Skip to content

chore(base-cluster/dns): migrate external-dns away from bitnami #1601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cwrau merged 1 commit into from
Jul 25, 2025
+24 −41
Merged

chore(base-cluster/dns): migrate external-dns away from bitnami #1601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/trusted_registries.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ registry-gitlab.teuto.net: ALL_IMAGES
registry.k8s.io:
descheduler: ALL_IMAGES
etcd: ALL_TAGS
external-dns:
external-dns: ALL_TAGS
ingress-nginx: ALL_IMAGES
kube-state-metrics: ALL_IMAGES
metrics-server:
Expand Down
57 changes: 19 additions & 38 deletions charts/base-cluster/templates/dns/external-dns.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,14 @@
{{- if .Values.dns.provider -}}
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .) -}}
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: external-dns
namespace: ingress
labels: {{- include "common.labels.standard" $ | nindent 4 }}
app.kubernetes.io/component: external-dns
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") }}
helmrelease-metrics/ignore: "true"
{{- end }}
spec:
chart:
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") }}
spec:
chart: external-dns
sourceRef:
kind: HelmRepository
name: bitnami
namespace: {{ .Release.Namespace }}
version: 5.4.8
{{- else }}
spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "bitnami" "chart" "external-dns" "context" $) | nindent 6 }}
{{- end }}
spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "external-dns" "chart" "external-dns" "context" $) | nindent 6 }}
interval: 1h
driftDetection:
mode: enabled
Expand All @@ -37,17 +23,22 @@ spec:
crds: Skip
values:
priorityClassName: cluster-components
{{- if .Values.global.imageRegistry }}
global:
imageRegistry: {{ $.Values.global.imageRegistry }}
{{- end }}
image:
repository: {{ printf "%s/external-dns/external-dns" ($.Values.global.imageRegistry | default "registry.k8s.io") }}
podAnnotations:
Comment thread
cwrau marked this conversation as resolved.
checksum/provider-secret: {{ include "common.utils.checksumTemplate" (dict "path" (printf "/dns/%s/external-dns.yaml" (.Values.dns.provider | keys | first)) "context" $) }}
provider: {{ .Values.dns.provider | keys | first | quote }}
provider:
name: {{ .Values.dns.provider | keys | first | quote }}
{{- if .Values.dns.provider.cloudflare }}
Comment thread
cwrau marked this conversation as resolved.
cloudflare:
secretName: "external-dns"
proxied: false
env:
- name: CF_API_TOKEN
valueFrom:
secretKeyRef:
name: external-dns
key: cloudflare_api_token
{{- end }}
Comment thread
cwrau marked this conversation as resolved.
{{- with .Values.dns.domains }}
domainFilters: {{- toYaml . | nindent 6 }}
{{- end }}
sources:
- ingress
Expand All @@ -58,28 +49,18 @@ spec:
- gateway-udproute
rbac:
create: true
crd:
create: false
policy: sync
registry: txt
txtOwnerId: {{ required "You must provide a cluster name, unique in your DNS setup" .Values.global.clusterName }}
podSecurityContext:
Comment thread
cwrau marked this conversation as resolved.
runAsNonRoot: true
runAsGroup: 1001
runAsUser: 1001
runAsGroup: 65534
runAsUser: 65534
containerSecurityContext:
readOnlyRootFilesystem: true
privileged: false
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
Comment thread
cwrau marked this conversation as resolved.
resources: {{- include "common.resources" .Values.externalDNS | nindent 6 }}
metrics:
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.enabled }}
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.enabled }}
labels:
additionalLabels:
monitoring/provisioned-by: base-cluster
{{- end -}}
6 changes: 3 additions & 3 deletions charts/base-cluster/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,10 +111,10 @@ global:
alloy: 1.2.0
tempo-distributed: 1.46.0
condition: "{{ and .Values.monitoring.prometheus.enabled (or .Values.monitoring.loki.enabled .Values.monitoring.tracing.enabled) }}"
bitnami:
url: oci://docker.io/bitnamicharts
external-dns:
url: https://kubernetes-sigs.github.io/external-dns
charts:
external-dns: 8.9.2
external-dns: 1.18.0
oauth2-proxy:
url: https://oauth2-proxy.github.io/manifests
charts:
Expand Down