mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-07 01:56:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

[helm] Add support for namespaced scope (#3403)

Browse Source 
* [helm] Add support for namespaced scope

* Add documentation about namespaced scope

* Add documentation about namespaced scope
This commit is contained in:
Jan-Otto Kröpke 2023-03-30 10:37:49 +02:00 committed by GitHub
parent f947a9ea71
commit e4792aec22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
charts/external-dns/README.md
View File

@ -69,6 +69,7 @@ The following table lists the configurable parameters of the _ExternalDNS_ chart
| `logFormat` | Formats of the logs, available values are: `text`, `json`. | `text` | | `logFormat` | Formats of the logs, available values are: `text`, `json`. | `text` |
| `interval` | The interval for DNS updates. | `1m` | | `interval` | The interval for DNS updates. | `1m` |
| `triggerLoopOnEvent` | When enabled, triggers run loop on create/update/delete events in addition of regular interval. | `false` | | `triggerLoopOnEvent` | When enabled, triggers run loop on create/update/delete events in addition of regular interval. | `false` |
| `namespaced` | When enabled, external-dns runs on namespace scope. Additionally, Role and Rolebinding will be namespaced, too. | `false` |
| `sources` | K8s resources type to be observed for new DNS entries. | See _values.yaml_ | | `sources` | K8s resources type to be observed for new DNS entries. | See _values.yaml_ |
| `policy` | How DNS records are synchronized between sources and providers, available values are: `sync`, `upsert-only`. | `upsert-only` | | `policy` | How DNS records are synchronized between sources and providers, available values are: `sync`, `upsert-only`. | `upsert-only` |
| `registry` | Registry Type, available types are: `txt`, `noop`. | `txt` | | `registry` | Registry Type, available types are: `txt`, `noop`. | `txt` |
@ -82,3 +83,36 @@ The following table lists the configurable parameters of the _ExternalDNS_ chart
| `secretConfiguration.mountPath` | Mount path of secret configuration secret (this can be templated). | `""` | | `secretConfiguration.mountPath` | Mount path of secret configuration secret (this can be templated). | `""` |
| `secretConfiguration.data` | Secret configuration secret data. Could be used to store DNS provider credentials. | `{}` | | `secretConfiguration.data` | Secret configuration secret data. Could be used to store DNS provider credentials. | `{}` |
| `secretConfiguration.subPath` | Sub-path of secret configuration secret (this can be templated). | `""` | | `secretConfiguration.subPath` | Sub-path of secret configuration secret (this can be templated). | `""` |
## Namespaced scoped installation
external-dns supports running on a namespaced only scope, too.
If `namespaced=true` is defined, the helm chart will setup `Roles` and `RoleBindings` instead `ClusterRoles` and `ClusterRoleBindings`.
### Limited supported
Not all sources are supported in namespaced scope, since some sources depends on cluster-wide resources.
For example: Source `node` isn't supported, since `kind: Node` has scope `Cluster`.
Sources like `istio-virtualservice` only work, if all resources like `Gateway` and `VirtualService` are present in the same
namespaces as `external-dns`.
The annotation `external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP` is not supported.
If `namespaced` is set to `true`, please ensure that `sources` my only contains supported sources (Default: `service,ingress`.
### Support matrix
| Source | Supported | Infos |
|------------------------|-----------|------------------------|
| `ingress` | ✅ | |
| `istio-gateway` | ✅ | |
| `istio-virtualservice` | ✅ | |
| `contour-ingressroute` | ✅ | |
| `crd` | ✅ | |
| `kong-tcpingress` | ✅ | |
| `openshift-route` | ✅ | |
| `skipper-routegroup` | ✅ | |
| `gloo-proxy` | ✅ | |
| `contour-httpproxy` | ✅ | |
| `service` | ⚠️️ | NodePort not supported |
| `node` | ❌ | |
| `pod` | ❌ | |

4
charts/external-dns/templates/clusterrole.yaml
View File

@ -1,12 +1,12 @@
{{- if .Values.rbac.create -}} {{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: {{ .Values.namespaced | ternary "Role" "ClusterRole" }}
metadata: metadata:
name: {{ template "external-dns.fullname" . }} name: {{ template "external-dns.fullname" . }}
labels: labels:
{{- include "external-dns.labels" . | nindent 4 }} {{- include "external-dns.labels" . | nindent 4 }}
rules: rules:
{{- if or (has "node" .Values.sources) (has "pod" .Values.sources) (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }} {{- if and (not .Values.namespaced) (or (has "node" .Values.sources) (has "pod" .Values.sources) (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources)) }}
- apiGroups: [""] - apiGroups: [""]
resources: ["nodes"] resources: ["nodes"]
verbs: ["list","watch"] verbs: ["list","watch"]

4
charts/external-dns/templates/clusterrolebinding.yaml
View File

@ -1,13 +1,13 @@
{{- if .Values.rbac.create -}} {{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: {{ .Values.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
metadata: metadata:
name: {{ printf "%s-viewer" (include "external-dns.fullname" .) }} name: {{ printf "%s-viewer" (include "external-dns.fullname" .) }}
labels: labels:
{{- include "external-dns.labels" . | nindent 4 }} {{- include "external-dns.labels" . | nindent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: {{ .Values.namespaced | ternary "Role" "ClusterRole" }}
name: {{ template "external-dns.fullname" . }} name: {{ template "external-dns.fullname" . }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount

3
charts/external-dns/templates/deployment.yaml
View File

@ -89,6 +89,9 @@ spec:
- --txt-suffix={{ .Values.txtSuffix }} - --txt-suffix={{ .Values.txtSuffix }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.namespaced }}
- --namespace={{ .Release.Namespace }}
{{- end }}
{{- range .Values.domainFilters }} {{- range .Values.domainFilters }}
- --domain-filter={{ . }} - --domain-filter={{ . }}
{{- end }} {{- end }}

2
charts/external-dns/values.yaml
View File

@ -151,6 +151,8 @@ logFormat: text
interval: 1m interval: 1m
triggerLoopOnEvent: false triggerLoopOnEvent: false
namespaced: false
sources: sources:
- service - service
- ingress - ingress