Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Helm template does not support GSS-TSIG configuration for ExternalDNS #1061

Closed
v-esteves opened this issue Feb 9, 2023 · 0 comments · Fixed by #1064
Closed

Helm template does not support GSS-TSIG configuration for ExternalDNS #1061

v-esteves opened this issue Feb 9, 2023 · 0 comments · Fixed by #1064
Milestone
1.0

Comments

@v-esteves
Copy link
Contributor

Use case:

  • Execute dynamic DNS updates on Windows DNS
  • Windows DNS updates requires GSS-TSIG protocol, that is supported by ExternalDNS but the current K8gb helm template doesn't allow this configuration.

Error:

  • When adding the properties do the rfc2136 provider, the following error is found:

Error: UPGRADE FAILED: values don't meet the specifications of the schema(s) in the following chart(s):
k8gb:

  • rfc2136.rfc2136Opts.2: Additional property gss-tsig is not allowed
  • rfc2136.rfc2136Opts.3: Additional property kerberos-username is not allowed
  • rfc2136.rfc2136Opts.4: Additional property kerberos-password is not allowed
  • rfc2136.rfc2136Opts.5: Additional property kerberos-realm is not allowed

Fix:

Helm template needs to be updated in order to allow this configuration.
@ytsarev ytsarev added this to the 1.0 milestone Mar 9, 2023
@github-project-automation github-project-automation bot moved this to To do in k8gb Mar 9, 2023
@ytsarev ytsarev added this to k8gb Mar 9, 2023
@ytsarev ytsarev moved this from To do to In progress in k8gb Mar 9, 2023
v-esteves pushed a commit to v-esteves/k8gb that referenced this issue Mar 27, 2023
helm: values.yaml, values.schema.json, templates/external-dns
e1f369a 
Changed to allow the configuration of the provider RFC2136 with GSS-TSIG

Fixes k8gb-io#1061

Signed-off-by: vestevesaws@gmail.com <x191116@MacBook-Pro-de-Vitor.local>
@v-esteves v-esteves mentioned this issue Aug 9, 2023
Merged
@ytsarev ytsarev moved this from In progress to Review in progress in k8gb Aug 12, 2023
ytsarev added a commit that referenced this issue Dec 18, 2023
@v-esteves @ytsarev
Helm chart updated for ExternalDNS, rfc2136 provider, in order to sup…
77fd09b 
…port GSS-TSIG authentication configuration. (#1064)

* Changed values file and schema, in order to support GSS-TSIG configuration for ExternalDNS

Signed-off-by: vestevesaws@gmail.com <x191116@MacBook-Pro-de-Vitor.local>

* Changed deployment external-dns template, in order to support volumes for kerberos configuration file from config-map

Signed-off-by: vestevesaws@gmail.com <x191116@MacBook-Pro-de-Vitor.local>

* Updated ExternalDNS template in order to allow the configuration of the ConfigMap with a krb5.conf configuration for Kerberos authentication (GSS-TSIG). Also updated the values.schema.json and values.yaml for this new input. README.md was updated with the correct description of the values.yaml structure with the new inputs for the rfc2136 provider configuration

Signed-off-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.home>
Signed-off-by: vestevesaws@gmail.com <x191116@MacBook-Pro-de-Vitor.local>

* helm: values.yaml, values.schema.json, templates/external-dns

Changed to allow the configuration of the provider RFC2136 with GSS-TSIG

Fixes #1061

Signed-off-by: vestevesaws@gmail.com <x191116@MacBook-Pro-de-Vitor.local>

* Added reference in main README.md to provider RFC2136 tutorial. Removed duplicaded Helm Values from RFC2136 provider tutorial.

Signed-off-by: vestevesaws@gmail.com <x191116@MacBook-Pro-de-Vitor.local>

* Moved documentation files from PR 1065 in order to fix conflicts with helm chart version.

Signed-off-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.home>

* Pulled and merge README.md from main, in order to resolve conflict values.

Signed-off-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.lan>

* make golic happy

Signed-off-by: Yury Tsarev <yury@upbound.io>

* Added link to Azure Windows DNS documentation from main Readme.md

Signed-off-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.home>

* Added default value to TSIG authentication when provider 2136 is selected. This will ensure that current running workloads using TSIG authentication for BIND will not break due to change on the helm values list for provider 2136. Added validations to _helpers template, in order to ensure that provider2136 options are not added to the external DNS deployment configuration, when provider2136 isn't enabled.

Signed-off-by: Vitor Esteves <x191116@MacBook-Pro-de-Vitor.local>

---------

Signed-off-by: vestevesaws@gmail.com <x191116@MacBook-Pro-de-Vitor.local>
Signed-off-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.home>
Signed-off-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.lan>
Signed-off-by: Vitor Esteves <64093608+v-esteves@users.noreply.github.com>
Signed-off-by: Yury Tsarev <yury@upbound.io>
Signed-off-by: Vitor Esteves <x191116@MacBook-Pro-de-Vitor.local>
Co-authored-by: Vitor Esteves <x191116@MacBook-Pro-de-Vitor.local>
Co-authored-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.home>
Co-authored-by: vestevesaws@gmail.com <x191116@MBP-de-Vitor.lan>
Co-authored-by: Yury Tsarev <yury@upbound.io>
@github-project-automation github-project-automation bot moved this from Review in progress to Done in k8gb Dec 18, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
k8gb
Status: Done
Milestone
1.0
2 participants
@ytsarev @v-esteves