external-dns

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# This file has been modified by Chainguard, Inc.

# Chainguard, Inc. modifications are subject to the license

# available at: https://www.chainguard.dev/legal/software-license-agreement

# SPDX-License-Identifier: APACHE-2.0

## @section Global parameters

## Global Docker image parameters

## Please, note that this will override the image parameters, including dependencies, configured to use the global value

## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass

## @param global.imageRegistry Global Docker image registry

## @param global.imagePullSecrets Global Docker registry secret names as an array

global:

imageRegistry: ""

## E.g.

## imagePullSecrets:

## - myRegistryKeySecretName

imagePullSecrets: []

## Security parameters

security:

## @param global.security.allowInsecureImages Allows skipping image verification

allowInsecureImages: false

## Compatibility adaptations for Kubernetes platforms

compatibility:

## Compatibility adaptations for Openshift

openshift:

## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

adaptSecurityContext: auto

org: ""

## @section Common parameters

## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)

nameOverride: ""

## @param fullnameOverride String to fully override common.names.fullname template

fullnameOverride: ""

## @param namespaceOverride String to fully override common.names.namespace

namespaceOverride: ""

## @param clusterDomain Kubernetes Cluster Domain

clusterDomain: cluster.local

## @param commonLabels Labels to add to all deployed objects

commonLabels: {}

## @param commonAnnotations Annotations to add to all deployed objects

commonAnnotations: {}

## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).

extraDeploy: []

## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)

kubeVersion: ""

## @section external-dns parameters

## Iamguarded external-dns image version

## ref: https://hub.docker.com/r/iamguarded/external-dns/tags/

## @param image.registry [default: REGISTRY_NAME] ExternalDNS image registry

## @param image.repository [default: REPOSITORY_NAME/external-dns] ExternalDNS image repository

## @skip image.tag ExternalDNS Image tag (immutable tags are recommended)

## @param image.digest ExternalDNS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

## @param image.pullPolicy ExternalDNS image pull policy

## @param image.pullSecrets ExternalDNS image pull secrets

image:

registry: cgr.dev

repository: chainguard-private/external-dns-iamguarded

tag: 0.20.0

digest: ""

## Specify a imagePullPolicy

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

pullPolicy: IfNotPresent

## Optionally specify an array of imagePullSecrets.

## Secrets must be manually created in the namespace.

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

## e.g:

## pullSecrets:

## - myRegistryKeySecretName

pullSecrets: []

## @param revisionHistoryLimit sets number of replicaset to keep in k8s

100

revisionHistoryLimit: 10

101

## @param automountServiceAccountToken Mount Service Account token in pod

102

103

automountServiceAccountToken: true

104

## @param hostAliases Deployment pod host aliases

105

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

106

107

hostAliases: []

108

## @param updateStrategy update strategy type

109

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#update-strategies

110

111

updateStrategy: {}

112

## @param command Override kiam default command

113

114

command: []

115

## @param args Override kiam default args

116

117

args: []

118

## @param sources [array] K8s resources type to be observed for new DNS entries by ExternalDNS

119

120

sources:

121

# - crd

122

- service

123

- ingress

124

# - contour-httpproxy

125

## @param provider DNS provider where the DNS records will be created.

126

## Available providers are:

127

## - akamai, alibabacloud, aws, azure, azure-private-dns, civo, cloudflare, coredns, digitalocean, exoscale, google, linode, ns1, oci, ovh, pdns, pihole, rfc2136, scaleway, transip

128

129

provider: aws

130

## @param initContainers Attach additional init containers to the pod (evaluated as a template)

131

132

initContainers: []

133

## DNS-Pod services

134

## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

135

## @param dnsPolicy Specifies the DNS policy for the external-dns deployment

136

## DNS policies can be set on a per-Pod basis. Currently Kubernetes supports the following Pod-specific DNS policies.

137

## Available options: Default, ClusterFirst, ClusterFirstWithHostNet, None

138

## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy

139

dnsPolicy: ""

140

## @param dnsConfig allows users more control on the DNS settings for a Pod. Required if `dnsPolicy` is set to `None`

141

## The dnsConfig field is optional and it can work with any dnsPolicy settings.

142

## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config

143

## E.g.

144

## dnsConfig:

145

## nameservers:

146

## - 192.0.2.1 # this is an example

147

## searches:

148

## - ns1.svc.cluster-domain.example

149

## - my.dns.search.suffix

150

## options:

151

## - name: ndots

152

## value: "2"

153

## - name: edns0

154

dnsConfig: {}

155

## @param sidecars Attach additional containers to the pod (evaluated as a template)

156

157

sidecars: []

158

## Flags related to processing sources

159

## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272

160

## @param namespace Limit sources of endpoints to a specific namespace (default: all namespaces)

161

162

namespace: ""

163

## @param watchReleaseNamespace Watch only namespace used for the release

164

165

watchReleaseNamespace: false

166

## @param fqdnTemplates Templated strings that are used to generate DNS names from sources that don't define a hostname themselves

167

168

fqdnTemplates: []

169

## @param containerPorts.http HTTP Container port

170

171

containerPorts:

172

http: 7979

173

## @param combineFQDNAnnotation Combine FQDN template and annotations instead of overwriting

174

175

combineFQDNAnnotation: false

176

## @param ignoreHostnameAnnotation Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set

177

178

ignoreHostnameAnnotation: false

179

## @param publishInternalServices Allow external-dns to publish DNS records for ClusterIP services

180

181

publishInternalServices: false

182

## @param publishHostIP Allow external-dns to publish host-ip for headless services

183

184

publishHostIP: false

185

## @param serviceTypeFilter The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName)

186

187

serviceTypeFilter: []

188

## Chart Validation

189

190

validation:

191

## @param validation.enabled Enable chart validation

192

193

enabled: true

194

## Akamai configuration to be set via arguments/env. variables

195

196

akamai:

197

## @param akamai.host Hostname to use for EdgeGrid auth

198

199

host: ""

200

## @param akamai.accessToken Access Token to use for EdgeGrid auth

201

202

accessToken: ""

203

## @param akamai.clientToken Client Token to use for EdgeGrid auth

204

205

clientToken: ""

206

## @param akamai.clientSecret When using the Akamai provider, `AKAMAI_CLIENT_SECRET` to set (optional)

207

208

clientSecret: ""

209

## @param akamai.secretName Use an existing secret with key "akamai_api_seret" defined.

210

## This ignores akamai.clientSecret

211

212

secretName: ""

213

## Alibaba cloud configuration to be set via arguments/env. variables

214

## These will be added to /etc/kubernetes/alibaba-cloud.json via secret

215

216

alibabacloud:

217

## @param alibabacloud.accessKeyId When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional)

218

219

accessKeyId: ""

220

## @param alibabacloud.accessKeySecret When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional)

221

222

accessKeySecret: ""

223

## @param alibabacloud.regionId When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional)

224

225

regionId: ""

226

## @param alibabacloud.vpcId Alibaba Cloud VPC Id

227

228

vpcId: ""

229

## @param alibabacloud.secretName Use an existing secret with key "alibaba-cloud.json" defined.

230

## This ignores alibabacloud.accessKeyId, and alibabacloud.accessKeySecret

231

232

secretName: ""

233

## @param alibabacloud.zoneType Zone Filter. Available values are: public, private, or no value for both

234

235

zoneType: ""

236

## AWS configuration to be set via arguments/env. variables

237

238

aws:

239

## AWS credentials

240

## @param aws.credentials.secretKey When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional)

241

## @param aws.credentials.accessKey When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional)

242

## @param aws.credentials.mountPath When using the AWS provider, determine `mountPath` for `credentials` secret

243

244

credentials:

245

secretKey: ""

246

accessKey: ""

247

## Before external-dns 0.5.9 home dir should be `/root/.aws`

248

249

mountPath: "/.aws"

250

## @param aws.credentials.secretName Use an existing secret with key "credentials" defined.

251

## This ignores aws.credentials.secretKey, and aws.credentials.accessKey

252

253

secretName: ""

254

## AWS access key id stored in key-value secret.

255

## If aws.credentials.accessKeyIDSecretRef and aws.credentials.secretAccessKeySecretRef defined aws.credentials.secretKey, aws.credentials.accessKey and aws.credentials.secretName are ignored

256

## @param aws.credentials.accessKeyIDSecretRef.name Define the name of the secret that stores aws_access_key_id.

257

## @param aws.credentials.accessKeyIDSecretRef.key Define the key of the secret that stores aws_access_key_id.

258

259

accessKeyIDSecretRef:

260

261

key: ""

262

## AWS secret access key stored in key-value secret

263

## @param aws.credentials.secretAccessKeySecretRef.name Define the name of the secret that stores aws_secret_access_key

264

## @param aws.credentials.secretAccessKeySecretRef.key Define the key of the secret that stores aws_secret_access_key

265

266

secretAccessKeySecretRef:

267

268

key: ""

269

## @param aws.region When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional)

270

271

region: "us-east-1"

272

## @param aws.zoneType When using the AWS provider, filter for zones of this type (optional, options: public, private)

273

274

zoneType: ""

275

## @param aws.assumeRoleArn When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon

276

277

assumeRoleArn: ""

278

## @param aws.roleArn Specify role ARN to the external-dns daemon

279

280

roleArn: ""

281

## @param aws.apiRetries Maximum number of retries for AWS API calls before giving up

282

283

apiRetries: 3

284

## @param aws.batchChangeSize When using the AWS provider, set the maximum number of changes that will be applied in each batch

285

286

batchChangeSize: 1000

287

## @param aws.zonesCacheDuration If the list of Route53 zones managed by ExternalDNS doesn't change frequently, cache it by setting a TTL

288

## (default 0 - disabled, can be set to time interval like 1m or 1h)

289

290

zonesCacheDuration: 0

291

## @param aws.zoneTags When using the AWS provider, filter for zones with these tags

292

293

zoneTags: []

294

## @param aws.preferCNAME When using the AWS provider, replaces Alias records with CNAME (options: true, false)

295

296

preferCNAME: ""

297

## @param aws.evaluateTargetHealth When using the AWS provider, sets the evaluate target health flag (options: true, false)

298

299

evaluateTargetHealth: ""

300

## @param aws.dynamodbTable When using the AWS provider, sets the DynamoDB table name to use for dynamodb registry

301

## ref: https://github.com/kubernetes-sigs/external-dns/blob/0483ffde22e60436f16be154b9fe1a388a1400d0/docs/registry/dynamodb.md

302

303

dynamodbTable: ""

304

## @param aws.dynamodbRegion When using the AWS provider, sets the DynamoDB table region to use for dynamodb registry

305

## ref: https://github.com/kubernetes-sigs/external-dns/blob/0483ffde22e60436f16be154b9fe1a388a1400d0/docs/registry/dynamodb.md

306

307

dynamodbRegion: ""

308

## @param aws.zoneMatchParent When using the AWS provider, lets a domain filter match subdomains within the same zone by using their parent domain

309

310

zoneMatchParent: false

311

## Azure configuration to be set via arguments/env. variables

312

313

azure:

314

## When a secret to load azure.json is not specified, the host's /etc/kubernetes/azure.json will be used

315

## @param azure.secretName When using the Azure provider, set the secret containing the `azure.json` file

316

317

secretName: ""

318

## @param azure.cloud When using the Azure provider, set the Azure Cloud

319

320

cloud: ""

321

## @param azure.resourceGroup When using the Azure provider, set the Azure Resource Group

322

323

resourceGroup: ""

324

## @param azure.tenantId When using the Azure provider, set the Azure Tenant ID

325

326

tenantId: ""

327

## @param azure.subscriptionId When using the Azure provider, set the Azure Subscription ID

328

329

subscriptionId: ""

330

## @param azure.aadClientId When using the Azure provider, set the Azure AAD Client ID

331

332

aadClientId: ""

333

## @param azure.aadClientSecret When using the Azure provider, set the Azure AAD Client Secret

334

335

aadClientSecret: ""

336

## @param azure.useWorkloadIdentityExtension When using the Azure provider, set if you use Workload Identity extension.

337

338

useWorkloadIdentityExtension: false

339

## @param azure.useManagedIdentityExtension When using the Azure provider, set if you use Azure MSI

340

341

useManagedIdentityExtension: false

342

## @param azure.userAssignedIdentityID When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used)

343

344

userAssignedIdentityID: ""

345

## Civo configuration to be set via arguments/env. variables

346

347

civo:

348

## @param civo.apiToken When using the Civo provider, `CIVO_TOKEN` to set (optional)

349

350

apiToken: ""

351

## @param civo.secretName Use an existing secret with key "apiToken" defined.

352

## This ignores civo.apiToken

353

354

secretName: ""

355

## Cloudflare configuration to be set via arguments/env. variables

356

357

cloudflare:

358

## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional)

359

360

apiToken: ""

361

## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional)

362

363

apiKey: ""

364

## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key.

365

## This ignores cloudflare.apiToken, and cloudflare.apiKey

366

367

secretName: ""

368

## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY

369

370

email: ""

371

## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)

372

373

proxied: true

374

## @param cloudflare.dnsRecordsPerPage Number of DNS records to fetch per page. (optional)

375

## When using the Cloudflare provider, specify how many DNS records listed per page, max possible 5,000 (default: 100)

376

377

dnsRecordsPerPage: 100

378

## @param cloudflare.regionalServices Enable configuration of Cloudflare Regional Services. (optional)

379

380

regionalServices: false

381

## @param cloudflare.regionKey Set default region, when Cloudflare Regional Services are enabled. (optional)

382

## Using the "external-dns.alpha.kubernetes.io/cloudflare-region-key" annotation on your ingress, you can specify the region for that record.

383

384

regionKey: ""

385

## CoreDNS configuration to be set via arguments/env variables

386

387

coredns:

388

## @param coredns.etcdEndpoints When using the CoreDNS provider, set etcd backend endpoints (comma-separated list)

389

## Secure (https) endpoints can be used as well, in that case `etcdTLS` section

390

## should be filled in accordingly

391

392

etcdEndpoints: "http://etcd-extdns:2379"

393

## Configuration of the secure communication and client authentication to the etcd cluster

394

## If enabled all the values under this key must hold a valid data

395

396

etcdTLS:

397

## @param coredns.etcdTLS.enabled When using the CoreDNS provider, enable secure communication with etcd

398

399

enabled: false

400

## @param coredns.etcdTLS.autoGenerated Generate automatically self-signed TLS certificates

401

402

autoGenerated: false

403

## @param coredns.etcdTLS.secretName When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys

404

## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md

405

## ref (secret creation):

406

## https://github.com/iamguarded/charts/tree/main/iamguarded/etcd#configure-certificates-for-client-communication

407

408

secretName: "etcd-client-certs"

409

## @param coredns.etcdTLS.mountPath When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to

410

411

mountPath: "/etc/coredns/tls/etcd"

412

## @param coredns.etcdTLS.caFilename When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName`

413

414

caFilename: "ca.crt"

415

## @param coredns.etcdTLS.certFilename When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName`

416

## Will be used by external-dns to authenticate against etcd

417

418

certFilename: "cert.pem"

419

## @param coredns.etcdTLS.keyFilename When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName`

420

## Will be used by external-dns to authenticate against etcd

421

422

keyFilename: "key.pem"

423

## Exoscale configuration to be set via arguments/env. variables

424

425

exoscale:

426

## @param exoscale.apiKey When using the Exoscale provider, `EXTERNAL_DNS_EXOSCALE_APIKEY` to set (optional)

427

428

apiKey: ""

429

## @param exoscale.apiToken When using the Exoscale provider, `EXTERNAL_DNS_EXOSCALE_APISECRET` to set (optional)

430

431

apiToken: ""

432

## @param exoscale.secretName Use an existing secret with keys "exoscale_api_key" and "exoscale_api_token" defined.

433

## This ignores exoscale.apiKey and exoscale.apiToken

434

435

secretName: ""

436

## Google configuration to be set via arguments/env. variables

437

438

## DigitalOcean configuration to be set via arguments/env. variables

439

440

digitalocean:

441

## @param digitalocean.apiToken When using the DigitalOcean provider, `DO_TOKEN` to set (optional)

442

443

apiToken: ""

444

## @param digitalocean.secretName Use an existing secret with key "digitalocean_api_token" defined.

445

## This ignores digitalocean.apiToken

446

447

secretName: ""

448

## Google configuration to be set via arguments/env. variables

449

450

google:

451

## @param google.project When using the Google provider, specify the Google project (required when provider=google)

452

453

project: ""

454

## @param google.batchChangeSize When using the google provider, set the maximum number of changes that will be applied in each batch

455

456

batchChangeSize: 1000

457

## @param google.serviceAccountSecret When using the Google provider, specify the existing secret which contains credentials.json (optional)

458

459

serviceAccountSecret: ""

460

## @param google.serviceAccountSecretKey When using the Google provider with an existing secret, specify the key name (optional)

461

462

serviceAccountSecretKey: "credentials.json"

463

## @param google.serviceAccountKey When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional)

464

465

serviceAccountKey: ""

466

## @param google.zoneVisibility When using the Google provider, fiter for zones of a specific visibility (private or public)

467

468

zoneVisibility: ""

469

## Linode configuration to be set via arguments/env. variables

470

471

linode:

472

## @param linode.apiToken When using the Linode provider, `LINODE_TOKEN` to set (optional)

473

474

apiToken: ""

475

## @param linode.secretName Use an existing secret with key "linode_api_token" defined.

476

## This ignores linode.apiToken

477

478

secretName: ""

479

## NS1 configuration to be set via arguments/env. variables

480

481

ns1:

482

## @param ns1.minTTL When using the ns1 provider, specify minimal TTL, as an integer, for records

483

484

minTTL: 10

485

## @param ns1.apiKey When using the ns1 provider, specify the API key to use

486

487

apiKey: ""

488

## @param ns1.secretName Use an existing secret with key "ns1-api-key" defined.

489

## This ignores ns1.apiToken

490

491

secretName: ""

492

## Pi-hole configuration to be set via arguments/env. variables

493

494

pihole:

495

## @param pihole.server When using the Pi-hole provider, specify The address of the Pi-hole web server

496

497

server: ""

498

## @param pihole.tlsSkipVerify When using the Pi-hole provider, specify wheter to skip verification of any TLS certificates served by the Pi-hole web server

499

500

tlsSkipVerify: ""

501

## @param pihole.password When using the Pi-hole provider, specify a password to use

502

503

password: ""

504

## @param pihole.secretName Use an existing secret with key "pihole_password" defined.

505

506

secretName: ""

507

## Compatibility adaptations for Traefik

508

509

traefik:

510

## @param traefik.disableNew Disable listeners on Resources under traefik.io

511

512

disableNew: false

513

## @param traefik.disableLegacy Disable listeners on Resources under traefik.containo.us

514

515

disableLegacy: false

516

## oci configuration to be set via arguments/env. variables

517

518

oci:

519

## @param oci.region When using the OCI provider, specify the region, where your zone is located in.

520

521

region: ""

522

## @param oci.tenancyOCID When using the OCI provider, specify your Tenancy OCID

523

524

tenancyOCID: ""

525

## @param oci.userOCID When using the OCI provider, specify your User OCID

526

527

userOCID: ""

528

## @param oci.compartmentOCID When using the OCI provider, specify your Compartment OCID where your DNS Zone is located in.

529

530

compartmentOCID: ""

531

## @param oci.privateKey [string] When using the OCI provider, paste in your RSA private key file for the Oracle API

532

533

privateKey: |

534

-----BEGIN RSA PRIVATE KEY-----

535

-----END RSA PRIVATE KEY-----

536

## @param oci.privateKeyFingerprint When using the OCI provider, put in the fingerprint of your privateKey

537

538

privateKeyFingerprint: ""

539

## @param oci.privateKeyPassphrase When using the OCI provider and your privateKey has a passphrase, put it in here. (optional)

540

541

privateKeyPassphrase: ""

542

## @param oci.secretName When using the OCI provider, it's the name of the secret containing `oci.yaml` file.

543

## Ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/oracle.md#deploy-externaldns

544

545

secretName: ""

546

## @param oci.useInstancePrincipal When using the OCI provider, enable IAM Instance Principal

547

## Ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/oracle.md#oci-iam-instance-principal

548

useInstancePrincipal: false

549

## @param oci.useWorkloadIdentity When using the OCI provider, enable IAM Workload Identity

550

## Ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/oracle.md#oci-iam-instance-principal

551

useWorkloadIdentity: false

552

## OVH configuration to be set via arguments/env. variables

553

554

ovh:

555

## @param ovh.consumerKey When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.)

556

557

consumerKey: ""

558

## @param ovh.applicationKey When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.)

559

560

applicationKey: ""

561

## @param ovh.applicationSecret When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.)

562

563

applicationSecret: ""

564

## @param ovh.secretName When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh`.

565

## with following keys:

566

## - ovh_consumer_key

567

## - ovh_application_key

568

## - ovh_application_secret

569

## This ignores consumerKey, applicationKey & applicationSecret

570

571

secretName: ""

572

## Scaleway configuration to be set via arguments/env. variables

573

574

scaleway:

575

## @param scaleway.scwAccessKey When using the Scaleway provider, specify an existing access key. (required when provider=scaleway)

576

577

scwAccessKey: ""

578

## @param scaleway.scwSecretKey When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway)

579

580

scwSecretKey: ""

581

## @param scaleway.secretName Use an existing secret with keys "scaleway_access_key" and "scaleway_secret_key" defined (optional).

582

## This ignores scaleway.scwAccessKey and scaleway.scwSecretKey

583

584

secretName: ""

585

## RFC 2136 configuration to be set via arguments/env. variables

586

587

rfc2136:

588

## @param rfc2136.host When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136)

589

590

host: ""

591

## @param rfc2136.port When using the rfc2136 provider, specify the RFC2136 port (optional)

592

593

port: 53

594

## @param rfc2136.zone DEPRECATED: use rfc2136.zones instead.

595

## Currently, the contents of rfc2136.zone and rfc2136.zones will be merged and deduplicated, in a future release this value will be removed in favor of `rfc2136.zones`.

596

597

zone: ""

598

## @param rfc2136.zones When using the rfc2136 provider, specify the zones (required when provider=rfc2136 and `rfc2136.zone` is not provided.)

599

600

zones: []

601

## @param rfc2136.tsigSecret When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional)

602

603

tsigSecret: ""

604

## @param rfc2136.secretName When using the rfc2136 provider, specify the existing secret which contains your tsig secret in the key "rfc2136_tsig_secret". Disables the usage of `rfc2136.tsigSecret` (optional)

605

606

secretName: ""

607

## @param rfc2136.tsigSecretAlg When using the rfc2136 provider, specify the tsig secret to enable security (optional)

608

609

tsigSecretAlg: hmac-sha256

610

## @param rfc2136.tsigKeyname When using the rfc2136 provider, specify the tsig keyname to enable security (optional)

611

612

tsigKeyname: rfc2136_tsig_secret

613

## @param rfc2136.tsigAxfr When using the rfc2136 provider, enable AFXR to enable security (optional)

614

615

tsigAxfr: true

616

## @param rfc2136.minTTL When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more <https://golang.org/pkg/time/#ParseDuration>

617

618

minTTL: "0s"

619

## @param rfc2136.rfc3645Enabled When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG

620

621

rfc3645Enabled: false

622

## @param rfc2136.kerberosConfig When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional)

623

624

kerberosConfig: ""

625

## @param rfc2136.kerberosUsername When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional)

626

627

kerberosUsername: ""

628

## @param rfc2136.kerberosPassword When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional)

629

630

kerberosPassword: ""

631

## @param rfc2136.kerberosRealm When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true)

632

633

kerberosRealm: ""

634

## PowerDNS configuration to be set via arguments/env. variables

635

636

pdns:

637

## @param pdns.apiUrl When using the PowerDNS provider, specify the API URL of the server.

638

639

apiUrl: ""

640

## @param pdns.apiPort When using the PowerDNS provider, specify the API port of the server.

641

642

apiPort: "8081"

643

## @param pdns.apiKey When using the PowerDNS provider, specify the API key of the server.

644

645

apiKey: ""

646

## @param pdns.secretName When using the PowerDNS provider, specify as secret name containing the API Key

647

648

secretName: ""

649

## TransIP configuration to be set via arguments/env. variables

650

651

transip:

652

## @param transip.account When using the TransIP provider, specify the account name.

653

654

account: ""

655

## @param transip.apiKey When using the TransIP provider, specify the API key to use.

656

657

apiKey: ""

658

## @param domainFilters Limit possible target zones by domain suffixes (optional)

659

660

domainFilters: []

661

## @param excludeDomains Exclude subdomains (optional)

662

663

excludeDomains: []

664

## @param regexDomainFilter Limit possible target zones by regex domain suffixes (optional)

665

## If regexDomainFilter is specified, domainFilters will be ignored

666

667

regexDomainFilter: ""

668

## @param regexDomainExclusion Exclude subdomains by using regex pattern (optional)

669

## If regexDomainFilter is specified, excludeDomains will be ignored and external-dns will use regexDomainExclusion even though regexDomainExclusion is empty

670

671

regexDomainExclusion: ""

672

## @param zoneNameFilters Filter target zones by zone domain (optional)

673

674

zoneNameFilters: []

675

## @param zoneIdFilters Limit possible target zones by zone id (optional)

676

677

zoneIdFilters: []

678

## @param annotationFilter Filter sources managed by external-dns via annotation using label selector (optional)

679

680

annotationFilter: ""

681

## @param labelFilter Select sources managed by external-dns using label selector (optional)

682

683

labelFilter: ""

684

## @param ingressClassFilters Filter sources managed by external-dns via IngressClass (optional)

685

686

ingressClassFilters: []

687

## @param managedRecordTypesFilters Filter record types managed by external-dns (optional)

688

689

managedRecordTypesFilters: []

690

## @param dryRun When enabled, prints DNS record changes rather than actually performing them (optional)

691

692

dryRun: false

693

## @param triggerLoopOnEvent When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional)

694

695

triggerLoopOnEvent: false

696

## @param interval Interval update period to use

697

698

interval: "1m"

699

## @param logLevel Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace)

700

701

logLevel: info

702

## @param logFormat Which format to output logs in (options: text, json)

703

704

logFormat: text

705

## @param policy Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only )

706

707

policy: upsert-only

708

## @param registry Registry method to use (options: txt, aws-sd, dynamodb, noop)

709

## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/registry.md

710

711

registry: "txt"

712

## @param txtPrefix When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional)<CNAME record> (Mutual exclusive with txt-suffix)

713

714

txtPrefix: ""

715

## @param txtSuffix When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional)<CNAME record>.suffix (Mutual exclusive with txt-prefix)

716

717

txtSuffix: ""

718

## @param txtNewFormatOnly When using the TXT registry, use only the new format for ownership records (optional)

719

## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md#record-format-options

720

721

txtNewFormatOnly: false

722

## @param txtOwnerId A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional)

723

## But other registry types might be added in the future.

724

725

txtOwnerId: ""

726

## @param forceTxtOwnerId (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional)

727

## This setting added for backward compatibility for

728

## customers who already used iamguarded/external-dns helm chart

729

## to privision 'aws-sd' registry type.

730

## Previously iamguarded/external-dns helm chart did not pass

731

## txtOwnerId value down to the external-dns application

732

## so the app itself sets that value to be a string 'default'.

733

## If existing customers force the actual txtOwnerId value to be

734

## passed properly, their external-dns updates will stop working

735

## because the owner's value for exting DNS records in

736

## AWS Service Discovery would remain 'default'.

737

## NOTE: It is up to the end user to update AWS Service Discovery

738

## 'default' values in description fields to make it work with new

739

## value passed as txtOwnerId when forceTxtOwnerId=true

740

741

forceTxtOwnerId: false

742

## TXT registry record encryption

743

## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md#encryption

744

745

txtEncrypt:

746

## @param txtEncrypt.enabled Enable TXT record encryption

747

748

enabled: false

749

## @param txtEncrypt.aesKey 32-byte AES-256-GCM encryption key.

750

## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md#generating-the-txt-encryption-key

751

## Note: If txtEncrypt.enabled is enabled and txtEncrypt.aesKey is not set, a default key will be generated.

752

753

aesKey: ""

754

## @param txtEncrypt.secretName Use an existing secret with key "txt_aes_encryption_key" defined.

755

## This ignores txtEncrypt.aesKey

756

757

secretName: ""

758

## @param extraArgs Extra arguments to be passed to external-dns

759

760

extraArgs: {}

761

##extraArgs:

762

## rfc2136-zone:

763

## - extra-zone1.com

764

## - extra-zone2.com

765

## @param extraEnvVars An array to add extra env vars

766

767

extraEnvVars: []

768

## @param extraEnvVarsCM ConfigMap containing extra env vars

769

770

extraEnvVarsCM: ""

771

## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)

772

773

extraEnvVarsSecret: ""

774

## @param lifecycleHooks [object] Override default etcd container hooks

775

776

lifecycleHooks: {}

777

## @param schedulerName Alternative scheduler

778

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

779

780

schedulerName: ""

781

## @param topologySpreadConstraints Topology Spread Constraints for pod assignment

782

## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

783

## The value is evaluated as a template

784

785

topologySpreadConstraints: []

786

## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`

787

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

788

789

podAffinityPreset: ""

790

## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`

791

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

792

## Allowed values: soft, hard

793

794

podAntiAffinityPreset: soft

795

## Node affinity preset

796

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

797

798

nodeAffinityPreset:

799

## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`

800

801

type: ""

802

## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.

803

## E.g.

804

## key: "kubernetes.io/e2e-az-name"

805

806

key: ""

807

## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.

808

## E.g.

809

## values:

810

## - e2e-az1

811

## - e2e-az2

812

813

values: []

814

## @param affinity Affinity for pod assignment

815

## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

816

## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set

817

818

affinity: {}

819

## @param nodeSelector Node labels for pod assignment

820

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

821

822

nodeSelector: {}

823

## @param tolerations Tolerations for pod assignment

824

## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

825

826

tolerations: []

827

## @param podAnnotations Additional annotations to apply to the pod.

828

829

podAnnotations: {}

830

## @param podLabels Additional labels to be added to pods

831

832

podLabels: {}

833

## @param priorityClassName priorityClassName

834

835

priorityClassName: ""

836

## @param secretAnnotations Additional annotations to apply to the secret

837

838

secretAnnotations: {}

839

## Options for the source type "crd"

840

841

crd:

842

## @param crd.create Install and use the integrated DNSEndpoint CRD

843

844

create: false

845

## @param crd.apiversion Sets the API version for the CRD to watch

846

847

apiversion: ""

848

## @param crd.kind Sets the kind for the CRD to watch

849

850

kind: ""

851

## Kubernetes svc configutarion

852

853

service:

854

## @param service.enabled Whether to create Service resource or not

855

856

enabled: true

857

## @param service.type Kubernetes Service type

858

859

type: ClusterIP

860

## @param service.ports.http ExternalDNS client port

861

862

ports:

863

http: 7979

864

## @param service.nodePorts.http Port to bind to for NodePort service type (client port)

865

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

866

867

nodePorts:

868

http: ""

869

## @param service.clusterIP IP address to assign to service

870

871

clusterIP: ""

872

## @param service.externalIPs Service external IP addresses

873

874

externalIPs: []

875

## @param service.externalName Service external name

876

877

externalName: ""

878

## @param service.loadBalancerIP IP address to assign to load balancer (if supported)

879

880

loadBalancerIP: ""

881

## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported)

882

883

loadBalancerSourceRanges: []

884

## @param service.externalTrafficPolicy Enable client source IP preservation

885

## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

886

887

externalTrafficPolicy: Cluster

888

## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)

889

890

extraPorts: []

891

## @param service.annotations Annotations to add to service

892

## set the LoadBalancer service type to internal only.

893

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

894

895

annotations: {}

896

## @param service.labels Provide any additional labels which may be required.

897

## This can be used to have external-dns show up in `kubectl cluster-info`

898

## kubernetes.io/cluster-service: "true"

899

## kubernetes.io/name: "external-dns"

900

901

labels: {}

902

## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

903

## If "ClientIP", consecutive client requests will be directed to the same Pod

904

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

905

906

sessionAffinity: None

907

## @param service.sessionAffinityConfig Additional settings for the sessionAffinity

908

## sessionAffinityConfig:

909

## clientIP:

910

## timeoutSeconds: 300

911

912

sessionAffinityConfig: {}

913

## Network Policies

914

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

915

916

networkPolicy:

917

## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created

918

919

enabled: true

920

## @param networkPolicy.allowExternal Don't require server label for connections

921

## The Policy model to apply. When set to false, only pods with the correct

922

## server label will have network access to the ports server is listening

923

## on. When true, server will accept connections from any source

924

## (with the correct destination port).

925

926

allowExternal: true

927

## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

928

929

allowExternalEgress: true

930

## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

931

932

kubeAPIServerPorts: [443, 6443, 8443]

933

## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

934

## e.g:

935

## extraIngress:

936

## - ports:

937

## - port: 1234

938

## from:

939

## - podSelector:

940

## - matchLabels:

941

## - role: frontend

942

## - podSelector:

943

## - matchExpressions:

944

## - key: role

945

## operator: In

946

## values:

947

## - frontend

948

extraIngress: []

949

## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

950

## e.g:

951

## extraEgress:

952

## - ports:

953

## - port: 1234

954

## to:

955

## - podSelector:

956

## - matchLabels:

957

## - role: frontend

958

## - podSelector:

959

## - matchExpressions:

960

## - key: role

961

## operator: In

962

## values:

963

## - frontend

964

965

extraEgress: []

966

## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

967

## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

968

969

ingressNSMatchLabels: {}

970

ingressNSPodMatchLabels: {}

971

## ServiceAccount parameters

972

## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

973

974

serviceAccount:

975

## @param serviceAccount.create Determine whether a Service Account should be created or it should reuse a exiting one.

976

977

create: true

978

## @param serviceAccount.name ServiceAccount to use. A name is generated using the common.names.fullname template if it is not set

979

980

981

## @param serviceAccount.annotations Additional Service Account annotations

982

983

annotations: {}

984

## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.

985

986

automountServiceAccountToken: false

987

## @param serviceAccount.labels [object] Additional labels to be included on the service account

988

989

labels: {}

990

## RBAC parameters

991

## https://kubernetes.io/docs/reference/access-authn-authz/rbac/

992

993

rbac:

994

## @param rbac.create Whether to create & use RBAC resources or not

995

996

create: true

997

## @param rbac.clusterRole Whether to create Cluster Role. When set to false creates a Role in `namespace`

998

999

clusterRole: true

1000

## @param rbac.apiVersion Version of the RBAC API

1001

1002

apiVersion: v1

1003

## @param rbac.pspEnabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later

1004

1005

pspEnabled: false

1006

## @param containerSecurityContext.enabled Enabled Apache Server containers' Security Context

1007

## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1008

## @param containerSecurityContext.runAsUser Set ExternalDNS containers' Security Context runAsUser

1009

## @param containerSecurityContext.runAsGroup Set ExternalDNS containers' Security Context runAsGroup

1010

## @param containerSecurityContext.runAsNonRoot Set ExternalDNS container's Security Context runAsNonRoot

1011

## @param containerSecurityContext.privileged Set primary container's Security Context privileged

1012

## @param containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation

1013

## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped

1014

## @param containerSecurityContext.readOnlyRootFilesystem Set container readonlyRootFilesystem

1015

## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

1016

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1017

## Example:

1018

## containerSecurityContext:

1019

## allowPrivilegeEscalation: false

1020

## readOnlyRootFilesystem: true

1021

## capabilities:

1022

## drop: ["ALL"]

1023

1024

containerSecurityContext:

1025

enabled: true

1026

seLinuxOptions: {}

1027

runAsUser: 1001

1028

runAsGroup: 1001

1029

runAsNonRoot: true

1030

privileged: false

1031

allowPrivilegeEscalation: false

1032

readOnlyRootFilesystem: true

1033

capabilities:

1034

drop: ["ALL"]

1035

seccompProfile:

1036

type: "RuntimeDefault"

1037

## @param podSecurityContext.enabled Enable pod security context

1038

## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

1039

## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface

1040

## @param podSecurityContext.supplementalGroups Set filesystem extra groups

1041

## @param podSecurityContext.fsGroup Group ID for the container

1042

1043

podSecurityContext:

1044

enabled: true

1045

fsGroupChangePolicy: Always

1046

sysctls: []

1047

supplementalGroups: []

1048

fsGroup: 1001

1049

## Container resource requests and limits

1050

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1051

## We usually recommend not to specify default resources and to leave this as a conscious

1052

## choice for the user. This also increases chances charts run on environments with little

1053

## resources, such as Minikube. If you do want to specify resources, uncomment the following

1054

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

1055

## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).

1056

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1057

1058

resourcesPreset: "nano"

1059

## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1060

## Example:

1061

## resources:

1062

## requests:

1063

## cpu: 2

1064

## memory: 512Mi

1065

## limits:

1066

## cpu: 3

1067

## memory: 1024Mi

1068

1069

resources: {}

1070

## Configure extra options for liveness probe

1071

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1072

## @param livenessProbe.enabled Enable livenessProbe

1073

## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1074

## @param livenessProbe.periodSeconds Period seconds for livenessProbe

1075

## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1076

## @param livenessProbe.failureThreshold Failure threshold for livenessProbe

1077

## @param livenessProbe.successThreshold Success threshold for livenessProbe

1078

1079

livenessProbe:

1080

enabled: true

1081

initialDelaySeconds: 10

1082

periodSeconds: 10

1083

timeoutSeconds: 5

1084

failureThreshold: 2

1085

successThreshold: 1

1086

## Configure extra options for readiness probe

1087

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1088

## @param readinessProbe.enabled Enable readinessProbe

1089

## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1090

## @param readinessProbe.periodSeconds Period seconds for readinessProbe

1091

## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1092

## @param readinessProbe.failureThreshold Failure threshold for readinessProbe

1093

## @param readinessProbe.successThreshold Success threshold for readinessProbe

1094

1095

readinessProbe:

1096

enabled: true

1097

initialDelaySeconds: 5

1098

periodSeconds: 10

1099

timeoutSeconds: 5

1100

failureThreshold: 6

1101

successThreshold: 1

1102

## Configure extra options for startup probe

1103

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-startup-probes/#configure-probes

1104

## @param startupProbe.enabled Enable startupProbe

1105

## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1106

## @param startupProbe.periodSeconds Period seconds for startupProbe

1107

## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe

1108

## @param startupProbe.failureThreshold Failure threshold for startupProbe

1109

## @param startupProbe.successThreshold Success threshold for startupProbe

1110

1111

startupProbe:

1112

enabled: false

1113

initialDelaySeconds: 5

1114

periodSeconds: 10

1115

timeoutSeconds: 5

1116

failureThreshold: 6

1117

successThreshold: 1

1118

## @param customLivenessProbe Override default liveness probe

1119

1120

customLivenessProbe: {}

1121

## @param customReadinessProbe Override default readiness probe

1122

1123

customReadinessProbe: {}

1124

## @param customStartupProbe Override default startup probe

1125

1126

customStartupProbe: {}

1127

## @param extraVolumes A list of volumes to be added to the pod

1128

1129

extraVolumes: []

1130

## @param extraVolumeMounts A list of volume mounts to be added to the pod

1131

1132

extraVolumeMounts: []

1133

## @param pdb.create Enable/disable a Pod Disruption Budget creation

1134

## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

1135

## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.

1136

1137

pdb:

1138

create: true

1139

minAvailable: ""

1140

maxUnavailable: ""

1141

## Prometheus Exporter / Metrics

1142

1143

metrics:

1144

## @param metrics.enabled Enable prometheus to access external-dns metrics endpoint

1145

1146

enabled: false

1147

## @param metrics.podAnnotations Annotations for enabling prometheus to access the metrics endpoint

1148

1149

podAnnotations: {}

1150

## Prometheus Operator ServiceMonitor configuration

1151

1152

serviceMonitor:

1153

## @param metrics.serviceMonitor.enabled Create ServiceMonitor object

1154

1155

enabled: false

1156

## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running

1157

1158

namespace: ""

1159

## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped

1160

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

1161

1162

interval: ""

1163

## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

1164

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

1165

1166

scrapeTimeout: ""

1167

## @param metrics.serviceMonitor.selector Additional labels for ServiceMonitor object

1168

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

1169

## e.g:

1170

## selector:

1171

## prometheus: my-prometheus

1172

1173

selector: {}

1174

## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint

1175

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

1176

1177

metricRelabelings: []

1178

## @param metrics.serviceMonitor.relabelings [array] Prometheus relabeling rules

1179

1180

relabelings: []

1181

## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint

1182

1183

honorLabels: false

1184

## @param metrics.serviceMonitor.labels Used to pass Labels that are required by the installed Prometheus Operator

1185

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec

1186

1187

labels: {}

1188

## @param metrics.serviceMonitor.targetLabels Labels from the Kubernetes service to be transferred to the created metrics

1189

targetLabels: []

1190

## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics

1191

podTargetLabels: []

1192

## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor

1193

1194

annotations: {}

1195

## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

1196

1197

jobLabel: ""

1198

## Google Managed Prometheus PodMonitor configuration

1199

1200

googlePodMonitor:

1201

## @param metrics.googlePodMonitor.enabled Create Google Managed Prometheus PodMonitoring object

1202

1203

enabled: false

1204

## @param metrics.googlePodMonitor.namespace Namespace in which PodMonitoring created

1205

1206

namespace: ""

1207

## @param metrics.googlePodMonitor.interval Interval at which metrics should be scraped by Google Managed Prometheus

1208

1209

interval: "60s"

1210

## @param metrics.googlePodMonitor.endpoint The endpoint for Google Managed Prometheus scraping the metrics

1211

1212

endpoint: /metrics

1213

The trusted source for open source

Talk to an expert

Privacy

Terms

external-dns

The trusted source for open source

Product

Solutions

Customers

Resources

Company