Add AzureDNS related fields

Signed-off-by: Masudur Rahman <[email protected]>
appscode-cloud · Oct 17, 2023 · 1020621 · 1020621
1 parent 499845c
commit 1020621
Show file tree

Hide file tree

Showing 7 changed files with 116 additions and 1 deletion.
diff --git a/apis/installer/v1alpha1/ace_ace_types.go b/apis/installer/v1alpha1/ace_ace_types.go
@@ -259,14 +259,15 @@ type TLSIssuerAcme struct {
 	Email string `json:"email"`
 }
 
-// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS
+// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS;azureDNS
 type DNSProvider string
 
 const (
 	DNSProviderExternal   DNSProvider = "external"
 	DNSProviderCloudflare DNSProvider = "cloudflare"
 	DNSProviderRoute53    DNSProvider = "route53"
 	DNSProviderCloudDNS   DNSProvider = "cloudDNS"
+	DNSProviderAzureDNS   DNSProvider = "azureDNS"
 )
 
 type InfraDns struct {
@@ -278,6 +279,7 @@ type DNSProviderAuth struct {
 	Cloudflare *CloudflareAuth `json:"cloudflare,omitempty"`
 	Route53    *Route53Auth    `json:"route53,omitempty"`
 	CloudDNS   *CloudDNSAuth   `json:"cloudDNS,omitempty"`
+	AzureDNS   *AzureDNSAuth   `json:"azureDNS,omitempty"`
 }
 
 type CloudflareAuth struct {
@@ -297,6 +299,17 @@ type CloudDNSAuth struct {
 	GoogleServiceAccountJSONKey string `json:"GOOGLE_SERVICE_ACCOUNT_JSON_KEY"`
 }
 
+type AzureDNSAuth struct {
+	SubscriptionID              string `json:"subscriptionID"`
+	TenantID                    string `json:"tenantID"`
+	ResourceGroupName           string `json:"resourceGroupName"`
+	HostedZoneName              string `json:"hostedZoneName"`
+	ServicePrincipalAppID       string `json:"servicePrincipalAppID"`
+	ServicePrincipalAppPassword string `json:"servicePrincipalAppPassword"`
+	// +optional
+	Environment string `json:"environment,omitempty"`
+}
+
 // +kubebuilder:validation:Enum=gcs;s3;azure;swift
 type ObjstoreProvider string
 

diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/ace/templates/dns/dns-cred.yaml b/charts/ace/templates/dns/dns-cred.yaml
@@ -24,4 +24,16 @@ stringData:
 {{- if eq .Values.global.infra.dns.provider "cloudDNS" }}
   GOOGLE_SERVICE_ACCOUNT_JSON_KEY: '{{ .Values.global.infra.dns.auth.cloudDNS.GOOGLE_SERVICE_ACCOUNT_JSON_KEY }}'
 {{- end }}
+{{- if eq .Values.global.infra.dns.provider "azureDNS" }}
+  SERVICE_PRINCIPAL_PASSWORD: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppSecret }}
+  # https://github.com/kubeops/external-dns-operator/blob/master/examples/azure-credential.md
+  AZURE_CREDENTIAL_FILE: |
+    {
+      "tenantId": {{ .Values.global.infra.dns.auth.azureDNS.tenantID | quote }},
+      "subscriptionId": {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID | quote }},
+      "resourceGroup": {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName | quote }},
+      "aadClientId": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID | quote }},
+      "aadClientSecret": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppSecret | quote }}
+    }
+{{- end }}
 {{- end }}
diff --git a/charts/ace/templates/ingress/issuer.yaml b/charts/ace/templates/ingress/issuer.yaml
@@ -61,5 +61,17 @@ spec:
             name: {{ include "ace.fullname" . }}-dns-cred
             key: AWS_SECRET_ACCESS_KEY
       {{- end }}
+      {{- if eq.global.infra.dns.provider "azureDNS" }}
+        azureDNS:
+          clientID: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID }}
+          clientSecretSecretRef:
+            name: {{ include "ace.fullname" . }}-dns-cred
+            key: SERVICE_PRINCIPAL_PASSWORD
+          subscriptionID: {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID }}
+          tenantID: {{ .Values.global.infra.dns.auth.azureDNS.tenantID }}
+          resourceGroupName: {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName }}
+          hostedZoneName: {{ .Values.global.infra.dns.auth.azureDNS.hostedZoneName }}
+          environment: {{ default "AzurePublicCloud" .Values.global.infra.dns.auth.azureDNS.environment }}
+      {{- end }}
   {{- end }}
 {{- end }}
diff --git a/charts/ace/values.openapiv3_schema.yaml b/charts/ace/values.openapiv3_schema.yaml
@@ -3702,6 +3702,30 @@ properties:
             properties:
               auth:
                 properties:
+                  azureDNS:
+                    properties:
+                      environment:
+                        type: string
+                      hostedZoneName:
+                        type: string
+                      resourceGroupName:
+                        type: string
+                      servicePrincipalAppID:
+                        type: string
+                      servicePrincipalAppPassword:
+                        type: string
+                      subscriptionID:
+                        type: string
+                      tenantID:
+                        type: string
+                    required:
+                    - hostedZoneName
+                    - resourceGroupName
+                    - servicePrincipalAppID
+                    - servicePrincipalAppPassword
+                    - subscriptionID
+                    - tenantID
+                    type: object
                   cloudDNS:
                     properties:
                       GOOGLE_PROJECT_ID:
@@ -3741,6 +3765,7 @@ properties:
                 - cloudflare
                 - route53
                 - cloudDNS
+                - azureDNS
                 type: string
             required:
             - auth

diff --git a/charts/ace/values.yaml b/charts/ace/values.yaml
@@ -150,6 +150,14 @@ global:
         # cloudDNS:
           # GOOGLE_PROJECT_ID: "project-id"
           # GOOGLE_SERVICE_ACCOUNT_JSON_KEY: xyz
+        # azureDNS:
+          # subscriptionID: "azure-subscription-id"
+          # tenantID: "azure-tenant-id"
+          # resourceGroupName: "resource-group-name"
+          # hostedZoneName: "zone-name-for-hosted-domain"
+          # servicePrincipalAppID: "service-principal-id"
+          # servicePrincipalAppPassword: "service-principal-app"
+          # environment: AzurePublicCloud
         # route53:
           # AWS_ACCESS_KEY_ID: "access-id"
           # AWS_SECRET_ACCESS_KEY: "secret-key"

diff --git a/schema/ace-options/values.openapiv3_schema.yaml b/schema/ace-options/values.openapiv3_schema.yaml
@@ -389,6 +389,30 @@ properties:
         properties:
           auth:
             properties:
+              azureDNS:
+                properties:
+                  environment:
+                    type: string
+                  hostedZoneName:
+                    type: string
+                  resourceGroupName:
+                    type: string
+                  servicePrincipalAppID:
+                    type: string
+                  servicePrincipalAppPassword:
+                    type: string
+                  subscriptionID:
+                    type: string
+                  tenantID:
+                    type: string
+                required:
+                - hostedZoneName
+                - resourceGroupName
+                - servicePrincipalAppID
+                - servicePrincipalAppPassword
+                - subscriptionID
+                - tenantID
+                type: object
               cloudDNS:
                 properties:
                   GOOGLE_PROJECT_ID:
@@ -428,6 +452,7 @@ properties:
             - cloudflare
             - route53
             - cloudDNS
+            - azureDNS
             type: string
         required:
         - auth