mirror of
				https://github.com/kubernetes-sigs/external-dns.git
				synced 2025-10-25 16:51:01 +02:00 
			
		
		
		
	Merge pull request #4161 from stevehipwell/helm-deprecate-secret-configuration
chore(chart): Deprecated secretConfiguration
This commit is contained in:
		
						commit
						70a70892a8
					
				| @ -30,6 +30,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | ||||
| 
 | ||||
| - Avoid unnecessary pod restart on each helm chart version. ([#4103](https://github.com/kubernetes-sigs/external-dns/pull/4103)) [@jkroepke](https://github.com/jkroepke) | ||||
| 
 | ||||
| ### Deprecated | ||||
| 
 | ||||
| - The `secretConfiguration` value has been deprecated in favour of creating secrets external to the Helm chart and configuring their use via the `extraVolumes` & `extraVolumeMounts` values. | ||||
| 
 | ||||
| ## [v1.13.1] - 2023-09-07 | ||||
| 
 | ||||
| ### Added | ||||
|  | ||||
| @ -116,7 +116,7 @@ If `namespaced` is set to `true`, please ensure that `sources` my only contains | ||||
| | resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `external-dns` container. | | ||||
| | revisionHistoryLimit | int | `nil` | Specify the number of old `ReplicaSets` to retain to allow rollback of the `Deployment``. | | ||||
| | secretConfiguration.data | object | `{}` | `Secret` data. | | ||||
| | secretConfiguration.enabled | bool | `false` | If `true`, create a `Secret` to store sensitive provider configuration. | | ||||
| | secretConfiguration.enabled | bool | `false` | If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**). | | ||||
| | secretConfiguration.mountPath | string | `nil` | Mount path for the `Secret`, this can be templated. | | ||||
| | secretConfiguration.subPath | string | `nil` | Sub-path for mounting the `Secret`, this can be templated. | | ||||
| | securityContext | object | See _values.yaml_ | [Security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core) for the `external-dns` container. | | ||||
|  | ||||
| @ -24,6 +24,7 @@ | ||||
|       } | ||||
|     }, | ||||
|     "secretConfiguration": { | ||||
|       "$comment": "This value is DEPRECATED as secrets should be configured external to the chart and exposed to the container via extraVolumes & extraVolumeMounts.", | ||||
|       "type": "object", | ||||
|       "properties": { | ||||
|         "enabled": { | ||||
|  | ||||
| @ -224,7 +224,7 @@ provider: | ||||
| extraArgs: [] | ||||
| 
 | ||||
| secretConfiguration: | ||||
|   # -- If `true`, create a `Secret` to store sensitive provider configuration. | ||||
|   # -- If `true`, create a `Secret` to store sensitive provider configuration (**DEPRECATED**). | ||||
|   enabled: false | ||||
|   # -- Mount path for the `Secret`, this can be templated. | ||||
|   mountPath: | ||||
|  | ||||
| @ -386,26 +386,17 @@ $ az identity federated-credential create --name ${IDENTITY_NAME} --identity-nam | ||||
| 
 | ||||
| NOTE: make sure federated credential refers to correct namespace and service account (`system:serviceaccount:<NAMESPACE>:<SERVICE_ACCOUNT>`) | ||||
| 
 | ||||
| #### helm | ||||
| #### Helm | ||||
| 
 | ||||
| When deploying external-dns with helm, here are the parameters you need to pass: | ||||
| When deploying external-dns with Helm you need to create a secret to store the Azure config (see below) and create a workload identity (out of scope here) before you can install the chart. | ||||
| 
 | ||||
| ```yaml | ||||
| fullnameOverride: external-dns | ||||
| 
 | ||||
| serviceAccount: | ||||
|   annotations: | ||||
|     azure.workload.identity/client-id: <IDENTITY_CLIENT_ID> | ||||
| 
 | ||||
| podLabels: | ||||
|   azure.workload.identity/use: "true" | ||||
| 
 | ||||
| provider: azure | ||||
| 
 | ||||
| secretConfiguration: | ||||
|   enabled: true | ||||
|   mountPath: "/etc/kubernetes/" | ||||
|   data: | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: external-dns-azure | ||||
| type: Opaque | ||||
| data: | ||||
|   azure.json: | | ||||
|     { | ||||
|       "tenantId": "<TENANT_ID>", | ||||
| @ -415,6 +406,34 @@ secretConfiguration: | ||||
|     } | ||||
| ``` | ||||
| 
 | ||||
| Once you have created the secret and have a workload identity you can install the chart with the following values. | ||||
| 
 | ||||
| ```yaml | ||||
| fullnameOverride: external-dns | ||||
| 
 | ||||
| serviceAccount: | ||||
|   labels: | ||||
|     azure.workload.identity/use: "true" | ||||
|   annotations: | ||||
|     azure.workload.identity/client-id: <IDENTITY_CLIENT_ID> | ||||
| 
 | ||||
| podLabels: | ||||
|   azure.workload.identity/use: "true" | ||||
| 
 | ||||
| extraVolumes: | ||||
|   - name: azure-config-file | ||||
|     secret: | ||||
|       secretName: external-dns-azure | ||||
| 
 | ||||
| extraVolumeMounts: | ||||
|   - name: azure-config-file | ||||
|     mountPath: /etc/kubernetes | ||||
|     readOnly: true | ||||
| 
 | ||||
| provider: | ||||
|   name: azure | ||||
| ``` | ||||
| 
 | ||||
| NOTE: make sure the pod is restarted whenever you make a configuration change. | ||||
| 
 | ||||
| #### kubectl (alternative) | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user