Allow configuring external-dns chart via profile config field

Since the external-dns chart configuration will differ greatly between providers, we cannot know what options the user needs to set. Instead, have them provide whatever config is needed and template that into the external-dns chart values. Signed-off-by: Robert Detjens <[email protected]>
osusec · Jan 13, 2025 · 7634941 · 7634941
1 parent ab12ec2
commit 7634941
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/...es/setup_manifests/external-dns.helm.yaml → ...setup_manifests/external-dns.helm.yaml.j2 b/...es/setup_manifests/external-dns.helm.yaml → ...setup_manifests/external-dns.helm.yaml.j2
@@ -13,7 +13,7 @@ spec:
     rbac:
       create: true
 
-    provider: aws
+    {{ provider_credentials | indent(4) }}
 
     # Watch these resources for new DNS records
     sources:
@@ -22,17 +22,19 @@ spec:
 
     policy: upsert-only
 
-    domainFilters: []
+    domainFilters:
+      - "{{ chal_domain }}"
 
     # These help tell which records are owned by external-dns.
     registry: "txt"
     txtOwnerId: "k8s-external-dns"
     txtPrefix: "k8s-owner."
 
-    # dont use any internal ips
     extraArgs:
+      # ignore any services with internal ips
       exclude-target-net: "10.0.0.0/8"
-      txt-wildcard-replacement: "star"
+      # special character replacement
+      txt-wildcard-replacement: star
 
     ## Limit external-dns resources
     resources:

diff --git a/src/cluster_setup/mod.rs b/src/cluster_setup/mod.rs
@@ -8,6 +8,7 @@ use k8s_openapi::{
 use kube::api::{DynamicObject, Patch, PatchParams};
 use kube::runtime::WatchStreamExt;
 use kube::{Api, ResourceExt};
+use minijinja::render;
 use serde;
 use serde_yml;
 use simplelog::*;
@@ -95,8 +96,18 @@ pub async fn install_extdns(profile: &config::ProfileConfig) -> Result<()> {
 
     let client = kube_client(profile).await?;
 
-    const CHART_YAML: &str = include_str!("../asset_files/setup_manifests/external-dns.helm.yaml");
-    apply_helm_crd(client, CHART_YAML).await
+    const CHART_RAW_YAML: &str =
+        include_str!("../asset_files/setup_manifests/external-dns.helm.yaml.j2");
+
+    // add profile dns: field directly to chart values
+    let chart_yaml = render!(
+        CHART_RAW_YAML,
+        provider_credentials => serde_yml::to_string(&profile.dns)?,
+        chal_domain => profile.challenges_domain
+    );
+    trace!("applying templated external-dns manifest:\n{}", chart_yaml);
+
+    apply_helm_crd(client, &chart_yaml).await
 }
 
 //