github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/external-dns/values-production.yaml (about) 1 ## Global Docker image parameters 2 ## Please, note that this will override the image parameters, including dependencies, configured to use the global value 3 ## Current available global Docker image parameters: imageRegistry and imagePullSecrets 4 ## 5 # global: 6 # imageRegistry: myRegistryName 7 # imagePullSecrets: 8 # - myRegistryKeySecretName 9 10 ## Bitnami external-dns image version 11 ## ref: https://hub.docker.com/r/bitnami/external-dns/tags/ 12 ## 13 image: 14 registry: docker.io 15 repository: bitnami/external-dns 16 tag: 0.6.0-debian-10-r13 17 ## Specify a imagePullPolicy 18 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' 19 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images 20 ## 21 pullPolicy: IfNotPresent 22 ## Optionally specify an array of imagePullSecrets. 23 ## Secrets must be manually created in the namespace. 24 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 25 ## 26 # pullSecrets: 27 # - myRegistryKeySecretName 28 29 ## String to partially override external-dns.fullname template (will maintain the release name) 30 # nameOverride: 31 32 ## String to fully override external-dns.fullname template 33 # fullnameOverride: 34 35 ## K8s resources type to be observed for new DNS entries by ExternalDNS 36 ## 37 sources: 38 - service 39 - ingress 40 # - crd 41 42 ## DNS provider where the DNS records will be created. Available providers are: 43 ## - aws, azure, cloudflare, coredns, designate, digitalocoean, google, infoblox, rfc2136, transip 44 ## 45 provider: aws 46 47 ## Flags related to processing sources 48 ## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272 49 ## 50 ## Limit sources of endpoints to a specific namespace (default: all namespaces) 51 ## 52 namespace: "" 53 ## Templated strings that are used to generate DNS names from sources that don't define a hostname themselves 54 ## 55 fqdnTemplates: [] 56 ## Combine FQDN template and annotations instead of overwriting 57 ## 58 combineFQDNAnnotation: false 59 ## Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set 60 ## 61 ignoreHostnameAnnotation: false 62 ## Allow external-dns to publish DNS records for ClusterIP services 63 ## 64 publishInternalServices: false 65 ## Allow external-dns to publish host-ip for headless services 66 ## 67 publishHostIP: false 68 ## The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName) 69 ## 70 serviceTypeFilter: [] 71 72 ## AWS configuration to be set via arguments/env. variables 73 ## 74 aws: 75 ## AWS credentials 76 ## 77 credentials: 78 secretKey: "" 79 accessKey: "" 80 ## pre external-dns 0.5.9 home dir should be `/root/.aws` 81 ## 82 mountPath: "/.aws" 83 ## Use an existing secret with key "credentials" defined. 84 ## This ignores aws.credentials.secretKey, and aws.credentials.accessKey 85 ## 86 # secretName: 87 88 ## AWS region 89 ## 90 region: "us-east-1" 91 ## Zone Filter. Available values are: public, private 92 ## 93 zoneType: "" 94 ## AWS Role to assume 95 ## 96 assumeRoleArn: "" 97 ## Maximum number of changes that will be applied in each batch 98 ## 99 batchChangeSize: 1000 100 ## Zone Tag Filter 101 ## 102 zoneTags: [] 103 ## Enable AWS Prefer CNAME. Available values are: true, false 104 ## 105 preferCNAME: "" 106 ## Enable AWS evaluation of target health. Available values are: true, false 107 ## 108 evaluateTargetHealth: "" 109 110 ## Azure configuration to be set via arguments/env. variables 111 ## 112 azure: 113 ## When a secret to load azure.json is not specified, 114 ## the host's /etc/kubernetes/azure.json will be used 115 ## 116 ## Deprecated: please use tenantId, subscriptionId, aadClientId and aadClientSecret values instead. 117 ## 118 secretName: "" 119 ## Azure resource group to use 120 ## 121 cloud: "" 122 ## Azure Cloud to use 123 ## 124 resourceGroup: "" 125 ## Azure tenant ID to use 126 ## 127 tenantId: "" 128 ## Azure subscription ID to use 129 ## 130 subscriptionId: "" 131 ## Azure Application Client ID to use 132 ## 133 aadClientId: "" 134 ## Azure Application Client Secret to use 135 ## 136 aadClientSecret: "" 137 ## If you use Azure MSI, this should be set to true 138 ## 139 useManagedIdentityExtension: false 140 141 ## Cloudflare configuration to be set via arguments/env. variables 142 ## 143 cloudflare: 144 ## `CF_API_TOKEN` to set in the environment 145 ## 146 apiToken: "" 147 ## `CF_API_KEY` to set in the environment 148 ## 149 apiKey: "" 150 ## Use an existing secret with keys "cloudflare_api_token" or "cloudflare_api_key" defined. 151 ## This ignores cloudflare.apiToken, and cloudflare.apiKey 152 ## 153 # secretName: 154 ## `CF_API_EMAIL` to set in the environment 155 ## 156 email: "" 157 ## Enable the proxy feature of Cloudflare 158 ## 159 proxied: true 160 161 ## CoreDNS configuration to be set via arguments/env variables 162 ## 163 coredns: 164 ## Comma-separated list of the etcd endpoints 165 ## Secure (https) endpoints can be used as well, in that case `etcdTLS` section 166 ## should be filled in accordingly 167 ## 168 etcdEndpoints: "https://etcd-extdns:2379" 169 ## Configuration of the secure communication and client authentication to the etcd cluster 170 ## If enabled all the values under this key must hold a valid data 171 ## 172 etcdTLS: 173 ## Enable or disable secure communication and client authentication to the etcd cluster 174 ## 175 enabled: true 176 ## Name of the existing secret containing cert files for client communication 177 ## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md 178 ## ref (secret creation): 179 ## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication 180 ## 181 secretName: "etcd-client-certs" 182 ## Location of the mounted certificates inside external-dns pod 183 ## 184 mountPath: "/etc/coredns/tls/etcd" 185 ## CA PEM file used to sign etcd TLS cert, should exist in the secret provided above 186 ## 187 caFilename: "ca.crt" 188 ## Certificate PEM file, should exist in the secret provided above 189 ## Will be used by external-dns to authenticate against etcd 190 ## 191 certFilename: "cert.pem" 192 ## Private key PEM file, should exist in the secret provided above 193 ## Will be used by external-dns to authenticate against etcd 194 ## 195 keyFilename: "key.pem" 196 197 ## OpenStack Designate provider configuration to be set via arguments/env. variables 198 ## 199 designate: 200 ## Use a custom CA (optional) 201 ## 202 customCA: 203 enabled: false 204 ## The content of the custom CA file 205 ## 206 content: "" 207 ## Location to mount custom CA 208 ## 209 mountPath: "/config/designate" 210 ## Custom CA filename 211 ## 212 filename: "designate-ca.pem" 213 214 ## DigitalOcean configuration to be set via arguments/env. variables 215 ## 216 digitalocean: 217 ## `DO_TOKEN` to set in the environment 218 ## 219 apiToken: "" 220 ## Use an existing secret with key "digitalocean_api_token" defined. 221 ## This ignores digitalocean.apiToken 222 ## 223 # secretName: 224 225 ## Google configuration to be set via arguments/env. variables 226 ## 227 google: 228 ## Google Project to use 229 ## 230 project: "" 231 ## Google Application Credentials 232 ## 233 serviceAccountSecret: "" 234 serviceAccountSecretKey: "credentials.json" 235 serviceAccountKey: "" 236 237 ## Infoblox configuration to be set via arguments/env. variables 238 ## 239 infoblox: 240 ## Required keys 241 ## 242 wapiUsername: "admin" 243 wapiPassword: "" 244 gridHost: "" 245 ## Optional keys 246 ## 247 domainFilter: "" 248 noSslVerify: false 249 wapiPort: "" 250 wapiVersion: "" 251 wapiConnectionPoolSize: "" 252 wapiHttpTimeout: "" 253 254 ## RFC 2136 configuration to be set via arguments/env. variables 255 ## 256 rfc2136: 257 host: "" 258 port: 53 259 zone: "" 260 tsigSecret: "" 261 tsigSecretAlg: hmac-sha256 262 tsigKeyname: externaldns-key 263 tsigAxfr: true 264 265 ## PowerDNS configuration to be set via arguments/env. variables 266 ## 267 pdns: 268 apiUrl: "" 269 apiPort: "8081" 270 apiKey: "" 271 272 ## TransIP configuration to be set via arguments/env. variables 273 ## 274 transip: 275 ## Account name to be used 276 ## 277 account: "" 278 ## 279 ## API key that is authorised for the account 280 apiKey: "" 281 282 ## Limit possible target zones by domain suffixes (optional) 283 ## 284 domainFilters: [] 285 ## Limit possible target zones by zone id (optional) 286 ## 287 zoneIdFilters: [] 288 ## Filter sources managed by external-dns via annotation using label selector semantics (optional) 289 ## 290 annotationFilter: "" 291 ## When enabled, prints DNS record changes rather than actually performing them 292 ## 293 dryRun: false 294 ## Adjust the interval for DNS updates 295 ## 296 interval: "1m" 297 ## When enabled, triggers run loop on create/update/delete events (optional, in addition of regular interval) 298 ## 299 triggerLoopOnEvent: false 300 ## Verbosity of the ExternalDNS logs. Available values are: 301 ## - panic, debug, info, warn, error, fatal 302 ## 303 logLevel: info 304 ## Formats of the ExternalDNS logs. Available values are: 305 ## - text, json 306 ## 307 logFormat: text 308 ## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only) 309 ## 310 policy: upsert-only 311 ## Registry Type. Available types are: txt, noop 312 ## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md 313 ## 314 registry: "txt" 315 ## TXT Registry Identifier 316 ## 317 txtOwnerId: "" 318 ## Prefix to create a TXT record with a name following the pattern prefix.<CNAME record> 319 ## 320 # txtPrefix: "" 321 ## Load balancer service to be used; ie: custom-istio-namespace/custom-istio-ingressgateway. 322 ## Omit to use the default (istio-system/istio-ingressgateway) 323 ## 324 istioIngressGateways: [] 325 326 ## Extra Arguments to passed to external-dns 327 ## 328 extraArgs: {} 329 ## Extra env. variable to set on external-dns container. 330 ## 331 ## extraEnv: 332 ## - name: VARNAME1 333 ## value: value1 334 ## - name: VARNAME2 335 ## valueFrom: 336 ## secretKeyRef: 337 ## name: existing-secret 338 ## key: varname2-key 339 extraEnv: [] 340 341 ## Replica count 342 ## 343 replicas: 3 344 345 ## Affinity for pod assignment (this value is evaluated as a template) 346 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 347 ## 348 affinity: {} 349 ## Node labels for pod assignment (this value is evaluated as a template) 350 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 351 ## 352 nodeSelector: {} 353 ## Tolerations for pod assignment (this value is evaluated as a template) 354 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature 355 ## 356 tolerations: [] 357 ## Annotations for external-dns pods 358 ## 359 podAnnotations: {} 360 ## Additional labels for the pod(s). 361 ## 362 podLabels: {} 363 ## Pod priority class name 364 ## 365 priorityClassName: "" 366 367 ## Options for the source type "crd" 368 ## 369 crd: 370 ## Install and use the integrated DNSEndpoint CRD 371 create: false 372 ## Change these to use an external DNSEndpoint CRD (E.g. from kubefed) 373 apiversion: "" 374 kind: "" 375 376 ## Kubernetes svc configutarion 377 ## 378 service: 379 ## Kubernetes svc type 380 ## 381 type: ClusterIP 382 port: 7979 383 ## Specify the nodePort value for the LoadBalancer and NodePort service types for the client port 384 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport 385 ## 386 # nodePort: 387 ## Static clusterIP or None for headless services 388 ## 389 # clusterIP: "" 390 ## External IP list to use with ClusterIP service type 391 ## 392 externalIPs: [] 393 ## Use loadBalancerIP to request a specific static IP, 394 ## otherwise leave blank 395 ## 396 # loadBalancerIP: 397 ## Address that are allowed when svc is LoadBalancer 398 ## 399 loadBalancerSourceRanges: [] 400 ## Provide any additional annotations which may be required. This can be used to 401 ## set the LoadBalancer service type to internal only. 402 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer 403 ## 404 annotations: {} 405 406 ## RBAC parameteres 407 ## https://kubernetes.io/docs/reference/access-authn-authz/rbac/ 408 ## 409 rbac: 410 create: true 411 ## Service Account for pods 412 ## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 413 ## 414 serviceAccountName: default 415 ## Annotations for the Service Account 416 ## 417 serviceAccountAnnotations: {} 418 ## RBAC API version 419 ## 420 apiVersion: v1 421 ## Podsecuritypolicy 422 ## 423 pspEnabled: false 424 425 ## Kubernetes Security Context 426 ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 427 ## 428 securityContext: 429 allowPrivilegeEscalation: false 430 readOnlyRootFilesystem: true 431 capabilities: 432 drop: ["ALL"] 433 podSecurityContext: 434 fsGroup: 1001 435 runAsUser: 1001 436 runAsNonRoot: true 437 438 ## Configure resource requests and limits 439 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ 440 ## 441 resources: {} 442 # limits: 443 # cpu: 50m 444 # memory: 50Mi 445 # requests: 446 # memory: 50Mi 447 # cpu: 10m 448 449 ## Liveness Probe. The block is directly forwarded into the deployment, so you can use whatever livenessProbe configuration you want. 450 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ 451 ## 452 livenessProbe: 453 httpGet: 454 path: /healthz 455 port: http 456 initialDelaySeconds: 10 457 periodSeconds: 10 458 timeoutSeconds: 5 459 failureThreshold: 2 460 successThreshold: 1 461 ## Readiness Probe. The block is directly forwarded into the deployment, so you can use whatever readinessProbe configuration you want. 462 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ 463 ## 464 readinessProbe: 465 httpGet: 466 path: /healthz 467 port: http 468 initialDelaySeconds: 5 469 periodSeconds: 10 470 timeoutSeconds: 5 471 failureThreshold: 6 472 successThreshold: 1 473 474 ## Configure extra volumes 475 extraVolumes: [] 476 477 ## Configure extra volumeMounts 478 extraVolumeMounts: [] 479 480 ## Prometheus Exporter / Metrics 481 ## 482 metrics: 483 enabled: true 484 ## Metrics exporter pod Annotation and Labels 485 ## 486 # podAnnotations: 487 # prometheus.io/scrape: "true" 488 # prometheus.io/port: "7979" 489 490 ## Prometheus Operator ServiceMonitor configuration 491 ## 492 serviceMonitor: 493 enabled: false 494 ## Namespace in which Prometheus is running 495 ## 496 # namespace: monitoring 497 498 ## Interval at which metrics should be scraped. 499 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint 500 ## 501 # interval: 10s 502 503 ## Timeout after which the scrape is ended 504 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint 505 ## 506 # scrapeTimeout: 10s 507 508 ## ServiceMonitor selector labels 509 ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration 510 ## 511 # selector: 512 # prometheus: my-prometheus