feat(external-dns): Adding external-dns Chart

charts/external-dns/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: external-dns
+description: Helm Chart for deploying external-dns for Pi-Hole
+type: application
+version: 1.0.0

charts/external-dns/templates/NOTES.txt

@@ -0,0 +1,5 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+** Please be patient while the chart is being deployed **

charts/external-dns/templates/_helpers.tpl

@@ -0,0 +1,15 @@
+{{/* vim: set filetype=mustache: */}}
+{{/* Generate basic labels */}}
+{{- define "external-dns.labels" -}}
+app.kubernetes.io/name: external-dns
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.Version }}
+{{- end }}
+
+{{/* Generate Pod selector labels */}}
+{{- define "external-dns.selectorLabels" -}}
+app.kubernetes.io/name: external-dns
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/external-dns/templates/cluster-role-binding.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.rbac.name }}-viewer
+  labels:
+    {{- include "external-dns.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.Name }}-{{ .Values.rbac.name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.name }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/external-dns/templates/cluster-role.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.rbac.name }}
+  labels:
+    {{- include "external-dns.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["services", "endpoints", "pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list", "watch"]
+{{- end }}

charts/external-dns/templates/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "external-dns.labels" . | nindent 4 }}
+    {{- with .Values.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "external-dns.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "external-dns.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      securityContext:
+        fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes token files
+      containers:
+        - name: external-dns
+          image: {{ index .Values "external-dns" "image" }}
+          imagePullPolicy: {{ index .Values "external-dns" "imagePullPolicy" }}
+          env:
+            - name: EXTERNAL_DNS_PIHOLE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.pihole.secret.name }}
+                  key: {{ .Values.pihole.secret.key }}
+          args:
+            {{-  range index .Values "external-dns" "sources" }}
+            - --source={{ . }}
+            {{- end }}
+            - --registry={{ index .Values "external-dns" "registry" }}
+            - --policy={{ index .Values "external-dns" "policy" }}
+            - --provider={{ index .Values "external-dns" "provider" }}
+            - --pihole-server={{ .Values.pihole.server }}

charts/external-dns/templates/secret.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.pihole.secret.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.pihole.secret.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "external-dns.labels" . | nindent 4 }}
+stringData:
+  {{ .Values.pihole.secret.key }}: {{ .Values.pihole.secret.password }}
+{{- end }}

charts/external-dns/templates/service-account.yaml

@@ -0,0 +1,9 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "external-dns.labels" . | nindent 4 }}
+{{- end }}

charts/external-dns/values.yaml

@@ -0,0 +1,32 @@
+external-dns:
+  image: registry.k8s.io/external-dns/external-dns:v0.14.0
+  imagePullPolicy: IfNotPresent
+  sources: ["service", "ingress"]
+  registry: noop
+  policy: upsert-only
+  provider: pihole
+
+pihole:
+  server: ""
+  secret:
+    create: true
+    name: pihole-credentials
+    key: credentials
+    password: ""
+
+rbac:
+  create: true
+  name: external-dns
+
+serviceAccount:
+  create: true
+  name: external-dns
+  annotations: {}
+
+podAnnotations: {}
+
+podLabels: {}
+
+annotations: {}
+
+labels: {}