# Service account configuration serviceAccount: create: true name: externaldns annotations: {} # Provider configuration - using new format provider: name: rfc2136 # Domain filtering domainFilters: - "k8s.syd1.au.unkin.net" - "200.18.198.in-addr.arpa" # TXT registry configuration txtOwnerId: "k8s" registry: "txt" # Enable deletion of records for dedicated DNS server policy: "sync" # Keep default sources sources: - service - ingress - gateway-httproute - gateway-grpcroute # Environment variables for TSIG secret and algorithm from Vault env: - name: EXTERNAL_DNS_RFC2136_TSIG_SECRET valueFrom: secretKeyRef: name: externaldns-tsig key: secret - name: EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM valueFrom: secretKeyRef: name: externaldns-tsig key: algorithm # RFC2136 configuration as arguments extraArgs: - --rfc2136-host=ausyd1nxvm2127.main.unkin.net - --rfc2136-port=53 - --rfc2136-zone=k8s.syd1.au.unkin.net - --rfc2136-zone=200.18.198.in-addr.arpa - --rfc2136-tsig-keyname=externaldns-key - --rfc2136-tsig-secret-alg=$(EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM) - --rfc2136-tsig-axfr - --rfc2136-tsig-secret=$(EXTERNAL_DNS_RFC2136_TSIG_SECRET) - --ingress-class=nginx logLevel: debug