59 lines
1.3 KiB
YAML
59 lines
1.3 KiB
YAML
# Service account configuration
|
|
serviceAccount:
|
|
create: true
|
|
name: externaldns
|
|
annotations: {}
|
|
|
|
# Provider configuration - using new format
|
|
provider:
|
|
name: rfc2136
|
|
|
|
# Domain filtering
|
|
domainFilters:
|
|
- "k8s.syd1.au.unkin.net"
|
|
- "200.18.198.in-addr.arpa"
|
|
|
|
# TXT registry configuration
|
|
txtOwnerId: "k8s"
|
|
registry: "txt"
|
|
|
|
# Enable deletion of records for dedicated DNS server
|
|
policy: "sync"
|
|
|
|
# Keep default sources
|
|
sources:
|
|
- service
|
|
- ingress
|
|
- gateway-httproute
|
|
- gateway-tlsroute
|
|
- gateway-grpcroute
|
|
- gateway-tcproute
|
|
- gateway-udproute
|
|
|
|
# Environment variables for TSIG secret and algorithm from Vault
|
|
env:
|
|
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: externaldns-tsig
|
|
key: secret
|
|
- name: EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: externaldns-tsig
|
|
key: algorithm
|
|
|
|
# RFC2136 configuration as arguments
|
|
extraArgs:
|
|
- --rfc2136-host=ausyd1nxvm2127.main.unkin.net
|
|
- --rfc2136-port=53
|
|
- --rfc2136-zone=k8s.syd1.au.unkin.net
|
|
- --rfc2136-zone=200.18.198.in-addr.arpa
|
|
- --rfc2136-tsig-keyname=externaldns-key
|
|
- --rfc2136-tsig-secret-alg=$(EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM)
|
|
- --rfc2136-tsig-axfr
|
|
- --rfc2136-tsig-secret=$(EXTERNAL_DNS_RFC2136_TSIG_SECRET)
|
|
- --ingress-class=nginx
|
|
|
|
logLevel: debug
|