diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index ae13584e5b..7d8a671164 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -15,7 +15,7 @@ dependencies: version: 0.24.0 repository: https://cloudnative-pg.github.io/charts - name: external-dns - version: 8.7.8 + version: 8.8.6 repository: https://charts.bitnami.com/bitnami - name: falco version: 3.8.5 diff --git a/charts/external-dns/Chart.lock b/charts/external-dns/Chart.lock index 9fdc737d52..9b175ff468 100644 --- a/charts/external-dns/Chart.lock +++ b/charts/external-dns/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.30.0 -digest: sha256:46afdf79eae69065904d430f03f7e5b79a148afed20aa45ee83ba88adc036169 -generated: "2025-02-19T17:06:43.001843167Z" + version: 2.31.0 +digest: sha256:c4c9af4e0ca23cf2c549e403b2a2bba2c53a3557cee23da09fa4cdf710044c2c +generated: "2025-05-06T10:08:42.852213908+02:00" diff --git a/charts/external-dns/Chart.yaml b/charts/external-dns/Chart.yaml index e5177ebf5d..d3ef631514 100644 --- a/charts/external-dns/Chart.yaml +++ b/charts/external-dns/Chart.yaml @@ -2,11 +2,11 @@ annotations: category: DeveloperTools images: | - name: external-dns - image: docker.io/bitnami/external-dns:0.16.1-debian-12-r0 + image: docker.io/bitnami/external-dns:0.17.0-debian-12-r5 licenses: Apache-2.0 tanzuCategory: clusterUtility apiVersion: v2 -appVersion: 0.16.1 +appVersion: 0.17.0 dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts @@ -27,4 +27,4 @@ maintainers: name: external-dns sources: - https://github.com/bitnami/charts/tree/main/bitnami/external-dns -version: 8.7.8 +version: 8.8.6 diff --git a/charts/external-dns/README.md b/charts/external-dns/README.md index a6344a934a..34b3b47440 100644 --- a/charts/external-dns/README.md +++ b/charts/external-dns/README.md @@ -20,8 +20,6 @@ Looking to use ExternalDNS in production? Try [VMware Tanzu Application Catalog] This chart bootstraps a [ExternalDNS](https://github.com/bitnami/containers/tree/main/bitnami/external-dns) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - ## Prerequisites - Kubernetes 1.23+ @@ -343,6 +341,7 @@ helm install my-release \ | `registry` | Registry method to use (options: txt, aws-sd, dynamodb, noop) | `txt` | | `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) (Mutual exclusive with txt-suffix) | `""` | | `txtSuffix` | When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix) | `""` | +| `txtNewFormatOnly` | When using the TXT registry, use only the new format for ownership records (optional) | `false` | | `txtOwnerId` | A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional) | `""` | | `forceTxtOwnerId` | (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional) | `false` | | `txtEncrypt.enabled` | Enable TXT record encryption | `false` | diff --git a/charts/external-dns/charts/common/Chart.yaml b/charts/external-dns/charts/common/Chart.yaml index 10fc86a4e8..49ec73d7c0 100644 --- a/charts/external-dns/charts/common/Chart.yaml +++ b/charts/external-dns/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.30.0 +appVersion: 2.31.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts/tree/main/bitnami/common type: library -version: 2.30.0 +version: 2.31.0 diff --git a/charts/external-dns/charts/common/README.md b/charts/external-dns/charts/common/README.md index 0e5f649928..b84bbbabfc 100644 --- a/charts/external-dns/charts/common/README.md +++ b/charts/external-dns/charts/common/README.md @@ -39,6 +39,152 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment ## Parameters +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +| ------------------------------- | ---------------------------------------------------- | ------------------------------------------------------------ | +| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes` | Return a nodeAffinity definition | `dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` | +| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods` | Return a podAffinity/podAntiAffinity definition | `dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | --------------------------------------- | +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.apiVersions.has` | Return true if the apiVersion is supported | `dict "version" "batch/v1" "context" $` | +| `common.capabilities.job.apiVersion` | Return the appropriate apiVersion for job. | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.daemonset.apiVersion` | Return the appropriate apiVersion for daemonset. | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | +| `common.capabilities.vpa.apiVersion` | Return the appropriate apiVersion for Vertical Pod Autoscaler. | `.` Chart context | +| `common.capabilities.psp.supported` | Returns true if PodSecurityPolicy is supported | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | +| `common.capabilities.admissionConfiguration.supported` | Returns true if AdmissionConfiguration is supported | `.` Chart context | +| `common.capabilities.admissionConfiguration.apiVersion` | Return the appropriate apiVersion for AdmissionConfiguration. | `.` Chart context | +| `common.capabilities.podSecurityConfiguration.apiVersion` | Return the appropriate apiVersion for PodSecurityConfiguration. | `.` Chart context | + +### Compatibility + +| Helper identifier | Description | Expected Input | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | +| `common.compatibility.isOpenshift` | Return true if the detected platform is Openshift | `.` Chart context | +| `common.compatibility.renderSecurityContext` | Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC | `dict "secContext" .Values.containerSecurityContext "context" $` | + +### Errors + +| Helper identifier | Description | Expected Input | +| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | +| `common.errors.insecureImages` | Throw error when original container images are replaced. The error can be bypassed by setting the `global.security.allowInsecureImages` to true. | `dict "images" (list .Values.path.to.the.imageRoot) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +| --------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | +| `common.images.version` | Return the proper image version | `dict "imageRoot" .Values.path.to.the.image "chart" .Chart` , see [ImageRoot](#imageroot) for the structure. | + +### Ingress + +| Helper identifier | Description | Expected Input | +| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +| --------------------------- | --------------------------------------------------------------------------- | ----------------- | +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +| ---------------------------------- | --------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | +| `common.names.dependency.fullname` | Create a default fully qualified dependency name. | `dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $` | + +### Resources + +| Helper identifier | Description | Expected Input | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `common.resources.preset` | Return a resource request/limit object based on a given preset. These presets are for basic testing and not meant to be used in production. | `dict "type" "nano"` | + +### Secrets + +| Helper identifier | Description | Expected Input | +| --------------------------------- | -------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "honorProvidedValues" false "context" $`, length, strong, honorProvidedValues and chartName fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | +| `common.secrets.lookup` | Reuses the value from an existing secret, otherwise sets its value to a default value. | `dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +| ---------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------- | +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +| ---------------------------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | +| `common.tplvalues.merge` | Merge a list of values that contains template after rendering them. | `dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $` | +| `common.tplvalues.merge-overwrite` | Merge a list of values that contains template after rendering them. | `dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $` | + +### Utils + +| Helper identifier | Description | Expected Input | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | +| `common.utils.checksumTemplate` | Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376) | `dict "path" "/configmap.yaml" "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +| -------------------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------- | +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | +| `common.warnings.modifiedImages` | Warning about replaced images from the original. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | +| `common.warnings.resources` | Warning about not setting the resource object in all deployments. | `dict "sections" (list "path1" "path2") context $` | + ## Special input schemas ### ImageRoot diff --git a/charts/external-dns/charts/common/templates/_affinities.tpl b/charts/external-dns/charts/common/templates/_affinities.tpl index d387dbe632..c6ccc62e2f 100644 --- a/charts/external-dns/charts/common/templates/_affinities.tpl +++ b/charts/external-dns/charts/common/templates/_affinities.tpl @@ -82,7 +82,7 @@ preferredDuringSchedulingIgnoredDuringExecution: namespaces: - {{ .context.Release.Namespace }} {{- with $extraNamespaces }} - {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} {{- end }} {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} @@ -97,6 +97,13 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := .extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if .namespaces }} + namespaces: + - {{ $.context.Release.Namespace }} + {{- with .namespaces }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: {{ .weight | default 1 -}} {{- end -}} @@ -121,13 +128,13 @@ requiredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- if $extraNamespaces }} - namespaces: - - {{ .context.Release.Namespace }} - {{- with $extraNamespaces }} - {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} - {{- end }} + {{- if $extraNamespaces }} + namespaces: + - {{ .context.Release.Namespace }} + {{- with $extraNamespaces }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 6 }} {{- end }} + {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} {{- range $extraPodAffinityTerms }} - labelSelector: @@ -138,6 +145,13 @@ requiredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := .extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if .namespaces }} + namespaces: + - {{ $.context.Release.Namespace }} + {{- with .namespaces }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 6 }} + {{- end }} + {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} {{- end -}} {{- end -}} diff --git a/charts/external-dns/charts/common/templates/_capabilities.tpl b/charts/external-dns/charts/common/templates/_capabilities.tpl index 6423fb1163..6efde9d348 100644 --- a/charts/external-dns/charts/common/templates/_capabilities.tpl +++ b/charts/external-dns/charts/common/templates/_capabilities.tpl @@ -30,162 +30,93 @@ Usage: Return the appropriate apiVersion for poddisruptionbudget. */}} {{- define "common.capabilities.policy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} {{- print "policy/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for networkpolicy. */}} {{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for job. */}} {{- define "common.capabilities.job.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} {{- print "batch/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for cronjob. */}} {{- define "common.capabilities.cronjob.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} {{- print "batch/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for daemonset. */}} {{- define "common.capabilities.daemonset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} {{- print "apps/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for deployment. */}} {{- define "common.capabilities.deployment.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} {{- print "apps/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for statefulset. */}} {{- define "common.capabilities.statefulset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} {{- print "apps/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for ingress. */}} {{- define "common.capabilities.ingress.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if (.Values.ingress).apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} {{- print "networking.k8s.io/v1" -}} -{{- end }} {{- end -}} {{/* Return the appropriate apiVersion for RBAC resources. */}} {{- define "common.capabilities.rbac.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} {{- print "rbac.authorization.k8s.io/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for CRDs. */}} {{- define "common.capabilities.crd.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} {{- print "apiextensions.k8s.io/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for APIService. */}} {{- define "common.capabilities.apiService.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} {{- print "apiregistration.k8s.io/v1" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for Horizontal Pod Autoscaler. */}} {{- define "common.capabilities.hpa.apiVersion" -}} {{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} {{- print "autoscaling/v2" -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for Vertical Pod Autoscaler. */}} {{- define "common.capabilities.vpa.apiVersion" -}} {{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.11-0" $kubeVersion) -}} -{{- print "autoscaling/v1beta1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} {{- print "autoscaling/v1beta2" -}} {{- else -}} {{- print "autoscaling/v1" -}} @@ -207,19 +138,15 @@ Returns true if AdmissionConfiguration is supported */}} {{- define "common.capabilities.admissionConfiguration.supported" -}} {{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} {{- true -}} {{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for AdmissionConfiguration. */}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}} {{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} {{- print "apiserver.config.k8s.io/v1beta1" -}} {{- else -}} {{- print "apiserver.config.k8s.io/v1" -}} @@ -231,9 +158,7 @@ Return the appropriate apiVersion for PodSecurityConfiguration. */}} {{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} {{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} {{- print "pod-security.admission.config.k8s.io/v1beta1" -}} {{- else -}} {{- print "pod-security.admission.config.k8s.io/v1" -}} diff --git a/charts/external-dns/charts/common/templates/_errors.tpl b/charts/external-dns/charts/common/templates/_errors.tpl index 93f3ffc9be..95b8b8e292 100644 --- a/charts/external-dns/charts/common/templates/_errors.tpl +++ b/charts/external-dns/charts/common/templates/_errors.tpl @@ -82,4 +82,4 @@ Usage: {{- end -}} {{- print $warnString -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/external-dns/charts/common/templates/_ingress.tpl b/charts/external-dns/charts/common/templates/_ingress.tpl index 7d2b87985c..3973805657 100644 --- a/charts/external-dns/charts/common/templates/_ingress.tpl +++ b/charts/external-dns/charts/common/templates/_ingress.tpl @@ -17,11 +17,6 @@ Params: - context - Dict - Required. The context for the template evaluation. */}} {{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} service: name: {{ .serviceName }} port: @@ -31,33 +26,26 @@ service: number: {{ .servicePort | int }} {{- end }} {{- end -}} -{{- end -}} {{/* +TODO: Remove as soon it is removed from the rest of the charts Print "true" if the API pathType field is supported Usage: {{ include "common.ingress.supportsPathType" . }} */}} {{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} {{- print "true" -}} {{- end -}} -{{- end -}} {{/* +TODO: Remove as soon it is removed from the rest of the charts Returns true if the ingressClassname field is supported Usage: {{ include "common.ingress.supportsIngressClassname" . }} */}} {{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} {{- print "true" -}} {{- end -}} -{{- end -}} {{/* Return true if cert-manager required annotations for TLS signed diff --git a/charts/external-dns/charts/common/templates/_secrets.tpl b/charts/external-dns/charts/common/templates/_secrets.tpl index bfef46978d..7868c00ac0 100644 --- a/charts/external-dns/charts/common/templates/_secrets.tpl +++ b/charts/external-dns/charts/common/templates/_secrets.tpl @@ -110,12 +110,12 @@ The order in which this function returns a secret password: {{- end }} {{- if and $providedPasswordValue .honorProvidedValues }} - {{- $password = $providedPasswordValue | toString }} + {{- $password = tpl ($providedPasswordValue | toString) .context }} {{- end }} {{- if not $password }} {{- if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} + {{- $password = tpl ($providedPasswordValue | toString) .context }} {{- else }} {{- if .context.Values.enabled }} {{- $subchart = $chartName }} diff --git a/charts/external-dns/templates/clusterrole.yaml b/charts/external-dns/templates/clusterrole.yaml index 500c97b130..589ef799d1 100644 --- a/charts/external-dns/templates/clusterrole.yaml +++ b/charts/external-dns/templates/clusterrole.yaml @@ -111,6 +111,7 @@ rules: - cis.f5.com resources: - virtualservers + - transportservers verbs: - get - watch diff --git a/charts/external-dns/templates/crds/crd.yaml b/charts/external-dns/templates/crds/crd.yaml index 417820455a..f96e726f3a 100644 --- a/charts/external-dns/templates/crds/crd.yaml +++ b/charts/external-dns/templates/crds/crd.yaml @@ -1,5 +1,5 @@ -# Source: https://raw.githubusercontent.com/kubernetes-sigs/external-dns/v{version}/docs/sources/crd/crd-manifest.yaml -# Version: 0.16.1 +# Source: https://raw.githubusercontent.com/kubernetes-sigs/external-dns/refs/tags/v{version}/config/crd/standard/dnsendpoint.yaml +# Version: 0.17.0 # Conditional: .Values.crd.create {{- if .Values.crd.create }} --- @@ -8,7 +8,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/external-dns/pull/2007 - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: dnsendpoints.externaldns.k8s.io spec: group: externaldns.k8s.io diff --git a/charts/external-dns/templates/deployment.yaml b/charts/external-dns/templates/deployment.yaml index ede1f4e3e2..c11bc14717 100644 --- a/charts/external-dns/templates/deployment.yaml +++ b/charts/external-dns/templates/deployment.yaml @@ -159,6 +159,9 @@ spec: {{- if .Values.txtSuffix }} - --txt-suffix={{ .Values.txtSuffix }} {{- end }} + {{- if .Values.txtNewFormatOnly }} + - --txt-new-format-only + {{- end }} {{- end }} {{- if .Values.annotationFilter }} - --annotation-filter={{ .Values.annotationFilter }} @@ -635,6 +638,7 @@ spec: key: infoblox_wapi_password {{- end }} {{- end }} + {{- if eq .Values.provider "rfc2136" }} {{- if .Values.rfc2136.tsigSecret | or (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword) | or .Values.rfc2136.secretName }} # RFC 2136 environment variables {{- if .Values.rfc2136.rfc3645Enabled }} @@ -656,6 +660,7 @@ spec: key: rfc2136_tsig_secret {{- end }} {{- end }} + {{- end }} {{- if eq .Values.provider "pdns" }} # PowerDNS environment variables - name: PDNS_API_KEY diff --git a/charts/external-dns/values.yaml b/charts/external-dns/values.yaml index 0bc0d16328..6a3f1a7f61 100644 --- a/charts/external-dns/values.yaml +++ b/charts/external-dns/values.yaml @@ -75,7 +75,7 @@ kubeVersion: "" image: registry: docker.io repository: bitnami/external-dns - tag: 0.16.1-debian-12-r0 + tag: 0.17.0-debian-12-r5 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -822,6 +822,10 @@ txtPrefix: "" ## @param txtSuffix When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix) ## txtSuffix: "" +## @param txtNewFormatOnly When using the TXT registry, use only the new format for ownership records (optional) +## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md#record-format-options +## +txtNewFormatOnly: false ## @param txtOwnerId A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional) ## But other registry types might be added in the future. ##