mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-07 10:06:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4161 from stevehipwell/helm-deprecate-secret-configuration

Browse Source 
chore(chart): Deprecated secretConfiguration
This commit is contained in:
Kubernetes Prow Robot 2024-01-09 02:28:18 +01:00 committed by GitHub
commit 70a70892a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/external-dns/CHANGELOG.md
View File

@ -30,6 +30,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Avoid unnecessary pod restart on each helm chart version. ([#4103](https://github.com/kubernetes-sigs/external-dns/pull/4103)) [@jkroepke](https://github.com/jkroepke) - Avoid unnecessary pod restart on each helm chart version. ([#4103](https://github.com/kubernetes-sigs/external-dns/pull/4103)) [@jkroepke](https://github.com/jkroepke)
### Deprecated
- The `secretConfiguration` value has been deprecated in favour of creating secrets external to the Helm chart and configuring their use via the `extraVolumes` & `extraVolumeMounts` values.
## [v1.13.1] - 2023-09-07 ## [v1.13.1] - 2023-09-07
### Added ### Added

2
charts/external-dns/README.md
View File

@ -116,7 +116,7 @@ If `namespaced` is set to `true`, please ensure that `sources` my only contains
| resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. | | resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. |
| revisionHistoryLimit | int | `nil` | Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. | | revisionHistoryLimit | int | `nil` | Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. |
| secretConfiguration.data | object | `{}` | `Secret` data. | | secretConfiguration.data | object | `{}` | `Secret` data. |
| secretConfiguration.enabled | bool | `false` | If `true`, create a `Secret` to store sensitive provider configuration. | | secretConfiguration.enabled | bool | `false` | If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**). |
| secretConfiguration.mountPath | string | `nil` | Mount path for the `Secret`, this can be templated. | | secretConfiguration.mountPath | string | `nil` | Mount path for the `Secret`, this can be templated. |
| secretConfiguration.subPath | string | `nil` | Sub-path for mounting the `Secret`, this can be templated. | | secretConfiguration.subPath | string | `nil` | Sub-path for mounting the `Secret`, this can be templated. |
| securityContext | object | See _values.yaml_ | [Security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core) for the `external-dns` container. | | securityContext | object | See _values.yaml_ | [Security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core) for the `external-dns` container. |

1
charts/external-dns/values.schema.json
View File

@ -24,6 +24,7 @@
} }
}, },
"secretConfiguration": { "secretConfiguration": {
"$comment": "This value is DEPRECATED as secrets should be configured external to the chart and exposed to the container via extraVolumes & extraVolumeMounts.",
"type": "object", "type": "object",
"properties": { "properties": {
"enabled": { "enabled": {

2
charts/external-dns/values.yaml
View File

@ -224,7 +224,7 @@ provider:
extraArgs: [] extraArgs: []
secretConfiguration: secretConfiguration:
# -- If `true`, create a `Secret` to store sensitive provider configuration. # -- If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**).
enabled: false enabled: false
# -- Mount path for the `Secret`, this can be templated. # -- Mount path for the `Secret`, this can be templated.
mountPath: mountPath:

47
docs/tutorials/azure.md
View File

@ -386,33 +386,52 @@ $ az identity federated-credential create --name ${IDENTITY_NAME} --identity-nam
NOTE: make sure federated credential refers to correct namespace and service account (`system:serviceaccount:<NAMESPACE>:<SERVICE_ACCOUNT>`) NOTE: make sure federated credential refers to correct namespace and service account (`system:serviceaccount:<NAMESPACE>:<SERVICE_ACCOUNT>`)
#### helm #### Helm
When deploying external-dns with helm, here are the parameters you need to pass: When deploying external-dns with Helm you need to create a secret to store the Azure config (see below) and create a workload identity (out of scope here) before you can install the chart.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: external-dns-azure
type: Opaque
data:
azure.json: |
{
"tenantId": "<TENANT_ID>",
"subscriptionId": "<SUBSCRIPTION_ID>",
"resourceGroup": "<AZURE_DNS_ZONE_RESOURCE_GROUP>",
"useWorkloadIdentityExtension": true
}
```
Once you have created the secret and have a workload identity you can install the chart with the following values.
```yaml ```yaml
fullnameOverride: external-dns fullnameOverride: external-dns
serviceAccount: serviceAccount:
labels:
azure.workload.identity/use: "true"
annotations: annotations:
azure.workload.identity/client-id: <IDENTITY_CLIENT_ID> azure.workload.identity/client-id: <IDENTITY_CLIENT_ID>
podLabels: podLabels:
azure.workload.identity/use: "true" azure.workload.identity/use: "true"
provider: azure extraVolumes:
- name: azure-config-file
secret:
secretName: external-dns-azure
secretConfiguration: extraVolumeMounts:
enabled: true - name: azure-config-file
mountPath: "/etc/kubernetes/" mountPath: /etc/kubernetes
data: readOnly: true
azure.json: |
{ provider:
"tenantId": "<TENANT_ID>", name: azure
"subscriptionId": "<SUBSCRIPTION_ID>",
"resourceGroup": "<AZURE_DNS_ZONE_RESOURCE_GROUP>",
"useWorkloadIdentityExtension": true
}
``` ```
NOTE: make sure the pod is restarted whenever you make a configuration change. NOTE: make sure the pod is restarted whenever you make a configuration change.