diff --git a/charts/external-dns/README.md b/charts/external-dns/README.md index 0bd75c5592..d4ad33b3ee 100644 --- a/charts/external-dns/README.md +++ b/charts/external-dns/README.md @@ -70,3 +70,6 @@ The following table lists the configurable parameters of the _ExternalDNS_ chart | `provider` | DNS provider where the DNS records will be created, for the available providers and how to configure them see the [README](https://github.com/kubernetes-sigs/external-dns#deploying-to-a-cluster). | `aws` | | `extraArgs` | Extra arguments to pass to the _external-dns_ container, these are needed for provider specific arguments. | `[]` | | `deploymentStrategy` | .spec.strategy of the external-dns Deployment. Defaults to 'Recreate' since multiple external-dns pods may conflict with each other. | `{type: Recreate}` | +| `secretConfiguration.enabled` | Enable additional secret configuration | `{type: Recreate}` | +| `secretConfiguration.mountPath` | Mount path of secret configuration | `{type: Recreate}` | +| `secretConfiguration.data` | Additional secret configuration. Can be used to store dns provider credentials | `{type: Recreate}` | diff --git a/charts/external-dns/templates/deployment.yaml b/charts/external-dns/templates/deployment.yaml index 1ed3b6f5f6..f44281771b 100644 --- a/charts/external-dns/templates/deployment.yaml +++ b/charts/external-dns/templates/deployment.yaml @@ -23,9 +23,14 @@ spec: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.podAnnotations }} + {{- if or .Values.secretConfiguration.enabled .Values.podAnnotations }} annotations: + {{- if .Values.secretConfiguration.enabled }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} spec: {{- with .Values.imagePullSecrets }} @@ -87,9 +92,9 @@ spec: {{- range .Values.domainFilters }} - --domain-filter={{ . }} {{- end }} - - --provider={{ .Values.provider }} + - --provider={{ tpl .Values.provider $ }} {{- range .Values.extraArgs }} - - {{ . }} + - {{ tpl . $ }} {{- end }} ports: - name: http @@ -99,17 +104,30 @@ spec: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: {{- toYaml .Values.readinessProbe | nindent 12 }} - {{- with .Values.extraVolumeMounts }} + {{- if or .Values.secretConfiguration.enabled .Values.extraVolumeMounts }} volumeMounts: + {{- if .Values.secretConfiguration.enabled }} + - name: secrets + mountPath: {{ tpl .Values.secretConfiguration.mountPath $ }} + {{- end }} + {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.extraVolumes }} + {{- if or .Values.secretConfiguration.enabled .Values.extraVolumes }} volumes: + {{- if .Values.secretConfiguration.enabled }} + - name: secrets + secret: + secretName: {{ include "external-dns.fullname" . }} + {{- end }} + {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/charts/external-dns/templates/secret.yaml b/charts/external-dns/templates/secret.yaml new file mode 100644 index 0000000000..89ec1fe558 --- /dev/null +++ b/charts/external-dns/templates/secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.secretConfiguration.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "external-dns.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "external-dns.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.secretConfiguration.data }} + {{ $key }}: {{ tpl $value $ | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/external-dns/values.schema.json b/charts/external-dns/values.schema.json new file mode 100644 index 0000000000..7b2fd22b99 --- /dev/null +++ b/charts/external-dns/values.schema.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "provider": { + "type": "string" + }, + "extraArgs": { + "type": "array", + "items": { + "type": "string" + } + }, + "secretConfiguration": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "data": { + "type": "object", + "patternProperties": { + ".+": { + "type": "string" + } + } + } + } + } + } +} diff --git a/charts/external-dns/values.yaml b/charts/external-dns/values.yaml index 988677fbd3..a309833113 100644 --- a/charts/external-dns/values.yaml +++ b/charts/external-dns/values.yaml @@ -126,5 +126,10 @@ provider: aws extraArgs: [] +secretConfiguration: + enabled: false + mountPath: /.aws/credentials + data: {} + deploymentStrategy: type: Recreate