diff --git a/docs/flags.md b/docs/flags.md index 9218ba868..3cf19d4d8 100644 --- a/docs/flags.md +++ b/docs/flags.md @@ -133,7 +133,7 @@ | `--exoscale-apisecret=""` | Provide your API Secret for the Exoscale provider | | `--rfc2136-host=` | When using the RFC2136 provider, specify the host of the DNS server (optionally specify multiple times when when using --rfc2136-load-balancing-strategy) | | `--rfc2136-port=0` | When using the RFC2136 provider, specify the port of the DNS server | -| `--rfc2136-zone=RFC2136-ZONE` | When using the RFC2136 provider, specify zone entries of the DNS server to use | +| `--rfc2136-zone=RFC2136-ZONE` | When using the RFC2136 provider, specify zone entry of the DNS server to use (can be specified multiple times) | | `--[no-]rfc2136-create-ptr` | When using the RFC2136 provider, enable PTR management | | `--[no-]rfc2136-insecure` | When using the RFC2136 provider, specify whether to attach TSIG or not (default: false, requires --rfc2136-tsig-keyname and rfc2136-tsig-secret) | | `--rfc2136-tsig-keyname=""` | When using the RFC2136 provider, specify the TSIG key to attached to DNS messages (required when --rfc2136-insecure=false) | diff --git a/docs/tutorials/rfc2136.md b/docs/tutorials/rfc2136.md index c14c184bf..5211a6d7c 100644 --- a/docs/tutorials/rfc2136.md +++ b/docs/tutorials/rfc2136.md @@ -497,6 +497,35 @@ external-dns \ --rfc2136-insecure ``` +### Helm + +```yaml +extraArgs: + - --rfc2136-host="dns-host-1.yourdomain.com" + - --rfc2136-port=53 + - --rfc2136-zone=example.com + - --rfc2136-tsig-secret-alg=hmac-sha256 + - --rfc2136-tsig-axfr + +env: + - name: "EXTERNAL_DNS_RDC2136_TSIG_SECRET" + valueFrom: + secretKeyRef: + name: rfc2136-keys + key: rfc2136-tsig-secret + - name: "EXTERNAL_DNS_RDC2136_TSIG_KEYNAME" + valueFrom: + secretKeyRef: + name: rfc2136-keys + key: rfc2136-tsig-keyname +``` + +#### Secret creation + +```shell +kubectl create secret generic rfc2136-keys --from-literal=rfc2136-tsig-secret='xxx' --from-literal=rfc2136-tsig-keyname='k8s-external-dns-key' -n external-dns +``` + ### Benefits - Distributes the load of DNS updates across multiple data centers, preventing any single DC from becoming a bottleneck. diff --git a/pkg/apis/externaldns/types.go b/pkg/apis/externaldns/types.go index 36cd3a9bb..5e9aac21a 100644 --- a/pkg/apis/externaldns/types.go +++ b/pkg/apis/externaldns/types.go @@ -580,7 +580,7 @@ func App(cfg *Config) *kingpin.Application { // Flags related to RFC2136 provider app.Flag("rfc2136-host", "When using the RFC2136 provider, specify the host of the DNS server (optionally specify multiple times when when using --rfc2136-load-balancing-strategy)").Default(defaultConfig.RFC2136Host[0]).StringsVar(&cfg.RFC2136Host) app.Flag("rfc2136-port", "When using the RFC2136 provider, specify the port of the DNS server").Default(strconv.Itoa(defaultConfig.RFC2136Port)).IntVar(&cfg.RFC2136Port) - app.Flag("rfc2136-zone", "When using the RFC2136 provider, specify zone entries of the DNS server to use").StringsVar(&cfg.RFC2136Zone) + app.Flag("rfc2136-zone", "When using the RFC2136 provider, specify zone entry of the DNS server to use (can be specified multiple times)").StringsVar(&cfg.RFC2136Zone) app.Flag("rfc2136-create-ptr", "When using the RFC2136 provider, enable PTR management").Default(strconv.FormatBool(defaultConfig.RFC2136CreatePTR)).BoolVar(&cfg.RFC2136CreatePTR) app.Flag("rfc2136-insecure", "When using the RFC2136 provider, specify whether to attach TSIG or not (default: false, requires --rfc2136-tsig-keyname and rfc2136-tsig-secret)").Default(strconv.FormatBool(defaultConfig.RFC2136Insecure)).BoolVar(&cfg.RFC2136Insecure) app.Flag("rfc2136-tsig-keyname", "When using the RFC2136 provider, specify the TSIG key to attached to DNS messages (required when --rfc2136-insecure=false)").Default(defaultConfig.RFC2136TSIGKeyName).StringVar(&cfg.RFC2136TSIGKeyName)