }} 99 - --txt-prefix={{ .Values.txtPrefix }} 100 {{- end }} 101 - --oci-zone-scope={{ .Values.ociDnsScope }} 102 {{- end }} 103 {{- if .Values.annotationFilter }} 104 - --annotation-filter={{ .Values.annotationFilter }} 105 {{- end }} 106 {{- if .Values.crd.apiversion }} 107 - --crd-source-apiversion={{ .Values.crd.apiversion }} 108 {{- end }} 109 {{- if .Values.crd.kind }} 110 - --crd-source-kind={{ .Values.crd.kind }} 111 {{- end }} 112 {{- range .Values.istioIngressGateways }} 113 - --istio-ingress-gateway={{ . }} 114 {{- end }} 115 {{- range .Values.sources }} 116 - --source={{ . }} 117 {{- end }} 118 # AWS arguments 119 {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} 120 {{- if .Values.aws.zoneType }} 121 - --aws-zone-type={{ .Values.aws.zoneType }} 122 {{- end }} 123 {{- if .Values.aws.assumeRoleArn }} 124 - --aws-assume-role={{ .Values.aws.assumeRoleArn }} 125 {{- end }} 126 {{- if .Values.aws.batchChangeSize }} 127 - --aws-batch-change-size={{ .Values.aws.batchChangeSize }} 128 {{- end }} 129 {{- end }} 130 {{- range .Values.aws.zoneTags }} 131 - --aws-zone-tags={{ . }} 132 {{- end }} 133 {{- if .Values.aws.preferCNAME }} 134 - --aws-prefer-cname 135 {{- end }} 136 {{- if and (kindIs "bool" .Values.aws.evaluateTargetHealth) (not .Values.aws.evaluateTargetHealth) }} 137 - --no-aws-evaluate-target-health 138 {{- end }} 139 # Azure Arguments 140 {{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }} 141 {{- if .Values.azure.resourceGroup }} 142 - --azure-resource-group={{ .Values.azure.resourceGroup }} 143 {{- end }} 144 {{- if .Values.azure.subscriptionId }} 145 - --azure-subscription-id={{ .Values.azure.subscriptionId }} 146 {{- end }} 147 {{- end }} 148 # Cloudflare arguments 149 {{- if eq .Values.provider "cloudflare" }} 150 {{- if .Values.cloudflare.proxied }} 151 - --cloudflare-proxied 152 {{- end }} 153 {{- end }} 154 # Google Arguments 155 {{- if eq .Values.provider "google" }} 156 - --google-project={{ .Values.google.project }} 157 {{- end }} 158 # Infloblox Arguments 159 {{- if eq .Values.provider "infoblox" }} 160 - --infoblox-grid-host={{ .Values.infoblox.gridHost }} 161 {{- if .Values.infoblox.domainFilter }} 162 - --domain-filter={{ .Values.infoblox.domainFilter }} 163 {{- end }} 164 {{- if .Values.infoblox.wapiPort }} 165 - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} 166 {{- end }} 167 {{- if .Values.infoblox.wapiVersion }} 168 - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} 169 {{- end }} 170 {{- if .Values.infoblox.noSslVerify }} 171 - --no-infoblox-ssl-verify 172 {{- else }} 173 - --infoblox-ssl-verify 174 {{- end }} 175 {{- end }} 176 # RFC 2136 arguments 177 {{- if eq .Values.provider "rfc2136" }} 178 - --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }} 179 - --rfc2136-port={{ .Values.rfc2136.port }} 180 - --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }} 181 {{- if .Values.rfc2136.tsigKeyname }} 182 - --rfc2136-tsig-secret-alg={{ .Values.rfc2136.tsigSecretAlg }} 183 - --rfc2136-tsig-keyname={{ .Values.rfc2136.tsigKeyname }} 184 {{- if .Values.rfc2136.tsigAxfr }} 185 - --rfc2136-tsig-axfr 186 {{- end }} 187 {{- else }} 188 - --rfc2136-insecure 189 {{- end }} 190 {{- end }} 191 # PowerDNS arguments 192 {{- if eq .Values.provider "pdns" }} 193 - --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }} 194 - --pdns-api-key=$(PDNS_API_KEY) 195 {{- end }} 196 # TransIP arguments 197 {{- if eq .Values.provider "transip" }} 198 - --transip-account={{ .Values.transip.account }} 199 - --transip-keyfile=/transip/transip-api-key 200 {{- end }} 201 # Extra arguments 202 {{- range $key, $value := .Values.extraArgs }} 203 {{- if $value }} 204 - --{{ $key }}={{ $value }} 205 {{- else }} 206 - --{{ $key }} 207 {{- end }} 208 {{- end }} 209 env: 210 # AWS environment variables 211 {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} 212 {{- if .Values.aws.region }} 213 - name: AWS_DEFAULT_REGION 214 value: {{ .Values.aws.region }} 215 {{- end }} 216 {{- if .Values.aws.roleArn }} 217 - name: AWS_CONFIG_FILE 218 value: {{ .Values.aws.credentials.mountPath }}/config 219 {{- end }} 220 {{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }} 221 - name: AWS_SHARED_CREDENTIALS_FILE 222 value: {{ .Values.aws.credentials.mountPath }}/credentials 223 {{- end }} 224 {{- end }} 225 # Azure Private DNS variables 226 {{- if eq .Values.provider "azure-private-dns" }} 227 {{- if .Values.azure.tenantId }} 228 - name: AZURE_TENANT_ID 229 value: {{ .Values.azure.tenantId }} 230 {{- end }} 231 {{- if .Values.azure.aadClientId }} 232 - name: AZURE_CLIENT_ID 233 value: {{ .Values.azure.aadClientId }} 234 {{- end }} 235 {{- if .Values.azure.aadClientSecret }} 236 - name: AZURE_CLIENT_SECRET 237 value: {{ .Values.azure.aadClientSecret }} 238 {{- end }} 239 {{- end }} 240 # Cloudflare environment variables 241 {{- if eq .Values.provider "cloudflare" }} 242 {{- if or .Values.cloudflare.apiToken .Values.cloudflare.secretName }} 243 - name: CF_API_TOKEN 244 valueFrom: 245 secretKeyRef: 246 name: {{ template "external-dns.secretName" . }} 247 key: cloudflare_api_token 248 {{- else if or .Values.cloudflare.apiKey .Values.cloudflare.secretName }} 249 - name: CF_API_KEY 250 valueFrom: 251 secretKeyRef: 252 name: {{ template "external-dns.secretName" . }} 253 key: cloudflare_api_key 254 - name: CF_API_EMAIL 255 value: {{ required "cloudflare.email is required if cloudflare.apiToken is not provided" .Values.cloudflare.email | quote }} 256 {{- end }} 257 {{- end }} 258 # CoreDNS environment variables 259 {{- if eq .Values.provider "coredns" }} 260 - name: ETCD_URLS 261 value: {{ .Values.coredns.etcdEndpoints | quote }} 262 {{- if .Values.coredns.etcdTLS.enabled }} 263 - name: ETCD_CERT_FILE 264 value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.certFilename }} 265 - name: ETCD_KEY_FILE 266 value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.keyFilename }} 267 - name: ETCD_CA_FILE 268 value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.caFilename }} 269 {{- end }} 270 {{- end }} 271 # Designate environment variables 272 {{- if eq .Values.provider "designate" }} 273 {{- if .Values.designate.customCA.enabled }} 274 - name: OPENSTACK_CA_FILE 275 value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }} 276 {{- else if .Values.designate.customCAHostPath }} 277 - name: OPENSTACK_CA_FILE 278 value: {{ .Values.designate.customCAHostPath }} 279 {{- end }} 280 {{- if .Values.designate.username}} 281 - name: OS_USERNAME 282 valueFrom: 283 secretKeyRef: 284 name: {{ template "external-dns.secretName" . }} 285 key: designate_username 286 {{- end }} 287 {{- if .Values.designate.password}} 288 - name: OS_PASSWORD 289 valueFrom: 290 secretKeyRef: 291 name: {{ template "external-dns.secretName" . }} 292 key: designate_password 293 {{- end }} 294 {{- if .Values.designate.authUrl }} 295 - name: OS_AUTH_URL 296 value: {{ .Values.designate.authUrl }} 297 {{- end }} 298 {{- if .Values.designate.regionName }} 299 - name: OS_REGION_NAME 300 value: {{ .Values.designate.regionName }} 301 {{- end }} 302 {{- if .Values.designate.userDomainName }} 303 - name: OS_USER_DOMAIN_NAME 304 value: {{ .Values.designate.userDomainName }} 305 {{- end }} 306 {{- if .Values.designate.projectName }} 307 - name: OS_PROJECT_NAME 308 value: {{ .Values.designate.projectName }} 309 {{- end }} 310 {{- end }} 311 # DigitalOcean environment variables 312 {{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }} 313 - name: DO_TOKEN 314 valueFrom: 315 secretKeyRef: 316 name: {{ template "external-dns.secretName" . }} 317 key: digitalocean_api_token 318 {{- end }} 319 # Google environment variables 320 {{- if eq .Values.provider "google" }} 321 {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} 322 - name: GOOGLE_APPLICATION_CREDENTIALS 323 value: /etc/secrets/service-account/credentials.json 324 {{- end }} 325 {{- end }} 326 # Infloblox environment variables 327 {{- if eq .Values.provider "infoblox" }} 328 {{- if .Values.infoblox.wapiConnectionPoolSize }} 329 - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS 330 value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" 331 {{- end }} 332 {{- if .Values.infoblox.wapiHttpTimeout }} 333 - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT 334 value: "{{ .Values.infoblox.wapiHttpTimeout }}" 335 {{- end }} 336 {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} 337 - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME 338 valueFrom: 339 secretKeyRef: 340 name: {{ template "external-dns.secretName" . }} 341 key: infoblox_wapi_username 342 - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD 343 valueFrom: 344 secretKeyRef: 345 name: {{ template "external-dns.secretName" . }} 346 key: infoblox_wapi_password 347 {{- end }} 348 {{- end }} 349 # RFC 2136 environment variables 350 {{- if and .Values.rfc2136.tsigSecret }} 351 - name: EXTERNAL_DNS_RFC2136_TSIG_SECRET 352 valueFrom: 353 secretKeyRef: 354 name: {{ template "external-dns.secretName" . }} 355 key: rfc2136_tsig_secret 356 {{- end }} 357 # PowerDNS environment variables 358 {{- if and (eq .Values.provider "pdns") .Values.pdns.apiKey }} 359 - name: PDNS_API_KEY 360 valueFrom: 361 secretKeyRef: 362 name: {{ template "external-dns.secretName" . }} 363 key: pdns_api_key 364 {{- end }} 365 # Extra environment variables 366 {{- if .Values.extraEnv }} 367 {{ toYaml .Values.extraEnv | nindent 8 }} 368 {{- end }} 369 ports: 370 - name: http 371 containerPort: {{ .Values.service.port }} 372 readinessProbe: {{ toYaml .Values.readinessProbe | nindent 10 }} 373 livenessProbe: {{ toYaml .Values.livenessProbe | nindent 10 }} 374 {{- if .Values.securityContext }} 375 securityContext: {{ toYaml .Values.securityContext | nindent 10 }} 376 {{- end }} 377 {{- if .Values.resources }} 378 resources: {{ toYaml .Values.resources | nindent 10 }} 379 {{- end }} 380 volumeMounts: 381 # AWS mountPath(s) 382 {{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }} 383 - name: aws-credentials 384 mountPath: {{ .Values.aws.credentials.mountPath }} 385 readOnly: true 386 {{- end }} 387 # Azure mountPath(s) 388 {{- if eq .Values.provider "azure" }} 389 - name: azure-config-file 390 {{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }} 391 mountPath: /etc/kubernetes/ 392 {{- else if not .Values.azure.useManagedIdentityExtension }} 393 mountPath: /etc/kubernetes/azure.json 394 {{- end }} 395 readOnly: true 396 {{- end }} 397 # CoreDNS mountPath(s) 398 {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} 399 - name: {{ .Values.coredns.etcdTLS.secretName }} 400 mountPath: {{ .Values.coredns.etcdTLS.mountPath }} 401 readOnly: true 402 {{- end }} 403 # Google mountPath(s) 404 {{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }} 405 - name: google-service-account 406 mountPath: /etc/secrets/service-account/ 407 {{- end }} 408 # Designate mountPath(s) 409 {{- if eq .Values.provider "designate" }} 410 {{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }} 411 {{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true"}} 412 {{- else if .Values.designate.customCA.enabled }} 413 - name: designate-custom-ca 414 mountPath: {{ .Values.designate.customCA.mountPath }} 415 readOnly: true 416 {{- else if .Values.designate.customCAHostPath }} 417 - name: designate-custom-ca-hostpath 418 mountPath: {{ .Values.designate.customCAHostPath }} 419 readOnly: true 420 {{- end }} 421 {{- end }} 422 # TransIP mountPath(s) 423 {{- if (eq .Values.provider "transip") }} 424 - name: transip-api-key 425 mountPath: /transip 426 readOnly: true 427 {{- end }} 428 # Extra volume mount(s) 429 {{- if .Values.extraVolumeMounts }} 430 {{ toYaml .Values.extraVolumeMounts | indent 8 }} 431 {{- end }} 432 volumes: 433 # AWS volume(s) 434 {{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }} 435 - name: aws-credentials 436 secret: 437 secretName: {{ template "external-dns.secretName" . }} 438 {{- end }} 439 # Azure volume(s) 440 {{- if eq .Values.provider "azure" }} 441 - name: azure-config-file 442 {{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }} 443 secret: 444 secretName: {{ template "external-dns.secretName" . }} 445 {{- else if not .Values.azure.useManagedIdentityExtension }} 446 hostPath: 447 path: /etc/kubernetes/azure.json 448 type: File 449 {{- end }} 450 {{- end }} 451 # CoreDNS volume(s) 452 {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} 453 - name: {{ .Values.coredns.etcdTLS.secretName }} 454 secret: 455 secretName: {{ .Values.coredns.etcdTLS.secretName }} 456 defaultMode: 400 457 {{- end }} 458 # Google volume(s) 459 {{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }} 460 - name: google-service-account 461 secret: 462 secretName: {{ template "external-dns.secretName" . }} 463 {{- if and .Values.google.serviceAccountSecret .Values.google.serviceAccountSecretKey }} 464 items: 465 - key: {{ .Values.google.serviceAccountSecretKey | quote }} 466 path: credentials.json 467 {{- end }} 468 {{- end }} 469 # Designate volume(s) 470 {{- if eq .Values.provider "designate" }} 471 {{- if .Values.designate.customCA.enabled }} 472 - name: designate-custom-ca 473 configMap: 474 name: {{ template "external-dns.fullname" . }} 475 items: 476 - key: {{ .Values.designate.customCA.filename }} 477 path: {{ .Values.designate.customCA.filename }} 478 {{- else if .Values.designate.customCAHostPath }} 479 - name: designate-custom-ca-hostpath 480 hostPath: 481 path: {{ .Values.designate.customCAHostPath }} 482 {{- end }} 483 {{- end }} 484 # TransIP volume(s) 485 {{- if (eq .Values.provider "transip") }} 486 - name: transip-api-key 487 secret: 488 name: {{ template "external-dns.fullname" . }} 489 {{- end }} 490 # Extra volume(s) 491 {{- if .Values.extraVolumes }} 492 {{ toYaml .Values.extraVolumes | indent 6 }} 493 {{- end }}