diff --git a/bootstrap/helmrepositories/helmrepository-bitnami.yaml b/bootstrap/helmrepositories/helmrepository-bitnami.yaml new file mode 100644 index 0000000..1234a1c --- /dev/null +++ b/bootstrap/helmrepositories/helmrepository-bitnami.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: bitnami + namespace: flux-system +spec: + interval: 15m + url: https://charts.bitnami.com/bitnami diff --git a/bootstrap/kustomizations/kustomization-external-dns.yaml b/bootstrap/kustomizations/kustomization-external-dns.yaml new file mode 100644 index 0000000..b7dc6e5 --- /dev/null +++ b/bootstrap/kustomizations/kustomization-external-dns.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: external-dns + namespace: flux-system +spec: + interval: 30m + path: ./external-dns + prune: true # remove any elements later removed from the above path + timeout: 10m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: external-dns + namespace: external-dns diff --git a/bootstrap/namespaces/namespace-external-dns.yaml b/bootstrap/namespaces/namespace-external-dns.yaml new file mode 100644 index 0000000..d18e962 --- /dev/null +++ b/bootstrap/namespaces/namespace-external-dns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns diff --git a/external-dns/helmrelease-external-dns.yaml b/external-dns/helmrelease-external-dns.yaml new file mode 100644 index 0000000..36b6f41 --- /dev/null +++ b/external-dns/helmrelease-external-dns.yaml @@ -0,0 +1,1162 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: external-dns + namespace: external-dns +spec: + chart: + spec: + chart: external-dns + version: 6.28.x # auto-update to semver bugfixes only + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + interval: 15m + timeout: 5m + releaseName: external-dns + values: + # Copyright VMware, Inc. + # SPDX-License-Identifier: APACHE-2.0 + + ## @section Global parameters + ## Global Docker image parameters + ## Please, note that this will override the image parameters, including dependencies, configured to use the global value + ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + ## + + ## @param global.imageRegistry Global Docker image registry + ## @param global.imagePullSecrets Global Docker registry secret names as an array + ## + global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + + ## @section Common parameters + ## + + ## @param nameOverride String to partially override external-dns.fullname template (will maintain the release name) + ## + nameOverride: "" + ## @param fullnameOverride String to fully override external-dns.fullname template + ## + fullnameOverride: "" + ## @param clusterDomain Kubernetes Cluster Domain + ## + clusterDomain: cluster.local + + ## @param commonLabels Labels to add to all deployed objects + ## + commonLabels: {} + ## @param commonAnnotations Annotations to add to all deployed objects + ## + commonAnnotations: {} + ## + ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). + ## + extraDeploy: [] + ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) + ## + kubeVersion: "" + ## @param watchReleaseNamespace Watch only namepsace used for the release + ## + watchReleaseNamespace: false + ## @param useDaemonset Use ExternalDNS in Daemonset mode + ## If set to false, Deployment will be used. + ## + useDaemonset: false + + ## @section external-dns parameters + ## + + ## Bitnami external-dns image version + ## ref: https://hub.docker.com/r/bitnami/external-dns/tags/ + ## @param image.registry [default: REGISTRY_NAME] ExternalDNS image registry + ## @param image.repository [default: REPOSITORY_NAME/external-dns] ExternalDNS image repository + ## @skip image.tag ExternalDNS Image tag (immutable tags are recommended) + ## @param image.digest ExternalDNS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param image.pullPolicy ExternalDNS image pull policy + ## @param image.pullSecrets ExternalDNS image pull secrets + ## + image: + registry: docker.io + repository: bitnami/external-dns + tag: 0.14.0-debian-11-r1 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## @param hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + + ## @param updateStrategy update strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#update-strategies + ## + updateStrategy: {} + + ## @param command Override kiam default command + ## + command: [] + ## @param args Override kiam default args + ## + args: [] + + ## @param sources [array] K8s resources type to be observed for new DNS entries by ExternalDNS + ## + sources: + - crd + # - service + # - ingress + # - contour-httpproxy + ## @param provider DNS provider where the DNS records will be created. + ## Available providers are: + ## - akamai, alibabacloud, aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, hetzner, infoblox, linode, rfc2136, transip, oci + ## + provider: aws + ## @param initContainers Attach additional init containers to the pod (evaluated as a template) + ## + initContainers: [] + ## @param sidecars Attach additional containers to the pod (evaluated as a template) + ## + sidecars: [] + ## Flags related to processing sources + ## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272 + ## @param namespace Limit sources of endpoints to a specific namespace (default: all namespaces) + ## + namespace: "" + ## @param fqdnTemplates Templated strings that are used to generate DNS names from sources that don't define a hostname themselves + ## + fqdnTemplates: [] + ## @param containerPorts.http HTTP Container port + ## + containerPorts: + http: 7979 + ## @param combineFQDNAnnotation Combine FQDN template and annotations instead of overwriting + ## + combineFQDNAnnotation: false + ## @param ignoreHostnameAnnotation Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set + ## + ignoreHostnameAnnotation: false + ## @param publishInternalServices Allow external-dns to publish DNS records for ClusterIP services + ## + publishInternalServices: false + ## @param publishHostIP Allow external-dns to publish host-ip for headless services + ## + publishHostIP: false + ## @param serviceTypeFilter The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName) + ## + serviceTypeFilter: [] + ## Chart Validation + ## + validation: + ## @param validation.enabled Enable chart validation + ## + enabled: true + ## Akamai configuration to be set via arguments/env. variables + ## + akamai: + ## @param akamai.host Hostname to use for EdgeGrid auth + ## + host: "" + ## @param akamai.accessToken Access Token to use for EdgeGrid auth + ## + accessToken: "" + ## @param akamai.clientToken Client Token to use for EdgeGrid auth + ## + clientToken: "" + ## @param akamai.clientSecret When using the Akamai provider, `AKAMAI_CLIENT_SECRET` to set (optional) + ## + clientSecret: "" + ## @param akamai.secretName Use an existing secret with key "akamai_api_seret" defined. + ## This ignores akamai.clientSecret + ## + secretName: "" + ## Alibaba cloud configuration to be set via arguments/env. variables + ## These will be added to /etc/kubernetes/alibaba-cloud.json via secret + ## + alibabacloud: + ## @param alibabacloud.accessKeyId When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional) + ## + accessKeyId: "" + ## @param alibabacloud.accessKeySecret When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional) + ## + accessKeySecret: "" + ## @param alibabacloud.regionId When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional) + ## + regionId: "" + ## @param alibabacloud.vpcId Alibaba Cloud VPC Id + ## + vpcId: "" + ## @param alibabacloud.secretName Use an existing secret with key "alibaba-cloud.json" defined. + ## This ignores alibabacloud.accessKeyId, and alibabacloud.accessKeySecret + ## + secretName: "" + ## @param alibabacloud.zoneType Zone Filter. Available values are: public, private, or no value for both + ## + zoneType: "" + ## AWS configuration to be set via arguments/env. variables + ## + aws: + ## AWS credentials + ## @param aws.credentials.secretKey When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional) + ## @param aws.credentials.accessKey When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional) + ## @param aws.credentials.mountPath When using the AWS provider, determine `mountPath` for `credentials` secret + ## + credentials: + secretKey: "" + accessKey: "" + ## Before external-dns 0.5.9 home dir should be `/root/.aws` + ## + mountPath: "/.aws" + ## @param aws.credentials.secretName Use an existing secret with key "credentials" defined. + ## This ignores aws.credentials.secretKey, and aws.credentials.accessKey + ## + secretName: "" + ## AWS access key id stored in key-value secret. + ## If aws.credentials.accessKeyIDSecretRef and aws.credentials.secretAccessKeySecretRef defined aws.credentials.secretKey, aws.credentials.accessKey and aws.credentials.secretName are ignored + ## @param aws.credentials.accessKeyIDSecretRef.name Define the name of the secret that stores aws_access_key_id. + ## @param aws.credentials.accessKeyIDSecretRef.key Define the key of the secret that stores aws_access_key_id. + ## + accessKeyIDSecretRef: + name: "" + key: "" + ## AWS secret access key stored in key-value secret + ## @param aws.credentials.secretAccessKeySecretRef.name Define the name of the secret that stores aws_secret_access_key + ## @param aws.credentials.secretAccessKeySecretRef.key Define the key of the secret that stores aws_secret_access_key + ## + secretAccessKeySecretRef: + name: "" + key: "" + ## @param aws.region When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional) + ## + region: "us-east-1" + ## @param aws.zoneType When using the AWS provider, filter for zones of this type (optional, options: public, private) + ## + zoneType: "" + ## @param aws.assumeRoleArn When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon + ## + assumeRoleArn: "" + ## @param aws.roleArn Specify role ARN to the external-dns daemon + ## + roleArn: "" + ## @param aws.apiRetries Maximum number of retries for AWS API calls before giving up + ## + apiRetries: 3 + ## @param aws.batchChangeSize When using the AWS provider, set the maximum number of changes that will be applied in each batch + ## + batchChangeSize: 1000 + ## @param aws.zonesCacheDuration If the list of Route53 zones managed by ExternalDNS doesn't change frequently, cache it by setting a TTL + ## (default 0 - disabled, can be set to time interval like 1m or 1h) + ## + zonesCacheDuration: 0 + ## @param aws.zoneTags When using the AWS provider, filter for zones with these tags + ## + zoneTags: [] + ## @param aws.preferCNAME When using the AWS provider, replaces Alias records with CNAME (options: true, false) + ## + preferCNAME: "" + ## @param aws.evaluateTargetHealth When using the AWS provider, sets the evaluate target health flag (options: true, false) + ## + evaluateTargetHealth: "" + ## @param aws.dynamodbTable When using the AWS provider, sets the DynamoDB table name to use for dynamodb registry + ## ref: https://github.com/kubernetes-sigs/external-dns/blob/0483ffde22e60436f16be154b9fe1a388a1400d0/docs/registry/dynamodb.md + ## + dynamodbTable: "" + ## @param aws.dynamodbRegion When using the AWS provider, sets the DynamoDB table region to use for dynamodb registry + ## ref: https://github.com/kubernetes-sigs/external-dns/blob/0483ffde22e60436f16be154b9fe1a388a1400d0/docs/registry/dynamodb.md + ## + dynamodbRegion: "" + ## Azure configuration to be set via arguments/env. variables + ## + azure: + ## When a secret to load azure.json is not specified, the host's /etc/kubernetes/azure.json will be used + ## @param azure.secretName When using the Azure provider, set the secret containing the `azure.json` file + ## + secretName: "" + ## @param azure.cloud When using the Azure provider, set the Azure Cloud + ## + cloud: "" + ## @param azure.resourceGroup When using the Azure provider, set the Azure Resource Group + ## + resourceGroup: "" + ## @param azure.tenantId When using the Azure provider, set the Azure Tenant ID + ## + tenantId: "" + ## @param azure.subscriptionId When using the Azure provider, set the Azure Subscription ID + ## + subscriptionId: "" + ## @param azure.aadClientId When using the Azure provider, set the Azure AAD Client ID + ## + aadClientId: "" + ## @param azure.aadClientSecret When using the Azure provider, set the Azure AAD Client Secret + ## + aadClientSecret: "" + ## @param azure.useWorkloadIdentityExtension When using the Azure provider, set if you use Workload Identity extension. + ## + useWorkloadIdentityExtension: false + ## @param azure.useManagedIdentityExtension When using the Azure provider, set if you use Azure MSI + ## + useManagedIdentityExtension: false + ## @param azure.userAssignedIdentityID When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used) + ## + userAssignedIdentityID: "" + ## Civo configuration to be set via arguments/env. variables + ## + civo: + ## @param civo.apiToken When using the Civo provider, `CIVO_TOKEN` to set (optional) + ## + apiToken: "" + ## @param civo.secretName Use an existing secret with key "apiToken" defined. + ## This ignores civo.apiToken + ## + secretName: "" + ## Cloudflare configuration to be set via arguments/env. variables + ## + cloudflare: + ## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional) + ## + apiToken: "" + ## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional) + ## + apiKey: "" + ## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key. + ## This ignores cloudflare.apiToken, and cloudflare.apiKey + ## + secretName: "" + ## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY + ## + email: "" + ## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional) + ## + proxied: true + ## CoreDNS configuration to be set via arguments/env variables + ## + coredns: + ## @param coredns.etcdEndpoints When using the CoreDNS provider, set etcd backend endpoints (comma-separated list) + ## Secure (https) endpoints can be used as well, in that case `etcdTLS` section + ## should be filled in accordingly + ## + etcdEndpoints: "http://etcd-extdns:2379" + ## Configuration of the secure communication and client authentication to the etcd cluster + ## If enabled all the values under this key must hold a valid data + ## + etcdTLS: + ## @param coredns.etcdTLS.enabled When using the CoreDNS provider, enable secure communication with etcd + ## + enabled: false + ## @param coredns.etcdTLS.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param coredns.etcdTLS.secretName When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys + ## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md + ## ref (secret creation): + ## https://github.com/bitnami/charts/tree/main/bitnami/etcd#configure-certificates-for-client-communication + ## + secretName: "etcd-client-certs" + ## @param coredns.etcdTLS.mountPath When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to + ## + mountPath: "/etc/coredns/tls/etcd" + ## @param coredns.etcdTLS.caFilename When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName` + ## + caFilename: "ca.crt" + ## @param coredns.etcdTLS.certFilename When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName` + ## Will be used by external-dns to authenticate against etcd + ## + certFilename: "cert.pem" + ## @param coredns.etcdTLS.keyFilename When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName` + ## Will be used by external-dns to authenticate against etcd + ## + keyFilename: "key.pem" + ## OpenStack Designate provider configuration to be set via arguments/env. variables + ## + designate: + ## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret + ## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument + ## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional) + ## @param designate.password When using the Designate provider, specify the OpenStack authentication password. (optional) + ## @param designate.applicationCredentialId When using the Designate provider, specify the OpenStack authentication application credential ID. This conflicts with `designate.username`. (optional) + ## @param designate.applicationCredentialSecret When using the Designate provider, specify the OpenStack authentication application credential ID. This conflicts with `designate.password`. (optional) + ## @param designate.authUrl When using the Designate provider, specify the OpenStack authentication Url. (optional) + ## @param designate.regionName When using the Designate provider, specify the OpenStack region name. (optional) + ## @param designate.userDomainName When using the Designate provider, specify the OpenStack user domain name. (optional) + ## @param designate.projectName When using the Designate provider, specify the OpenStack project name. (optional) + ## @param designate.authType When using the Designate provider, specify the OpenStack auth type. (optional) + ## e.g: + ## username: "someuser" + ## password: "p@55w0rd" + ## authUrl: "https://mykeystone.example.net:5000/v3/" + ## regionName: "dev" + ## userDomainName: "development" + ## projectName: "myteamname" + ## + username: "" + password: "" + applicationCredentialId: "" + applicationCredentialSecret: "" + authUrl: "" + regionName: "" + userDomainName: "" + projectName: "" + authType: "" + ## @param designate.customCAHostPath When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled` + ## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath + ## + customCAHostPath: "" + ## Use a custom CA (optional) + ## @param designate.customCA.enabled When using the Designate provider, enable a custom CA (optional) + ## @param designate.customCA.content When using the Designate provider, set the content of the custom CA + ## @param designate.customCA.mountPath When using the Designate provider, set the mountPath in which to mount the custom CA configuration + ## @param designate.customCA.filename When using the Designate provider, set the custom CA configuration filename + ## + customCA: + enabled: false + content: "" + mountPath: "/config/designate" + filename: "designate-ca.pem" + ## Exoscale configuration to be set via arguments/env. variables + ## + exoscale: + ## @param exoscale.apiKey When using the Exoscale provider, `EXTERNAL_DNS_EXOSCALE_APIKEY` to set (optional) + ## + apiKey: "" + ## @param exoscale.apiToken When using the Exoscale provider, `EXTERNAL_DNS_EXOSCALE_APISECRET` to set (optional) + ## + apiToken: "" + ## @param exoscale.secretName Use an existing secret with keys "exoscale_api_key" and "exoscale_api_token" defined. + ## This ignores exoscale.apiKey and exoscale.apiToken + ## + secretName: "" + ## Google configuration to be set via arguments/env. variables + ## + ## DigitalOcean configuration to be set via arguments/env. variables + ## + digitalocean: + ## @param digitalocean.apiToken When using the DigitalOcean provider, `DO_TOKEN` to set (optional) + ## + apiToken: "" + ## @param digitalocean.secretName Use an existing secret with key "digitalocean_api_token" defined. + ## This ignores digitalocean.apiToken + ## + secretName: "" + ## Google configuration to be set via arguments/env. variables + ## + google: + ## @param google.project When using the Google provider, specify the Google project (required when provider=google) + ## + project: "" + ## @param google.batchChangeSize When using the google provider, set the maximum number of changes that will be applied in each batch + ## + batchChangeSize: 1000 + ## @param google.serviceAccountSecret When using the Google provider, specify the existing secret which contains credentials.json (optional) + ## + serviceAccountSecret: "" + ## @param google.serviceAccountSecretKey When using the Google provider with an existing secret, specify the key name (optional) + ## + serviceAccountSecretKey: "credentials.json" + ## @param google.serviceAccountKey When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional) + ## + serviceAccountKey: "" + ## @param google.zoneVisibility When using the Google provider, fiter for zones of a specific visibility (private or public) + ## + zoneVisibility: "" + ## Hetzner configuration to be set via arguments/env. variables + ## + hetzner: + ## @param hetzner.token When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.) + ## Mutually exclusive with `hetzner.secretName`. + ## + token: "" + ## @param hetzner.secretName When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional) + ## + secretName: "" + ## @param hetzner.secretKey When using the Hetzner provider with an existing secret, specify the key name (optional) + ## + secretKey: "hetzner_token" + ## Infoblox configuration to be set via arguments/env. variables + ## + infoblox: + ## @param infoblox.wapiUsername When using the Infoblox provider, specify the Infoblox WAPI username + ## + wapiUsername: "admin" + ## @param infoblox.wapiPassword When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox) + ## + wapiPassword: "" + ## @param infoblox.gridHost When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox) + ## + gridHost: "" + ## @param infoblox.view Infoblox view + ## + view: "" + ## Optional keys + ## + ## @param infoblox.secretName Existing secret name, when in place wapiUsername and wapiPassword are not required + ## + secretName: "" + ## + ## @param infoblox.domainFilter When using the Infoblox provider, specify the domain (optional) + ## + domainFilter: "" + ## + ## @param infoblox.nameRegex When using the Infoblox provider, specify the name regex filter (optional) + ## + nameRegex: "" + ## @param infoblox.noSslVerify When using the Infoblox provider, disable SSL verification (optional) + ## + noSslVerify: false + ## @param infoblox.wapiPort When using the Infoblox provider, specify the Infoblox WAPI port (optional) + ## + wapiPort: "" + ## @param infoblox.wapiVersion When using the Infoblox provider, specify the Infoblox WAPI version (optional) + ## + wapiVersion: "" + ## @param infoblox.wapiConnectionPoolSize When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional) + ## + wapiConnectionPoolSize: "" + ## @param infoblox.wapiHttpTimeout When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional) + ## + wapiHttpTimeout: "" + ## @param infoblox.maxResults When using the Infoblox provider, specify the Infoblox Max Results (optional) + ## + maxResults: "" + ## Linode configuration to be set via arguments/env. variables + ## + linode: + ## @param linode.apiToken When using the Linode provider, `LINODE_TOKEN` to set (optional) + ## + apiToken: "" + ## @param linode.secretName Use an existing secret with key "linode_api_token" defined. + ## This ignores linode.apiToken + ## + secretName: "" + + ## NS1 configuration to be set via arguments/env. variables + ## + ns1: + ## @param ns1.minTTL When using the ns1 provider, specify minimal TTL, as an integer, for records + ## + minTTL: 10 + ## @param ns1.apiKey When using the ns1 provider, specify the API key to use + ## + apiKey: "" + ## @param ns1.secretName Use an existing secret with key "ns1-api-key" defined. + ## This ignores ns1.apiToken + ## + secretName: "" + + ## oci configuration to be set via arguments/env. variables + ## + oci: + ## @param oci.region When using the OCI provider, specify the region, where your zone is located in. + ## + region: "" + ## @param oci.tenancyOCID When using the OCI provider, specify your Tenancy OCID + ## + tenancyOCID: "" + ## @param oci.userOCID When using the OCI provider, specify your User OCID + ## + userOCID: "" + ## @param oci.compartmentOCID When using the OCI provider, specify your Compartment OCID where your DNS Zone is located in. + ## + compartmentOCID: "" + ## @param oci.privateKey [string] When using the OCI provider, paste in your RSA private key file for the Oracle API + ## + privateKey: | + -----BEGIN RSA PRIVATE KEY----- + -----END RSA PRIVATE KEY----- + ## @param oci.privateKeyFingerprint When using the OCI provider, put in the fingerprint of your privateKey + ## + privateKeyFingerprint: "" + ## @param oci.privateKeyPassphrase When using the OCI provider and your privateKey has a passphrase, put it in here. (optional) + ## + privateKeyPassphrase: "" + ## @param oci.secretName When using the OCI provider, it's the name of the secret containing `oci.yaml` file. + ## Ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/oracle.md#deploy-externaldns + ## + secretName: "" + ## OVH configuration to be set via arguments/env. variables + ## + ovh: + ## @param ovh.consumerKey When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.) + ## + consumerKey: "" + ## @param ovh.applicationKey When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.) + ## + applicationKey: "" + ## @param ovh.applicationSecret When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.) + ## + applicationSecret: "" + ## @param ovh.secretName When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh`. + ## with following keys: + ## - ovh_consumer_key + ## - ovh_application_key + ## - ovh_application_secret + ## This ignores consumerKey, applicationKey & applicationSecret + ## + secretName: "" + ## Scaleway configuration to be set via arguments/env. variables + ## + scaleway: + ## @param scaleway.scwAccessKey When using the Scaleway provider, specify an existing access key. (required when provider=scaleway) + ## + scwAccessKey: "" + ## @param scaleway.scwSecretKey When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway) + ## + scwSecretKey: "" + ## RFC 2136 configuration to be set via arguments/env. variables + ## + rfc2136: + ## @param rfc2136.host When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136) + ## + host: "" + ## @param rfc2136.port When using the rfc2136 provider, specify the RFC2136 port (optional) + ## + port: 53 + ## @param rfc2136.zone When using the rfc2136 provider, specify the zone (required when provider=rfc2136) + ## + zone: "" + ## @param rfc2136.tsigSecret When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional) + ## + tsigSecret: "" + ## @param rfc2136.secretName When using the rfc2136 provider, specify the existing secret which contains your tsig secret in the key "rfc2136_tsig_secret". Disables the usage of `rfc2136.tsigSecret` (optional) + ## + secretName: "" + ## @param rfc2136.tsigSecretAlg When using the rfc2136 provider, specify the tsig secret to enable security (optional) + ## + tsigSecretAlg: hmac-sha256 + ## @param rfc2136.tsigKeyname When using the rfc2136 provider, specify the tsig keyname to enable security (optional) + ## + tsigKeyname: rfc2136_tsig_secret + ## @param rfc2136.tsigAxfr When using the rfc2136 provider, enable AFXR to enable security (optional) + ## + tsigAxfr: true + ## @param rfc2136.minTTL When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more + ## + minTTL: "0s" + ## @param rfc2136.rfc3645Enabled When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG + ## + rfc3645Enabled: false + ## @param rfc2136.kerberosConfig When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional) + ## + kerberosConfig: "" + ## @param rfc2136.kerberosUsername When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional) + ## + kerberosUsername: "" + ## @param rfc2136.kerberosPassword When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional) + ## + kerberosPassword: "" + ## @param rfc2136.kerberosRealm When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true) + ## + kerberosRealm: "" + + ## PowerDNS configuration to be set via arguments/env. variables + ## + pdns: + ## @param pdns.apiUrl When using the PowerDNS provider, specify the API URL of the server. + ## + apiUrl: "" + ## @param pdns.apiPort When using the PowerDNS provider, specify the API port of the server. + ## + apiPort: "8081" + ## @param pdns.apiKey When using the PowerDNS provider, specify the API key of the server. + ## + apiKey: "" + ## @param pdns.secretName When using the PowerDNS provider, specify as secret name containing the API Key + ## + secretName: "" + ## TransIP configuration to be set via arguments/env. variables + ## + transip: + ## @param transip.account When using the TransIP provider, specify the account name. + ## + account: "" + ## @param transip.apiKey When using the TransIP provider, specify the API key to use. + ## + apiKey: "" + ## VinylDNS configuration to be set via arguments/env. variables + ## + vinyldns: + ## @param vinyldns.host When using the VinylDNS provider, specify the VinylDNS API host. + ## + host: "" + ## @param vinyldns.accessKey When using the VinylDNS provider, specify the Access Key to use. + ## + accessKey: "" + ## @param vinyldns.secretKey When using the VinylDNS provider, specify the Secret key to use. + ## + secretKey: "" + ## @param domainFilters Limit possible target zones by domain suffixes (optional) + ## + domainFilters: [] + ## @param excludeDomains Exclude subdomains (optional) + ## + excludeDomains: [] + ## @param regexDomainFilter Limit possible target zones by regex domain suffixes (optional) + ## If regexDomainFilter is specified, domainFilters will be ignored + ## + regexDomainFilter: "" + ## @param regexDomainExclusion Exclude subdomains by using regex pattern (optional) + ## If regexDomainFilter is specified, excludeDomains will be ignored and external-dns will use regexDomainExclusion even though regexDomainExclusion is empty + ## + regexDomainExclusion: "" + ## @param zoneNameFilters Filter target zones by zone domain (optional) + ## + zoneNameFilters: [] + ## @param zoneIdFilters Limit possible target zones by zone id (optional) + ## + zoneIdFilters: [] + ## @param annotationFilter Filter sources managed by external-dns via annotation using label selector (optional) + ## + annotationFilter: "" + ## @param labelFilter Select sources managed by external-dns using label selector (optional) + ## + labelFilter: "" + ## @param ingressClassFilters Filter sources managed by external-dns via IngressClass (optional) + ## + ingressClassFilters: [] + ## @param managedRecordTypesFilters Filter record types managed by external-dns (optional) + ## + managedRecordTypesFilters: [] + ## @param dryRun When enabled, prints DNS record changes rather than actually performing them (optional) + ## + dryRun: false + ## @param triggerLoopOnEvent When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional) + ## + triggerLoopOnEvent: false + ## @param interval Interval update period to use + ## + interval: "1m" + ## @param logLevel Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace) + ## + logLevel: info + ## @param logFormat Which format to output logs in (options: text, json) + ## + logFormat: text + ## @param policy Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only ) + ## + policy: upsert-only + ## @param registry Registry method to use (options: txt, aws-sd, dynamodb, noop) + ## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md + ## + registry: "txt" + ## @param txtPrefix When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) (Mutual exclusive with txt-suffix) + ## + txtPrefix: "" + ## @param txtSuffix When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix) + ## + txtSuffix: "" + ## @param txtOwnerId A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional) + ## But other registry types might be added in the future. + ## + txtOwnerId: "" + ## @param forceTxtOwnerId (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional) + ## This setting added for backward compatibility for + ## customers who already used bitnami/external-dns helm chart + ## to privision 'aws-sd' registry type. + ## Previously bitnami/external-dns helm chart did not pass + ## txtOwnerId value down to the external-dns application + ## so the app itself sets that value to be a string 'default'. + ## If existing customers force the actual txtOwnerId value to be + ## passed properly, their external-dns updates will stop working + ## because the owner's value for exting DNS records in + ## AWS Service Discovery would remain 'default'. + ## NOTE: It is up to the end user to update AWS Service Discovery + ## 'default' values in description fields to make it work with new + ## value passed as txtOwnerId when forceTxtOwnerId=true + ## + forceTxtOwnerId: false + ## @param extraArgs Extra arguments to be passed to external-dns + ## + extraArgs: {} + ## @param extraEnvVars An array to add extra env vars + ## + extraEnvVars: [] + ## @param extraEnvVarsCM ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param lifecycleHooks [object] Override default etcd container hooks + ## + lifecycleHooks: {} + ## @param schedulerName Alternative scheduler + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## @param replicaCount Desired number of ExternalDNS replicas + ## + replicaCount: 1 + ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param affinity Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param nodeSelector Node labels for pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param tolerations Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param podAnnotations Additional annotations to apply to the pod. + ## + podAnnotations: {} + ## @param podLabels Additional labels to be added to pods + ## + podLabels: {} + ## @param priorityClassName priorityClassName + ## + priorityClassName: "" + ## @param secretAnnotations Additional annotations to apply to the secret + ## + secretAnnotations: {} + ## Options for the source type "crd" + ## + crd: + ## @param crd.create Install and use the integrated DNSEndpoint CRD + ## + create: true + ## @param crd.apiversion Sets the API version for the CRD to watch + ## + apiversion: "" + ## @param crd.kind Sets the kind for the CRD to watch + ## + kind: "" + ## Kubernetes svc configutarion + ## + service: + ## @param service.enabled Whether to create Service resource or not + ## + enabled: true + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + ## @param service.ports.http ExternalDNS client port + ## + ports: + http: 7979 + ## @param service.nodePorts.http Port to bind to for NodePort service type (client port) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param service.clusterIP IP address to assign to service + ## + clusterIP: "" + ## @param service.externalIPs Service external IP addresses + ## + externalIPs: [] + ## @param service.externalName Service external name + ## + externalName: "" + ## @param service.loadBalancerIP IP address to assign to load balancer (if supported) + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported) + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Annotations to add to service + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## @param service.labels Provide any additional labels which may be required. + ## This can be used to have external-dns show up in `kubectl cluster-info` + ## kubernetes.io/cluster-service: "true" + ## kubernetes.io/name: "external-dns" + ## + labels: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## ServiceAccount parameters + ## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.create Determine whether a Service Account should be created or it should reuse a exiting one. + ## + create: true + ## @param serviceAccount.name ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. + ## + automountServiceAccountToken: true + ## @param serviceAccount.labels [object] Additional labels to be included on the service account + ## + labels: {} + ## RBAC parameters + ## https://kubernetes.io/docs/reference/access-authn-authz/rbac/ + ## + rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## + create: true + ## @param rbac.clusterRole Whether to create Cluster Role. When set to false creates a Role in `namespace` + ## + clusterRole: true + ## @param rbac.apiVersion Version of the RBAC API + ## + apiVersion: v1 + ## @param rbac.pspEnabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + pspEnabled: false + ## @param containerSecurityContext.enabled Enabled Apache Server containers' Security Context + ## @param containerSecurityContext.runAsUser Set ExternalDNS containers' Security Context runAsUser + ## @param containerSecurityContext.runAsNonRoot Set ExternalDNS container's Security Context runAsNonRoot + ## @param containerSecurityContext.privileged Set primary container's Security Context privileged + ## @param containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation + ## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param containerSecurityContext.readOnlyRootFilesystem Set container readonlyRootFilesystem + ## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## Example: + ## containerSecurityContext: + ## allowPrivilegeEscalation: false + ## readOnlyRootFilesystem: true + ## capabilities: + ## drop: ["ALL"] + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + + ## @param podSecurityContext.enabled Enable pod security context + ## @param podSecurityContext.fsGroup Group ID for the container + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param resources.limits The resources limits for the container + ## @param resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 50m + ## memory: 50Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 10m + ## memory: 50Mi + ## + requests: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param livenessProbe.enabled Enable livenessProbe + ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param readinessProbe.enabled Enable readinessProbe + ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## Configure extra options for startup probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-startup-probes/#configure-probes + ## @param startupProbe.enabled Enable startupProbe + ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param startupProbe.periodSeconds Period seconds for startupProbe + ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param startupProbe.failureThreshold Failure threshold for startupProbe + ## @param startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param customLivenessProbe Override default liveness probe + ## + customLivenessProbe: {} + ## @param customReadinessProbe Override default readiness probe + ## + customReadinessProbe: {} + ## @param customStartupProbe Override default startup probe + ## + customStartupProbe: {} + ## @param extraVolumes A list of volumes to be added to the pod + ## + extraVolumes: [] + ## @param extraVolumeMounts A list of volume mounts to be added to the pod + ## + extraVolumeMounts: [] + ## @param podDisruptionBudget Configure PodDisruptionBudget + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + + podDisruptionBudget: {} + ## Prometheus Exporter / Metrics + ## + metrics: + ## @param metrics.enabled Enable prometheus to access external-dns metrics endpoint + ## + enabled: false + ## @param metrics.podAnnotations Annotations for enabling prometheus to access the metrics endpoint + ## + podAnnotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor object + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.selector Additional labels for ServiceMonitor object + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings [array] Prometheus relabeling rules + ## + relabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## DEPRECATED metrics.serviceMonitor.additionalLabels will be removed in a future release - Please use metrics.serviceMonitor.labels instead + ## @param metrics.serviceMonitor.labels Used to pass Labels that are required by the installed Prometheus Operator + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Google Managed Prometheus PodMonitor configuration + ## + googlePodMonitor: + ## @param metrics.googlePodMonitor.enabled Create Google Managed Prometheus PodMonitoring object + ## + enabled: false + ## @param metrics.googlePodMonitor.namespace Namespace in which PodMonitoring created + ## + namespace: "" + ## @param metrics.googlePodMonitor.interval Interval at which metrics should be scraped by Google Managed Prometheus + ## + interval: "60s" + ## @param metrics.googlePodMonitor.endpoint The endpoint for Google Managed Prometheus scraping the metrics + ## + endpoint: /metrics diff --git a/external-dns/sealedsecret-cloudflare-api-token.yaml b/external-dns/sealedsecret-cloudflare-api-token.yaml new file mode 100644 index 0000000..09fbb3c --- /dev/null +++ b/external-dns/sealedsecret-cloudflare-api-token.yaml @@ -0,0 +1,21 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "cloudflare-api-token", + "namespace": "external-dns", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "cloudflare-api-token", + "namespace": "external-dns", + "creationTimestamp": null + } + }, + "encryptedData": { + "cloudflare_api_token": "AgDKzWAG8CQEx7GaKhVoZMZDtYT8REzINhhqyApmlcU2apLFMkKREUgtiQwyI/i6F6SqEzI+2bQphZFbShUZJITkGGF18Vsd2buqydFg2cqApUsed/yaU+29fPiDJD9nMm1Ykk1Hv0hJjZPtqWTtiFmIZr61AtVUGfFMUbqee1HoYIYgKEE7kBrPnkpBqCW/RaYCw3/ft4SQh5q++UxXM4Ax1C7xJDtrP9lOaQ9x26RfmLZGQjYfaNVW89/fUi1T7nr1TeszHQ6MUXU77tiGSK+eqiZxmdjef/8Ll8TAyUItf6phObzoSovkhXtBpzZBI0/ftKmveUuncrWJd7YXbowcw/WPqOmkLMwX7EAjDl2qKcOz9HzjykZzoJewAVZ4en36H+L+Wc9id4reBvyqF+AB1wox4A1hnUi2dSQvkHlhPItD4jKu5mBIGqVpCHphLw/KDQe8BQPBWoxZ2N4cFSoVKHWut37nRPWIjAXPmhZN342m1JCiynWhPMqvtppTUm5gMacj2Pr2dCfHWfu+L7qDhEvHYyKp1zZ43BKjKxlhW9emzqYhnlCSjdPPDXFihgy/kvJg79ZMhaW9eBGDLFu7nCwSiuTwpWxzk+n9GM5QegTqQuOGl6/oXfRFEAx8XWvMjDOQgt4+1Feo7Ckoz3H+jmY9CdQ5c7LD/8zRzfh186IgD0arYw44V/dGpEzod0VOYAG3sJXGxEFuKjs5NwPoysakpBb8Bpgy3nzz4hNCWgSp/6yk" + } + } +}