From 4f4d3b3bf1c8afd67de38a0cbe6a90ed02468372 Mon Sep 17 00:00:00 2001 From: Masudur Rahman Date: Tue, 17 Oct 2023 19:09:17 +0600 Subject: [PATCH] Add Route53 issuer options (#230) * Add Route53 issuer options Signed-off-by: Masudur Rahman * Add AzureDNS related fields Signed-off-by: Masudur Rahman --------- Signed-off-by: Masudur Rahman --- apis/installer/v1alpha1/ace_ace_types.go | 15 ++++++- .../v1alpha1/zz_generated.deepcopy.go | 20 +++++++++ charts/ace/templates/dns/dns-cred.yaml | 12 ++++++ charts/ace/templates/ingress/issuer.yaml | 20 +++++++++ charts/ace/values.openapiv3_schema.yaml | 25 +++++++++++ charts/ace/values.yaml | 12 ++++++ charts/opscenter-features/README.md | 42 +++++++++---------- .../ace-options/values.openapiv3_schema.yaml | 25 +++++++++++ 8 files changed, 149 insertions(+), 22 deletions(-) diff --git a/apis/installer/v1alpha1/ace_ace_types.go b/apis/installer/v1alpha1/ace_ace_types.go index 570a85254..b563ea485 100644 --- a/apis/installer/v1alpha1/ace_ace_types.go +++ b/apis/installer/v1alpha1/ace_ace_types.go @@ -259,7 +259,7 @@ type TLSIssuerAcme struct { Email string `json:"email"` } -// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS +// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS;azureDNS type DNSProvider string const ( @@ -267,6 +267,7 @@ const ( DNSProviderCloudflare DNSProvider = "cloudflare" DNSProviderRoute53 DNSProvider = "route53" DNSProviderCloudDNS DNSProvider = "cloudDNS" + DNSProviderAzureDNS DNSProvider = "azureDNS" ) type InfraDns struct { @@ -278,6 +279,7 @@ type DNSProviderAuth struct { Cloudflare *CloudflareAuth `json:"cloudflare,omitempty"` Route53 *Route53Auth `json:"route53,omitempty"` CloudDNS *CloudDNSAuth `json:"cloudDNS,omitempty"` + AzureDNS *AzureDNSAuth `json:"azureDNS,omitempty"` } type CloudflareAuth struct { @@ -297,6 +299,17 @@ type CloudDNSAuth struct { GoogleServiceAccountJSONKey string `json:"GOOGLE_SERVICE_ACCOUNT_JSON_KEY"` } +type AzureDNSAuth struct { + SubscriptionID string `json:"subscriptionID"` + TenantID string `json:"tenantID"` + ResourceGroupName string `json:"resourceGroupName"` + HostedZoneName string `json:"hostedZoneName"` + ServicePrincipalAppID string `json:"servicePrincipalAppID"` + ServicePrincipalAppPassword string `json:"servicePrincipalAppPassword"` + // +optional + Environment string `json:"environment,omitempty"` +} + // +kubebuilder:validation:Enum=gcs;s3;azure;swift type ObjstoreProvider string diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go index ee77b30ea..e21263648 100644 --- a/apis/installer/v1alpha1/zz_generated.deepcopy.go +++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go @@ -1357,6 +1357,21 @@ func (in *AzureAuth) DeepCopy() *AzureAuth { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureDNSAuth) DeepCopyInto(out *AzureDNSAuth) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureDNSAuth. +func (in *AzureDNSAuth) DeepCopy() *AzureDNSAuth { + if in == nil { + return nil + } + out := new(AzureDNSAuth) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *B2) DeepCopyInto(out *B2) { *out = *in @@ -2328,6 +2343,11 @@ func (in *DNSProviderAuth) DeepCopyInto(out *DNSProviderAuth) { *out = new(CloudDNSAuth) **out = **in } + if in.AzureDNS != nil { + in, out := &in.AzureDNS, &out.AzureDNS + *out = new(AzureDNSAuth) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSProviderAuth. diff --git a/charts/ace/templates/dns/dns-cred.yaml b/charts/ace/templates/dns/dns-cred.yaml index 99dc1fa75..de22f3ea5 100644 --- a/charts/ace/templates/dns/dns-cred.yaml +++ b/charts/ace/templates/dns/dns-cred.yaml @@ -24,4 +24,16 @@ stringData: {{- if eq .Values.global.infra.dns.provider "cloudDNS" }} GOOGLE_SERVICE_ACCOUNT_JSON_KEY: '{{ .Values.global.infra.dns.auth.cloudDNS.GOOGLE_SERVICE_ACCOUNT_JSON_KEY }}' {{- end }} +{{- if eq .Values.global.infra.dns.provider "azureDNS" }} + SERVICE_PRINCIPAL_PASSWORD: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppPassword }} + # https://github.com/kubeops/external-dns-operator/blob/master/examples/azure-credential.md + AZURE_CREDENTIAL_FILE: | + { + "tenantId": {{ .Values.global.infra.dns.auth.azureDNS.tenantID | quote }}, + "subscriptionId": {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID | quote }}, + "resourceGroup": {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName | quote }}, + "aadClientId": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID | quote }}, + "aadClientSecret": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppPassword | quote }} + } +{{- end }} {{- end }} diff --git a/charts/ace/templates/ingress/issuer.yaml b/charts/ace/templates/ingress/issuer.yaml index 359fe88b1..80afe2873 100644 --- a/charts/ace/templates/ingress/issuer.yaml +++ b/charts/ace/templates/ingress/issuer.yaml @@ -53,5 +53,25 @@ spec: name: {{ include "ace.fullname" . }}-dns-cred key: GOOGLE_SERVICE_ACCOUNT_JSON_KEY {{- end }} + {{- if eq .Values.global.infra.dns.provider "route53" }} + route53: + accessKeyID: {{ .Values.global.infra.dns.auth.route53.AWS_ACCESS_KEY_ID }} + region: {{ .Values.global.infra.dns.auth.route53.AWS_REGION }} + secretAccessKeySecretRef: + name: {{ include "ace.fullname" . }}-dns-cred + key: AWS_SECRET_ACCESS_KEY + {{- end }} + {{- if eq .Values.global.infra.dns.provider "azureDNS" }} + azureDNS: + clientID: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID }} + clientSecretSecretRef: + name: {{ include "ace.fullname" . }}-dns-cred + key: SERVICE_PRINCIPAL_PASSWORD + subscriptionID: {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID }} + tenantID: {{ .Values.global.infra.dns.auth.azureDNS.tenantID }} + resourceGroupName: {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName }} + hostedZoneName: {{ .Values.global.infra.dns.auth.azureDNS.hostedZoneName }} + environment: {{ default "AzurePublicCloud" .Values.global.infra.dns.auth.azureDNS.environment }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/ace/values.openapiv3_schema.yaml b/charts/ace/values.openapiv3_schema.yaml index b9855eb91..4d41955bf 100644 --- a/charts/ace/values.openapiv3_schema.yaml +++ b/charts/ace/values.openapiv3_schema.yaml @@ -3702,6 +3702,30 @@ properties: properties: auth: properties: + azureDNS: + properties: + environment: + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + servicePrincipalAppID: + type: string + servicePrincipalAppPassword: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - hostedZoneName + - resourceGroupName + - servicePrincipalAppID + - servicePrincipalAppPassword + - subscriptionID + - tenantID + type: object cloudDNS: properties: GOOGLE_PROJECT_ID: @@ -3741,6 +3765,7 @@ properties: - cloudflare - route53 - cloudDNS + - azureDNS type: string required: - auth diff --git a/charts/ace/values.yaml b/charts/ace/values.yaml index 1451e4417..bfcda89e1 100644 --- a/charts/ace/values.yaml +++ b/charts/ace/values.yaml @@ -150,6 +150,18 @@ global: # cloudDNS: # GOOGLE_PROJECT_ID: "project-id" # GOOGLE_SERVICE_ACCOUNT_JSON_KEY: xyz + # azureDNS: + # subscriptionID: "azure-subscription-id" + # tenantID: "azure-tenant-id" + # resourceGroupName: "resource-group-name" + # hostedZoneName: "zone-name-for-hosted-domain" + # servicePrincipalAppID: "service-principal-id" + # servicePrincipalAppPassword: "service-principal-app" + # environment: AzurePublicCloud + # route53: + # AWS_ACCESS_KEY_ID: "access-id" + # AWS_SECRET_ACCESS_KEY: "secret-key" + # AWS_REGION: "us-east-1" # KMS and Object Store services are required # set provider to empty to disable this feature objstore: diff --git a/charts/opscenter-features/README.md b/charts/opscenter-features/README.md index f6654aafd..e2abe9ec3 100644 --- a/charts/opscenter-features/README.md +++ b/charts/opscenter-features/README.md @@ -52,67 +52,67 @@ The following table lists the configurable parameters of the `opscenter-features | release.channel | Release channel used for charts. Possible values: stable, testing, dev | dev | | repositories.stable.interval | | 30m0s | | repositories.stable.url | | oci://ghcr.io/appscode-charts/stable | -| repositories.stable.timeout | | 60s | +| repositories.stable.timeout | | 1m0s | | repositories.testing.interval | | 30m0s | | repositories.testing.url | | oci://ghcr.io/appscode-charts/testing | -| repositories.testing.timeout | | 60s | +| repositories.testing.timeout | | 1m0s | | repositories.appscode.interval | | 30m0s | | repositories.appscode.url | | https://charts.appscode.com/stable | -| repositories.appscode.timeout | | 60s | +| repositories.appscode.timeout | | 1m0s | | repositories.aws-ebs-csi-driver.interval | | 30m0s | | repositories.aws-ebs-csi-driver.url | | https://kubernetes-sigs.github.io/aws-ebs-csi-driver | -| repositories.aws-ebs-csi-driver.timeout | | 60s | +| repositories.aws-ebs-csi-driver.timeout | | 1m0s | | repositories.bytebuilders-ui.interval | | 30m0s | | repositories.bytebuilders-ui.url | | oci://r.byte.builders/charts | -| repositories.bytebuilders-ui.timeout | | 60s | +| repositories.bytebuilders-ui.timeout | | 1m0s | | repositories.bytebuilders.interval | | 30m0s | | repositories.bytebuilders.url | | https://charts.appscode.com/stable | -| repositories.bytebuilders.timeout | | 60s | +| repositories.bytebuilders.timeout | | 1m0s | | repositories.cluster-autoscaler.interval | | 30m0s | | repositories.cluster-autoscaler.url | | https://kubernetes.github.io/autoscaler | -| repositories.cluster-autoscaler.timeout | | 60s | +| repositories.cluster-autoscaler.timeout | | 1m0s | | repositories.crossplane.interval | | 30m0s | | repositories.crossplane.url | | https://charts.crossplane.io/stable | -| repositories.crossplane.timeout | | 60s | +| repositories.crossplane.timeout | | 1m0s | | repositories.falcosecurity.interval | | 30m0s | | repositories.falcosecurity.url | | https://falcosecurity.github.io/charts | -| repositories.falcosecurity.timeout | | 60s | +| repositories.falcosecurity.timeout | | 1m0s | | repositories.gatekeeper.interval | | 30m0s | | repositories.gatekeeper.url | | https://open-policy-agent.github.io/gatekeeper/charts | -| repositories.gatekeeper.timeout | | 60s | +| repositories.gatekeeper.timeout | | 1m0s | | repositories.jetstack.interval | | 30m0s | | repositories.jetstack.url | | https://charts.jetstack.io | -| repositories.jetstack.timeout | | 60s | +| repositories.jetstack.timeout | | 1m0s | | repositories.kedacore.interval | | 30m0s | | repositories.kedacore.url | | https://kedacore.github.io/charts | -| repositories.kedacore.timeout | | 60s | +| repositories.kedacore.timeout | | 1m0s | | repositories.kubedb.interval | | 30m0s | | repositories.kubedb.url | | https://charts.appscode.com/stable | -| repositories.kubedb.timeout | | 60s | +| repositories.kubedb.timeout | | 1m0s | | repositories.kubeops.interval | | 30m0s | | repositories.kubeops.url | | https://charts.appscode.com/stable | -| repositories.kubeops.timeout | | 60s | +| repositories.kubeops.timeout | | 1m0s | | repositories.kubestash.interval | | 30m0s | | repositories.kubestash.url | | https://charts.appscode.com/stable | -| repositories.kubestash.timeout | | 60s | +| repositories.kubestash.timeout | | 1m0s | | repositories.kubevault.interval | | 30m0s | | repositories.kubevault.url | | oci://r.byte.builders/charts | -| repositories.kubevault.timeout | | 60s | +| repositories.kubevault.timeout | | 1m0s | | repositories.nats.interval | | 30m0s | | repositories.nats.url | | https://nats-io.github.io/k8s/helm/charts/ | -| repositories.nats.timeout | | 60s | +| repositories.nats.timeout | | 1m0s | | repositories.ocm.interval | | 30m0s | | repositories.ocm.url | | oci://r.byte.builders/charts | -| repositories.ocm.timeout | | 60s | +| repositories.ocm.timeout | | 1m0s | | repositories.opencost.interval | | 30m0s | | repositories.opencost.url | | oci://r.byte.builders/charts | -| repositories.opencost.timeout | | 60s | +| repositories.opencost.timeout | | 1m0s | | repositories.prometheus-community.interval | | 30m0s | | repositories.prometheus-community.url | | https://prometheus-community.github.io/helm-charts | -| repositories.prometheus-community.timeout | | 60s | +| repositories.prometheus-community.timeout | | 1m0s | | repositories.stashed.interval | | 30m0s | | repositories.stashed.url | | https://charts.appscode.com/stable | -| repositories.stashed.timeout | | 60s | +| repositories.stashed.timeout | | 1m0s | | registry.credentials | | {} | | clusterManagers | | [] | | capi.provider | | "" | diff --git a/schema/ace-options/values.openapiv3_schema.yaml b/schema/ace-options/values.openapiv3_schema.yaml index c466150d4..3f5bdb38d 100644 --- a/schema/ace-options/values.openapiv3_schema.yaml +++ b/schema/ace-options/values.openapiv3_schema.yaml @@ -389,6 +389,30 @@ properties: properties: auth: properties: + azureDNS: + properties: + environment: + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + servicePrincipalAppID: + type: string + servicePrincipalAppPassword: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - hostedZoneName + - resourceGroupName + - servicePrincipalAppID + - servicePrincipalAppPassword + - subscriptionID + - tenantID + type: object cloudDNS: properties: GOOGLE_PROJECT_ID: @@ -428,6 +452,7 @@ properties: - cloudflare - route53 - cloudDNS + - azureDNS type: string required: - auth