Helm chart support for webhook sidecar

charts/external-dns/CHANGELOG.md

@@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Added the option to explicitly enable or disable service account token automounting. ([#3983](https:/kubernetes-sigs/external-dns/pull/3983)) [@gilles-gosuin](https:/gilles-gosuin)
 - Added the option to configure revisionHistoryLimit on the K8s Deployment resource. ([#4008](https:/kubernetes-sigs/external-dns/pull/4008)) [@arnisoph](https:/arnisoph)
+- Added support for webhook sidecars.
 
 ## [v1.13.1] - 2023-09-07
 

charts/external-dns/templates/_helpers.tpl

@@ -70,3 +70,17 @@ The image to use
 {{- define "external-dns.image" -}}
 {{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
 {{- end }}
+
+{{/*
+Keep backward compatibility on provider
+*/}}
+{{- define "external-dns.providername" -}}
+{{- if eq (typeOf .Values.provider) "string" }}
+{{- .Values.provider }}
+{{- if contains "/" .Values.provider }}
+{{- fail "A provider image must be specified as provider.name" }}
+{{- end }}
+{{- else }}
+{{- .Values.provider.name }}
+{{- end }}
+{{- end }}

charts/external-dns/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $providername := include "external-dns.providername" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -103,7 +104,11 @@ spec:
  {{- range .Values.domainFilters }}
  - --domain-filter={{ . }}
  {{- end }}
- - --provider={{ tpl .Values.provider $ }}
+ {{- if contains "/" $providername }}
+ - --provider=webhook
+ {{- else }}
+ - --provider={{ tpl $providername $ }}
+ {{- end }}
  {{- range .Values.extraArgs }}
  - {{ tpl . $ }}
  {{- end }}
@@ -115,9 +120,9 @@ spec:
  {{- toYaml .Values.livenessProbe | nindent 12 }}
  readinessProbe:
  {{- toYaml .Values.readinessProbe | nindent 12 }}
- {{- if or .Values.secretConfiguration.enabled .Values.extraVolumeMounts }}
+ {{- if or .Values.secretConfiguration.mountPath .Values.extraVolumeMounts }}
  volumeMounts:
- {{- if .Values.secretConfiguration.enabled }}
+ {{- if .Values.secretConfiguration.mountPath }}
  - name: secrets
  mountPath: {{ tpl .Values.secretConfiguration.mountPath $ }}
  {{- with .Values.secretConfiguration.subPath }}
@@ -132,9 +137,51 @@ spec:
  resources:
  {{- toYaml . | nindent 12 }}
  {{- end }}
- {{- if or .Values.secretConfiguration.enabled .Values.extraVolumes }}
+ {{- if contains "/" $providername }}
+ - name: provider
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ image: {{ tpl $providername $ }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- with .Values.provider.env }}
+ env:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ args:
+ {{- range .Values.provider.args }}
+ - {{ tpl . $ }}
+ {{- end }}
+ ports:
+ - name: provider-metrics
+ protocol: TCP
+ containerPort: 8080
+ livenessProbe:
+ {{- toYaml .Values.provider.livenessProbe | nindent 12 }}
+ readinessProbe:
+ {{- toYaml .Values.provider.readinessProbe | nindent 12 }}
+ {{- if or .Values.provider.secretConfiguration.mountPath .Values.provider.extraVolumeMounts }}
+ volumeMounts:
+ {{- if .Values.provider.secretConfiguration.mountPath }}
+ - name: secrets
+ mountPath: {{ tpl .Values.provider.secretConfiguration.mountPath $ }}
+ {{- with .Values.provider.secretConfiguration.subPath }}
+ subPath: {{ tpl . $ }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.provider.extraVolumeMounts }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.provider.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.secretConfiguration.mountPath (and (contains "/" $providername) .Values.provider.secretConfiguration.mountPath) .Values.extraVolumes }}
  volumes:
- {{- if .Values.secretConfiguration.enabled }}
+ {{- if or .Values.secretConfiguration.mountPath (and (contains "/" $providername) .Values.provider.secretConfiguration.mountPath) }}
  - name: secrets
  secret:
  secretName: {{ include "external-dns.fullname" . }}

charts/external-dns/templates/servicemonitor.yaml

@@ -22,32 +22,34 @@ spec:
  matchLabels:
  {{- include "external-dns.selectorLabels" . | nindent 6 }}
  endpoints:
- - port: http
+ {{- range (list "http" "provider-metrics" }}
+ - port: {{ . }}
  path: /metrics
- {{- with .Values.serviceMonitor.interval }}
+ {{- with $.Values.serviceMonitor.interval }}
  interval: {{ . }}
  {{- end }}
- {{- with .Values.serviceMonitor.scheme }}
+ {{- with $.Values.serviceMonitor.scheme }}
  scheme: {{ . }}
  {{- end }}
- {{- with .Values.serviceMonitor.bearerTokenFile }}
+ {{- with $.Values.serviceMonitor.bearerTokenFile }}
  bearerTokenFile: {{ . }}
  {{- end }}
- {{- with .Values.serviceMonitor.tlsConfig }}
+ {{- with $.Values.serviceMonitor.tlsConfig }}
  tlsConfig:
  {{- toYaml .| nindent 8 }}
  {{- end }}
- {{- with .Values.serviceMonitor.scrapeTimeout }}
+ {{- with $.Values.serviceMonitor.scrapeTimeout }}
  scrapeTimeout: {{ . }}
  {{- end }}
- {{- with .Values.serviceMonitor.metricRelabelings }}
+ {{- with $.Values.serviceMonitor.metricRelabelings }}
  metricRelabelings:
  {{- toYaml . | nindent 8 }}
  {{- end }}
- {{- with .Values.serviceMonitor.relabelings }}
+ {{- with $.Values.serviceMonitor.relabelings }}
  relabelings:
  {{- toYaml . | nindent 8 }}
  {{- end }}
+ {{- end }}
  {{- with .Values.serviceMonitor.targetLabels }}
  targetLabels:
  {{- toYaml . | nindent 4 }}

charts/external-dns/values.schema.json

@@ -2,9 +2,6 @@
  "$schema": "http://json-schema.org/draft-07/schema",
  "type": "object",
  "properties": {
- "provider": {
- "type": "string"
- },
  "extraArgs": {
  "type": "array",
  "items": {

charts/external-dns/values.yaml

@@ -180,7 +180,43 @@ txtSuffix: ""
 
 domainFilters: []
 
-provider: aws
+provider:
+ # The name of the DNS provider. This can be either a built-in provider or a provider image to run as a sidecar container.
+ name: "aws"
+ # Arguments to pass to the provider container (these can be templated).
+ args: []
+ # [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the provider container; this supports the full [EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core) API including secrets and configmaps.
+ env: []
+ # Additional volume mounts for the provider container; this supports the full [VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core) API.
+ extraVolumeMounts: []
+ # [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for the provider container; this supports the full [Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#probe-v1-core) API.
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: provider-metrics
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 2
+ successThreshold: 1
+ # [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for the webhook container; this supports the full [Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#probe-v1-core) API.
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: provider-metrics
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ # Resource requests and limits for the provider container; this supports the full [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#resourcerequirements-v1-core) API.
+ resources: {}
+
+ secretConfiguration:
+ # Mount path of secret configuration secret in the provider container (this can be templated).
+ mountPath: ""
+ # Sub-path of secret configuration secret in the provider container (this can be templated).
+ subPath: ""
 
 extraArgs: []