From 2ddfa2dc7ed55140637778abe74613559ed5a833 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Mon, 21 Nov 2022 20:38:13 +0100
Subject: [PATCH] add(core): external-dns

---
 projects/core/project.yml              |  9 ++++
 projects/core/values/external-dns.yaml | 72 ++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 projects/core/values/external-dns.yaml

diff --git a/projects/core/project.yml b/projects/core/project.yml
index 04409226..822f9675 100644
--- a/projects/core/project.yml
+++ b/projects/core/project.yml
@@ -60,3 +60,12 @@ apps:
   repoURL: https://helm.cilium.io
   chart: cilium
   targetRevision: 1.12.4
+
+- name: external-dns
+  repoURL: https://kubernetes-sigs.github.io/external-dns
+  chart: external-dns
+  targetRevision: 1.11.0
+  secrets:
+  - name: cloudflare-api
+    keys:
+    - CF_API_TOKEN
diff --git a/projects/core/values/external-dns.yaml b/projects/core/values/external-dns.yaml
new file mode 100644
index 00000000..b99dc1e7
--- /dev/null
+++ b/projects/core/values/external-dns.yaml
@@ -0,0 +1,72 @@
+# Default values for external-dns.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: k8s.gcr.io/external-dns/external-dns
+  # Overrides the image tag whose default is v{{ .Chart.AppVersion }}
+  tag: ""
+  pullPolicy: IfNotPresent
+
+shareProcessNamespace: false
+
+podSecurityContext:
+  fsGroup: 65534
+
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 65534
+  readOnlyRootFilesystem: true
+  capabilities:
+    drop: ["ALL"]
+
+# Defaults to `ClusterFirst`.
+# Valid values are: `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
+dnsPolicy:
+
+serviceMonitor:
+  enabled: false
+  additionalLabels: {}
+  interval: 1m
+  scrapeTimeout: 10s
+
+env:
+- name: CF_API_TOKEN
+  valueFrom:
+    secretKeyRef:
+      name: cloudflare-api
+      key: CF_API_TOKEN
+
+extraVolumes: []
+
+extraVolumeMounts: []
+
+resources: {}
+
+logLevel: info
+logFormat: text
+
+interval: 1m
+triggerLoopOnEvent: false
+
+sources:
+  - ingress
+#  - service
+
+policy: upsert-only
+
+registry: txt
+txtOwnerId: ""
+txtPrefix: ""
+txtSuffix: ""
+
+domainFilters:
+  - nold.in
+
+provider: cloudflare
+
+extraArgs:
+  - "--cloudflare-proxied"
+
+deploymentStrategy:
+  type: Recreate