diff --git a/apis/installer/v1alpha1/ace_ace_types.go b/apis/installer/v1alpha1/ace_ace_types.go
index 570a85254..b563ea485 100644
--- a/apis/installer/v1alpha1/ace_ace_types.go
+++ b/apis/installer/v1alpha1/ace_ace_types.go
@@ -259,7 +259,7 @@ type TLSIssuerAcme struct {
Email string `json:"email"`
}
-// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS
+// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS;azureDNS
type DNSProvider string
const (
@@ -267,6 +267,7 @@ const (
DNSProviderCloudflare DNSProvider = "cloudflare"
DNSProviderRoute53 DNSProvider = "route53"
DNSProviderCloudDNS DNSProvider = "cloudDNS"
+ DNSProviderAzureDNS DNSProvider = "azureDNS"
)
type InfraDns struct {
@@ -278,6 +279,7 @@ type DNSProviderAuth struct {
Cloudflare *CloudflareAuth `json:"cloudflare,omitempty"`
Route53 *Route53Auth `json:"route53,omitempty"`
CloudDNS *CloudDNSAuth `json:"cloudDNS,omitempty"`
+ AzureDNS *AzureDNSAuth `json:"azureDNS,omitempty"`
}
type CloudflareAuth struct {
@@ -297,6 +299,17 @@ type CloudDNSAuth struct {
GoogleServiceAccountJSONKey string `json:"GOOGLE_SERVICE_ACCOUNT_JSON_KEY"`
}
+type AzureDNSAuth struct {
+ SubscriptionID string `json:"subscriptionID"`
+ TenantID string `json:"tenantID"`
+ ResourceGroupName string `json:"resourceGroupName"`
+ HostedZoneName string `json:"hostedZoneName"`
+ ServicePrincipalAppID string `json:"servicePrincipalAppID"`
+ ServicePrincipalAppPassword string `json:"servicePrincipalAppPassword"`
+ // +optional
+ Environment string `json:"environment,omitempty"`
+}
+
// +kubebuilder:validation:Enum=gcs;s3;azure;swift
type ObjstoreProvider string
diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go
index ee77b30ea..e21263648 100644
--- a/apis/installer/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go
@@ -1357,6 +1357,21 @@ func (in *AzureAuth) DeepCopy() *AzureAuth {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AzureDNSAuth) DeepCopyInto(out *AzureDNSAuth) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureDNSAuth.
+func (in *AzureDNSAuth) DeepCopy() *AzureDNSAuth {
+ if in == nil {
+ return nil
+ }
+ out := new(AzureDNSAuth)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *B2) DeepCopyInto(out *B2) {
*out = *in
@@ -2328,6 +2343,11 @@ func (in *DNSProviderAuth) DeepCopyInto(out *DNSProviderAuth) {
*out = new(CloudDNSAuth)
**out = **in
}
+ if in.AzureDNS != nil {
+ in, out := &in.AzureDNS, &out.AzureDNS
+ *out = new(AzureDNSAuth)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSProviderAuth.
diff --git a/charts/ace/templates/dns/dns-cred.yaml b/charts/ace/templates/dns/dns-cred.yaml
index 99dc1fa75..de22f3ea5 100644
--- a/charts/ace/templates/dns/dns-cred.yaml
+++ b/charts/ace/templates/dns/dns-cred.yaml
@@ -24,4 +24,16 @@ stringData:
{{- if eq .Values.global.infra.dns.provider "cloudDNS" }}
GOOGLE_SERVICE_ACCOUNT_JSON_KEY: '{{ .Values.global.infra.dns.auth.cloudDNS.GOOGLE_SERVICE_ACCOUNT_JSON_KEY }}'
{{- end }}
+{{- if eq .Values.global.infra.dns.provider "azureDNS" }}
+ SERVICE_PRINCIPAL_PASSWORD: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppPassword }}
+ # https://github.com/kubeops/external-dns-operator/blob/master/examples/azure-credential.md
+ AZURE_CREDENTIAL_FILE: |
+ {
+ "tenantId": {{ .Values.global.infra.dns.auth.azureDNS.tenantID | quote }},
+ "subscriptionId": {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID | quote }},
+ "resourceGroup": {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName | quote }},
+ "aadClientId": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID | quote }},
+ "aadClientSecret": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppPassword | quote }}
+ }
+{{- end }}
{{- end }}
diff --git a/charts/ace/templates/ingress/issuer.yaml b/charts/ace/templates/ingress/issuer.yaml
index 359fe88b1..80afe2873 100644
--- a/charts/ace/templates/ingress/issuer.yaml
+++ b/charts/ace/templates/ingress/issuer.yaml
@@ -53,5 +53,25 @@ spec:
name: {{ include "ace.fullname" . }}-dns-cred
key: GOOGLE_SERVICE_ACCOUNT_JSON_KEY
{{- end }}
+ {{- if eq .Values.global.infra.dns.provider "route53" }}
+ route53:
+ accessKeyID: {{ .Values.global.infra.dns.auth.route53.AWS_ACCESS_KEY_ID }}
+ region: {{ .Values.global.infra.dns.auth.route53.AWS_REGION }}
+ secretAccessKeySecretRef:
+ name: {{ include "ace.fullname" . }}-dns-cred
+ key: AWS_SECRET_ACCESS_KEY
+ {{- end }}
+ {{- if eq .Values.global.infra.dns.provider "azureDNS" }}
+ azureDNS:
+ clientID: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID }}
+ clientSecretSecretRef:
+ name: {{ include "ace.fullname" . }}-dns-cred
+ key: SERVICE_PRINCIPAL_PASSWORD
+ subscriptionID: {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID }}
+ tenantID: {{ .Values.global.infra.dns.auth.azureDNS.tenantID }}
+ resourceGroupName: {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName }}
+ hostedZoneName: {{ .Values.global.infra.dns.auth.azureDNS.hostedZoneName }}
+ environment: {{ default "AzurePublicCloud" .Values.global.infra.dns.auth.azureDNS.environment }}
+ {{- end }}
{{- end }}
{{- end }}
diff --git a/charts/ace/values.openapiv3_schema.yaml b/charts/ace/values.openapiv3_schema.yaml
index b9855eb91..4d41955bf 100644
--- a/charts/ace/values.openapiv3_schema.yaml
+++ b/charts/ace/values.openapiv3_schema.yaml
@@ -3702,6 +3702,30 @@ properties:
properties:
auth:
properties:
+ azureDNS:
+ properties:
+ environment:
+ type: string
+ hostedZoneName:
+ type: string
+ resourceGroupName:
+ type: string
+ servicePrincipalAppID:
+ type: string
+ servicePrincipalAppPassword:
+ type: string
+ subscriptionID:
+ type: string
+ tenantID:
+ type: string
+ required:
+ - hostedZoneName
+ - resourceGroupName
+ - servicePrincipalAppID
+ - servicePrincipalAppPassword
+ - subscriptionID
+ - tenantID
+ type: object
cloudDNS:
properties:
GOOGLE_PROJECT_ID:
@@ -3741,6 +3765,7 @@ properties:
- cloudflare
- route53
- cloudDNS
+ - azureDNS
type: string
required:
- auth
diff --git a/charts/ace/values.yaml b/charts/ace/values.yaml
index 1451e4417..bfcda89e1 100644
--- a/charts/ace/values.yaml
+++ b/charts/ace/values.yaml
@@ -150,6 +150,18 @@ global:
# cloudDNS:
# GOOGLE_PROJECT_ID: "project-id"
# GOOGLE_SERVICE_ACCOUNT_JSON_KEY: xyz
+ # azureDNS:
+ # subscriptionID: "azure-subscription-id"
+ # tenantID: "azure-tenant-id"
+ # resourceGroupName: "resource-group-name"
+ # hostedZoneName: "zone-name-for-hosted-domain"
+ # servicePrincipalAppID: "service-principal-id"
+ # servicePrincipalAppPassword: "service-principal-app"
+ # environment: AzurePublicCloud
+ # route53:
+ # AWS_ACCESS_KEY_ID: "access-id"
+ # AWS_SECRET_ACCESS_KEY: "secret-key"
+ # AWS_REGION: "us-east-1"
# KMS and Object Store services are required
# set provider to empty to disable this feature
objstore:
diff --git a/charts/opscenter-features/README.md b/charts/opscenter-features/README.md
index f6654aafd..e2abe9ec3 100644
--- a/charts/opscenter-features/README.md
+++ b/charts/opscenter-features/README.md
@@ -52,67 +52,67 @@ The following table lists the configurable parameters of the `opscenter-features
| release.channel | Release channel used for charts. Possible values: stable, testing, dev | dev |
| repositories.stable.interval | | 30m0s |
| repositories.stable.url | | oci://ghcr.io/appscode-charts/stable |
-| repositories.stable.timeout | | 60s |
+| repositories.stable.timeout | | 1m0s |
| repositories.testing.interval | | 30m0s |
| repositories.testing.url | | oci://ghcr.io/appscode-charts/testing |
-| repositories.testing.timeout | | 60s |
+| repositories.testing.timeout | | 1m0s |
| repositories.appscode.interval | | 30m0s |
| repositories.appscode.url | | https://charts.appscode.com/stable |
-| repositories.appscode.timeout | | 60s |
+| repositories.appscode.timeout | | 1m0s |
| repositories.aws-ebs-csi-driver.interval | | 30m0s |
| repositories.aws-ebs-csi-driver.url | | https://kubernetes-sigs.github.io/aws-ebs-csi-driver |
-| repositories.aws-ebs-csi-driver.timeout | | 60s |
+| repositories.aws-ebs-csi-driver.timeout | | 1m0s |
| repositories.bytebuilders-ui.interval | | 30m0s |
| repositories.bytebuilders-ui.url | | oci://r.byte.builders/charts |
-| repositories.bytebuilders-ui.timeout | | 60s |
+| repositories.bytebuilders-ui.timeout | | 1m0s |
| repositories.bytebuilders.interval | | 30m0s |
| repositories.bytebuilders.url | | https://charts.appscode.com/stable |
-| repositories.bytebuilders.timeout | | 60s |
+| repositories.bytebuilders.timeout | | 1m0s |
| repositories.cluster-autoscaler.interval | | 30m0s |
| repositories.cluster-autoscaler.url | | https://kubernetes.github.io/autoscaler |
-| repositories.cluster-autoscaler.timeout | | 60s |
+| repositories.cluster-autoscaler.timeout | | 1m0s |
| repositories.crossplane.interval | | 30m0s |
| repositories.crossplane.url | | https://charts.crossplane.io/stable |
-| repositories.crossplane.timeout | | 60s |
+| repositories.crossplane.timeout | | 1m0s |
| repositories.falcosecurity.interval | | 30m0s |
| repositories.falcosecurity.url | | https://falcosecurity.github.io/charts |
-| repositories.falcosecurity.timeout | | 60s |
+| repositories.falcosecurity.timeout | | 1m0s |
| repositories.gatekeeper.interval | | 30m0s |
| repositories.gatekeeper.url | | https://open-policy-agent.github.io/gatekeeper/charts |
-| repositories.gatekeeper.timeout | | 60s |
+| repositories.gatekeeper.timeout | | 1m0s |
| repositories.jetstack.interval | | 30m0s |
| repositories.jetstack.url | | https://charts.jetstack.io |
-| repositories.jetstack.timeout | | 60s |
+| repositories.jetstack.timeout | | 1m0s |
| repositories.kedacore.interval | | 30m0s |
| repositories.kedacore.url | | https://kedacore.github.io/charts |
-| repositories.kedacore.timeout | | 60s |
+| repositories.kedacore.timeout | | 1m0s |
| repositories.kubedb.interval | | 30m0s |
| repositories.kubedb.url | | https://charts.appscode.com/stable |
-| repositories.kubedb.timeout | | 60s |
+| repositories.kubedb.timeout | | 1m0s |
| repositories.kubeops.interval | | 30m0s |
| repositories.kubeops.url | | https://charts.appscode.com/stable |
-| repositories.kubeops.timeout | | 60s |
+| repositories.kubeops.timeout | | 1m0s |
| repositories.kubestash.interval | | 30m0s |
| repositories.kubestash.url | | https://charts.appscode.com/stable |
-| repositories.kubestash.timeout | | 60s |
+| repositories.kubestash.timeout | | 1m0s |
| repositories.kubevault.interval | | 30m0s |
| repositories.kubevault.url | | oci://r.byte.builders/charts |
-| repositories.kubevault.timeout | | 60s |
+| repositories.kubevault.timeout | | 1m0s |
| repositories.nats.interval | | 30m0s |
| repositories.nats.url | | https://nats-io.github.io/k8s/helm/charts/ |
-| repositories.nats.timeout | | 60s |
+| repositories.nats.timeout | | 1m0s |
| repositories.ocm.interval | | 30m0s |
| repositories.ocm.url | | oci://r.byte.builders/charts |
-| repositories.ocm.timeout | | 60s |
+| repositories.ocm.timeout | | 1m0s |
| repositories.opencost.interval | | 30m0s |
| repositories.opencost.url | | oci://r.byte.builders/charts |
-| repositories.opencost.timeout | | 60s |
+| repositories.opencost.timeout | | 1m0s |
| repositories.prometheus-community.interval | | 30m0s |
| repositories.prometheus-community.url | | https://prometheus-community.github.io/helm-charts |
-| repositories.prometheus-community.timeout | | 60s |
+| repositories.prometheus-community.timeout | | 1m0s |
| repositories.stashed.interval | | 30m0s |
| repositories.stashed.url | | https://charts.appscode.com/stable |
-| repositories.stashed.timeout | | 60s |
+| repositories.stashed.timeout | | 1m0s |
| registry.credentials | | {} |
| clusterManagers | | [] |
| capi.provider | | "" |
diff --git a/schema/ace-options/values.openapiv3_schema.yaml b/schema/ace-options/values.openapiv3_schema.yaml
index c466150d4..3f5bdb38d 100644
--- a/schema/ace-options/values.openapiv3_schema.yaml
+++ b/schema/ace-options/values.openapiv3_schema.yaml
@@ -389,6 +389,30 @@ properties:
properties:
auth:
properties:
+ azureDNS:
+ properties:
+ environment:
+ type: string
+ hostedZoneName:
+ type: string
+ resourceGroupName:
+ type: string
+ servicePrincipalAppID:
+ type: string
+ servicePrincipalAppPassword:
+ type: string
+ subscriptionID:
+ type: string
+ tenantID:
+ type: string
+ required:
+ - hostedZoneName
+ - resourceGroupName
+ - servicePrincipalAppID
+ - servicePrincipalAppPassword
+ - subscriptionID
+ - tenantID
+ type: object
cloudDNS:
properties:
GOOGLE_PROJECT_ID:
@@ -428,6 +452,7 @@ properties:
- cloudflare
- route53
- cloudDNS
+ - azureDNS
type: string
required:
- auth