diff --git a/_snippets/recipe-footer.md b/_snippets/recipe-footer.md
index 5b2e2f8..54cbd81 100644
--- a/_snippets/recipe-footer.md
+++ b/_snippets/recipe-footer.md
@@ -4,7 +4,7 @@
### Tip your waiter (sponsor) 👏
-Did you receive excellent service? Want to compliment the chef? (_..and support development of current and future recipes!_) Sponsor me on [Github][github_sponsor] / [Patreon][patreon], or see the [contribute](/community/contribute/) page for more (_free or paid)_ ways to say thank you! 👏
+Did you receive excellent service? Want to compliment the chef? (_..and support development of current and future recipes!_) Share a [review](https://fnky.nz/testimonial), sponsor me on [Github][github_sponsor] / [Patreon][patreon], or see the [contribute](/community/contribute/) page for more (_free or paid)_ ways to say thank you! 👏
### Employ your chef (engage) 🤝
diff --git a/docs/community/contribute.md b/docs/community/contribute.md
index a264745..f928446 100644
--- a/docs/community/contribute.md
+++ b/docs/community/contribute.md
@@ -12,6 +12,7 @@ Got nothing to contribute, but want to give back to the community? Here are some
1. Star :star: the [repo](https://github.com/geek-cookbook/geek-cookbook/)
2. Tweet :bird: the [meat](https://ctt.ac/Vl6mc)!
+3. Send a [testimonial](https://fnky.nz/testimonial)
## Contributing moneyz 💰
diff --git a/docs/index.md b/docs/index.md
index 2640e87..dee7746 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -81,6 +81,10 @@ So if you're familiar enough with the concepts above, and you've done self-hosti
-- John McDowall, Founder, [kiso.io](https://kiso.io)
+
+
+
+
## Who made this?
### 👋 Hi, I'm David
diff --git a/docs/kubernetes/external-dns.md b/docs/kubernetes/external-dns.md
index 66ae91a..ba972f3 100644
--- a/docs/kubernetes/external-dns.md
+++ b/docs/kubernetes/external-dns.md
@@ -16,9 +16,9 @@ ExternalDNS is a controller for Kubernetes which watches the objects you create
### Namespace
-We need a namespace to deploy our HelmRelease and associated ConfigMaps into. Per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo at `bootstrap/namespaces/namespace-external-dns.yaml`:
+We need a namespace to deploy our HelmRelease and associated ConfigMaps into. Per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo:
-```yaml
+```yaml title="/bootstrap/namespaces/namespace-external-dns.yaml"
apiVersion: v1
kind: Namespace
metadata:
@@ -27,903 +27,61 @@ metadata:
### HelmRepository
-Next, we need to define a HelmRepository (*a repository of helm charts*), to which we'll refer when we create the HelmRelease. We only need to do this once per-repository. In this case, we're using the (*prolific*) [bitnami chart repository](https://github.com/bitnami/charts/tree/master/bitnami), so per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo at `bootstrap/helmrepositories/helmrepository-external-dns.yaml`:
+Next, we need to define a HelmRepository (*a repository of helm charts*), to which we'll refer when we create the HelmRelease. We only need to do this once per-repository. In this case, we're using the (*prolific*) [bitnami chart repository](https://github.com/bitnami/charts/tree/master/bitnami), so per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo:
-??? example "Example HelmRepository (click to expand)"
- ```yaml
- apiVersion: source.toolkit.fluxcd.io/v1beta1
- kind: HelmRepository
- metadata:
- name: bitnami
- namespace: flux-system
- spec:
- interval: 15m
- url: https://charts.bitnami.com/bitnami
- ```
+```yaml title="/bootstrap/helmrepositories/helmrepository-bitnami.yaml"
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+ name: bitnami
+ namespace: flux-system
+spec:
+ interval: 15m
+ url: https://charts.bitnami.com/bitnami
+```
### Kustomization
-Now that the "global" elements of this deployment (*just the HelmRepository in this case*z*) have been defined, we do some "flux-ception", and go one layer deeper, adding another Kustomization, telling flux to deploy any YAMLs found in the repo at `/external-dns`. I create this example Kustomization in my flux repo at `bootstrap/kustomizations/kustomization-external-dns.yaml`:
+Now that the "global" elements of this deployment (*just the HelmRepository in this case*z*) have been defined, we do some "flux-ception", and go one layer deeper, adding another Kustomization, telling flux to deploy any YAMLs found in the repo at `/external-dns`. I create this example Kustomization in my flux repo:
-??? example "Example Kustomization (click to expand)"
- ```yaml
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
- kind: Kustomization
- metadata:
+```yaml title="/bootstrap/kustomizations/kustomization-external-dns.yaml"
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+ name: external-dns
+ namespace: flux-system
+spec:
+ interval: 15m
+ path: ./external-dns
+ prune: true # remove any elements later removed from the above path
+ timeout: 2m # if not set, this defaults to interval duration, which is 1h
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ validation: server
+ healthChecks:
+ - apiVersion: apps/v1
+ kind: Deployment
name: external-dns
- namespace: flux-system
- spec:
- interval: 15m
- path: ./external-dns
- prune: true # remove any elements later removed from the above path
- timeout: 2m # if not set, this defaults to interval duration, which is 1h
- sourceRef:
- kind: GitRepository
- name: flux-system
- validation: server
- healthChecks:
- - apiVersion: apps/v1
- kind: Deployment
- name: external-dns
- namespace: external-dns
- ```
+ namespace: external-dns
+```
### ConfigMap
-Now we're into the external-dns-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/external-dns/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `external-dns/configmap-external-dns-helm-chart-value-overrides.yaml`:
+Now we're into the external-dns-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/external-dns/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
-??? example "Example ConfigMap (click to expand)"
- ```yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: external-dns-helm-chart-value-overrides
- namespace: external-dns
- data:
- values.yaml: |-
- ## @section Global parameters
- ## Global Docker image parameters
- ## Please, note that this will override the image parameters, including dependencies, configured to use the global value
- ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
+```yaml title="/external-dns/configmap-external-dns-helm-chart-value-overrides.yaml"
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: traefik-helm-chart-value-overrides
+ namespace: traefik
+data:
+ values.yaml: |-
+ #
+```
- ## @param global.imageRegistry Global Docker image registry
- ## @param global.imagePullSecrets Global Docker registry secret names as an array
- ##
- global:
- imageRegistry: ""
- ## E.g.
- ## imagePullSecrets:
- ## - myRegistryKeySecretName
- ##
- imagePullSecrets: []
-
- ## @section Common parameters
-
- ## @param nameOverride String to partially override external-dns.fullname template (will maintain the release name)
- ##
- nameOverride: ""
- ## @param fullnameOverride String to fully override external-dns.fullname template
- ##
- fullnameOverride: ""
- ## @param clusterDomain Kubernetes Cluster Domain
- ##
- clusterDomain: cluster.local
-
- ## @section external-dns parameters
-
- ## Bitnami external-dns image version
- ## ref: https://hub.docker.com/r/bitnami/external-dns/tags/
- ## @param image.registry ExternalDNS image registry
- ## @param image.repository ExternalDNS image repository
- ## @param image.tag ExternalDNS Image tag (immutable tags are recommended)
- ## @param image.pullPolicy ExternalDNS image pull policy
- ## @param image.pullSecrets ExternalDNS image pull secrets
- ##
- image:
- registry: docker.io
- repository: bitnami/external-dns
- tag: 0.10.1-debian-10-r5
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ## e.g:
- ## pullSecrets:
- ## - myRegistryKeySecretName
- ##
- pullSecrets: []
-
- ## @param hostAliases Deployment pod host aliases
- ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
- ##
- hostAliases: []
- ## @param sources [array] K8s resources type to be observed for new DNS entries by ExternalDNS
- ##
- sources:
- # - crd
- - service
- - ingress
- # - contour-httpproxy
- ## @param provider DNS provider where the DNS records will be created.
- ## Available providers are:
- ## - alibabacloud, aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, hetzner, infoblox, linode, rfc2136, transip
- ##
- provider: aws
- ## Flags related to processing sources
- ## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272
- ## @param namespace Limit sources of endpoints to a specific namespace (default: all namespaces)
- ##
- namespace: ""
- ## @param fqdnTemplates Templated strings that are used to generate DNS names from sources that don't define a hostname themselves
- ##
- fqdnTemplates: []
- ## @param combineFQDNAnnotation Combine FQDN template and annotations instead of overwriting
- ##
- combineFQDNAnnotation: false
- ## @param ignoreHostnameAnnotation Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set
- ##
- ignoreHostnameAnnotation: false
- ## @param publishInternalServices Allow external-dns to publish DNS records for ClusterIP services
- ##
- publishInternalServices: false
- ## @param publishHostIP Allow external-dns to publish host-ip for headless services
- ##
- publishHostIP: false
- ## @param serviceTypeFilter The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName)
- ##
- serviceTypeFilter: []
- ## Alibaba cloud configuration to be set via arguments/env. variables
- ## These will be added to /etc/kubernetes/alibaba-cloud.json via secret
- ##
- alibabacloud:
- ## @param alibabacloud.accessKeyId When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional)
- ##
- accessKeyId: ""
- ## @param alibabacloud.accessKeySecret When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional)
- ##
- accessKeySecret: ""
- ## @param alibabacloud.regionId When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional)
- ##
- regionId: ""
- ## @param alibabacloud.vpcId Alibaba Cloud VPC Id
- ##
- vpcId: ""
- ## @param alibabacloud.secretName Use an existing secret with key "alibaba-cloud.json" defined.
- ## This ignores alibabacloud.accessKeyId, and alibabacloud.accessKeySecret
- ##
- secretName: ""
- ## @param alibabacloud.zoneType Zone Filter. Available values are: public, private, or no value for both
- ##
- zoneType: ""
- ## AWS configuration to be set via arguments/env. variables
- ##
- aws:
- ## AWS credentials
- ## @param aws.credentials.secretKey When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional)
- ## @param aws.credentials.accessKey When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional)
- ## @param aws.credentials.mountPath When using the AWS provider, determine `mountPath` for `credentials` secret
- ##
- credentials:
- secretKey: ""
- accessKey: ""
- ## Before external-dns 0.5.9 home dir should be `/root/.aws`
- ##
- mountPath: "/.aws"
- ## @param aws.credentials.secretName Use an existing secret with key "credentials" defined.
- ## This ignores aws.credentials.secretKey, and aws.credentials.accessKey
- ##
- secretName: ""
- ## @param aws.region When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional)
- ##
- region: "us-east-1"
- ## @param aws.zoneType When using the AWS provider, filter for zones of this type (optional, options: public, private)
- ##
- zoneType: ""
- ## @param aws.assumeRoleArn When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon
- ##
- assumeRoleArn: ""
- ## @param aws.apiRetries Maximum number of retries for AWS API calls before giving up
- ##
- apiRetries: 3
- ## @param aws.batchChangeSize When using the AWS provider, set the maximum number of changes that will be applied in each batch
- ##
- batchChangeSize: 1000
- ## @param aws.zoneTags When using the AWS provider, filter for zones with these tags
- ##
- zoneTags: []
- ## @param aws.preferCNAME When using the AWS provider, replaces Alias records with CNAME (options: true, false)
- ##
- preferCNAME: ""
- ## @param aws.evaluateTargetHealth When using the AWS provider, sets the evaluate target health flag (options: true, false)
- ##
- evaluateTargetHealth: ""
- ## Azure configuration to be set via arguments/env. variables
- ##
- azure:
- ## When a secret to load azure.json is not specified, the host's /etc/kubernetes/azure.json will be used
- ## @param azure.secretName When using the Azure provider, set the secret containing the `azure.json` file
- ##
- secretName: ""
- ## @param azure.cloud When using the Azure provider, set the Azure Cloud
- ##
- cloud: ""
- ## @param azure.resourceGroup When using the Azure provider, set the Azure Resource Group
- ##
- resourceGroup: ""
- ## @param azure.tenantId When using the Azure provider, set the Azure Tenant ID
- ##
- tenantId: ""
- ## @param azure.subscriptionId When using the Azure provider, set the Azure Subscription ID
- ##
- subscriptionId: ""
- ## @param azure.aadClientId When using the Azure provider, set the Azure AAD Client ID
- ##
- aadClientId: ""
- ## @param azure.aadClientSecret When using the Azure provider, set the Azure AAD Client Secret
- ##
- aadClientSecret: ""
- ## @param azure.useManagedIdentityExtension When using the Azure provider, set if you use Azure MSI
- ##
- useManagedIdentityExtension: false
- ## @param azure.userAssignedIdentityID When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used)
- ##
- userAssignedIdentityID: ""
- ## Cloudflare configuration to be set via arguments/env. variables
- ##
- cloudflare:
- ## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional)
- ##
- apiToken: ""
- ## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional)
- ##
- apiKey: ""
- ## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key.
- ## This ignores cloudflare.apiToken, and cloudflare.apiKey
- ##
- secretName: ""
- ## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY
- ##
- email: ""
- ## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)
- ##
- proxied: true
- ## CoreDNS configuration to be set via arguments/env variables
- ##
- coredns:
- ## @param coredns.etcdEndpoints When using the CoreDNS provider, set etcd backend endpoints (comma-separated list)
- ## Secure (https) endpoints can be used as well, in that case `etcdTLS` section
- ## should be filled in accordingly
- ##
- etcdEndpoints: "http://etcd-extdns:2379"
- ## Configuration of the secure communication and client authentication to the etcd cluster
- ## If enabled all the values under this key must hold a valid data
- ##
- etcdTLS:
- ## @param coredns.etcdTLS.enabled When using the CoreDNS provider, enable secure communication with etcd
- ##
- enabled: false
- ## @param coredns.etcdTLS.autoGenerated Generate automatically self-signed TLS certificates
- ##
- autoGenerated: false
- ## @param coredns.etcdTLS.secretName When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys
- ## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md
- ## ref (secret creation):
- ## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication
- ##
- secretName: "etcd-client-certs"
- ## @param coredns.etcdTLS.mountPath When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to
- ##
- mountPath: "/etc/coredns/tls/etcd"
- ## @param coredns.etcdTLS.caFilename When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName`
- ##
- caFilename: "ca.crt"
- ## @param coredns.etcdTLS.certFilename When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName`
- ## Will be used by external-dns to authenticate against etcd
- ##
- certFilename: "cert.pem"
- ## @param coredns.etcdTLS.keyFilename When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName`
- ## Will be used by external-dns to authenticate against etcd
- ##
- keyFilename: "key.pem"
- ## OpenStack Designate provider configuration to be set via arguments/env. variables
- ##
- designate:
- ## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret
- ## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument
- ## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional)
- ## @param designate.password When using the Designate provider, specify the OpenStack authentication password. (optional)
- ## @param designate.authUrl When using the Designate provider, specify the OpenStack authentication Url. (optional)
- ## @param designate.regionName When using the Designate provider, specify the OpenStack region name. (optional)
- ## @param designate.userDomainName When using the Designate provider, specify the OpenStack user domain name. (optional)
- ## @param designate.projectName When using the Designate provider, specify the OpenStack project name. (optional)
- ## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional)
- ## e.g:
- ## username: "someuser"
- ## password: "p@55w0rd"
- ## authUrl: "https://mykeystone.example.net:5000/v3/"
- ## regionName: "dev"
- ## userDomainName: "development"
- ## projectName: "myteamname"
- ##
- username: ""
- password: ""
- authUrl: ""
- regionName: ""
- userDomainName: ""
- projectName: ""
- ## @param designate.customCAHostPath When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled`
- ## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath
- ##
- customCAHostPath: ""
- ## Use a custom CA (optional)
- ## @param designate.customCA.enabled When using the Designate provider, enable a custom CA (optional)
- ## @param designate.customCA.content When using the Designate provider, set the content of the custom CA
- ## @param designate.customCA.mountPath When using the Designate provider, set the mountPath in which to mount the custom CA configuration
- ## @param designate.customCA.filename When using the Designate provider, set the custom CA configuration filename
- ##
- customCA:
- enabled: false
- content: ""
- mountPath: "/config/designate"
- filename: "designate-ca.pem"
- ## DigitalOcean configuration to be set via arguments/env. variables
- ##
- digitalocean:
- ## @param digitalocean.apiToken When using the DigitalOcean provider, `DO_TOKEN` to set (optional)
- ##
- apiToken: ""
- ## @param digitalocean.secretName Use an existing secret with key "digitalocean_api_token" defined.
- ## This ignores digitalocean.apiToken
- ##
- secretName: ""
- ## Google configuration to be set via arguments/env. variables
- ##
- google:
- ## @param google.project When using the Google provider, specify the Google project (required when provider=google)
- ##
- project: ""
- ## @param google.serviceAccountSecret When using the Google provider, specify the existing secret which contains credentials.json (optional)
- ##
- serviceAccountSecret: ""
- ## @param google.serviceAccountSecretKey When using the Google provider with an existing secret, specify the key name (optional)
- ##
- serviceAccountSecretKey: "credentials.json"
- ## @param google.serviceAccountKey When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional)
- ##
- serviceAccountKey: ""
- ## Hetzner configuration to be set via arguments/env. variables
- ##
- hetzner:
- ## @param hetzner.token When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.)
- ## Mutually exclusive with `hetzner.secretName`.
- ##
- token: ""
- ## @param hetzner.secretName When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional)
- ##
- secretName: ""
- ## @param hetzner.secretKey When using the Hetzner provider with an existing secret, specify the key name (optional)
- ##
- secretKey: "hetzner_token"
- ## Infoblox configuration to be set via arguments/env. variables
- ##
- infoblox:
- ## @param infoblox.wapiUsername When using the Infoblox provider, specify the Infoblox WAPI username
- ##
- wapiUsername: "admin"
- ## @param infoblox.wapiPassword When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox)
- ##
- wapiPassword: ""
- ## @param infoblox.gridHost When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox)
- ##
- gridHost: ""
- ## @param infoblox.view Infoblox view
- ##
- view: ""
- ## Optional keys
- ##
- ## Existing secret name, when in place wapiUsername and wapiPassword are not required
- ## secretName: ""
- ##
- ## @param infoblox.domainFilter When using the Infoblox provider, specify the domain (optional)
- ##
- domainFilter: ""
- ## @param infoblox.noSslVerify When using the Infoblox provider, disable SSL verification (optional)
- ##
- noSslVerify: false
- ## @param infoblox.wapiPort When using the Infoblox provider, specify the Infoblox WAPI port (optional)
- ##
- wapiPort: ""
- ## @param infoblox.wapiVersion When using the Infoblox provider, specify the Infoblox WAPI version (optional)
- ##
- wapiVersion: ""
- ## @param infoblox.wapiConnectionPoolSize When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional)
- ##
- wapiConnectionPoolSize: ""
- ## @param infoblox.wapiHttpTimeout When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional)
- ##
- wapiHttpTimeout: ""
- ## @param infoblox.maxResults When using the Infoblox provider, specify the Infoblox Max Results (optional)
- ##
- maxResults: ""
- ## Linode configuration to be set via arguments/env. variables
- ##
- linode:
- ## @param linode.apiToken When using the Linode provider, `LINODE_TOKEN` to set (optional)
- ##
- apiToken: ""
- ## @param linode.secretName Use an existing secret with key "linode_api_token" defined.
- ## This ignores linode.apiToken
- ##
- secretName: ""
- ## NS1 configuration to be set via arguments/env. variables
- ## @param ns1.minTTL When using the ns1 provider, specify minimal TTL, as an integer, for records
- ##
- ns1:
- minTTL: 10
- ## OVH configuration to be set via arguments/env. variables
- ##
- ovh:
- ## @param ovh.consumerKey When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.)
- ##
- consumerKey: ""
- ## @param ovh.applicationKey When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.)
- ##
- applicationKey: ""
- ## @param ovh.applicationSecret When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.)
- ##
- applicationSecret: ""
- ## @param ovh.secretName When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh`.
- ## with following keys:
- ## - ovh_consumer_key
- ## - ovh_application_key
- ## - ovh_application_secret
- ## This ignores consumerKey, applicationKey & applicationSecret
- ##
- secretName: ""
- ## Scaleway configuration to be set via arguments/env. variables
- ##
- scaleway:
- ## @param scaleway.scwAccessKey When using the Scaleway provider, specify an existing access key. (required when provider=scaleway)
- ##
- scwAccessKey: ""
- ## @param scaleway.scwSecretKey When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway)
- ##
- scwSecretKey: ""
- ## @param scaleway.scwDefaultOrganizationId When using the Scaleway provider, specify the existing organization id. (required when provider=scaleway)
- ##
- scwDefaultOrganizationId: ""
- ## RFC 2136 configuration to be set via arguments/env. variables
- ##
- rfc2136:
- ## @param rfc2136.host When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136)
- ##
- host: ""
- ## @param rfc2136.port When using the rfc2136 provider, specify the RFC2136 port (optional)
- ##
- port: 53
- ## @param rfc2136.zone When using the rfc2136 provider, specify the zone (required when provider=rfc2136)
- ##
- zone: ""
- ## @param rfc2136.tsigSecret When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional)
- ##
- tsigSecret: ""
- ## @param rfc2136.secretName When using the rfc2136 provider, specify the existing secret which contains your tsig secret. Disables the usage of `rfc2136.tsigSecret` (optional)
- ##
- secretName: ""
- ## @param rfc2136.tsigSecretAlg When using the rfc2136 provider, specify the tsig secret to enable security (optional)
- ##
- tsigSecretAlg: hmac-sha256
- ## @param rfc2136.tsigKeyname When using the rfc2136 provider, specify the tsig keyname to enable security (optional)
- ##
- tsigKeyname: externaldns-key
- ## @param rfc2136.tsigAxfr When using the rfc2136 provider, enable AFXR to enable security (optional)
- ##
- tsigAxfr: true
- ## @param rfc2136.minTTL When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
- ##
- minTTL: "0s"
- ## @param rfc2136.rfc3645Enabled When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG
- ##
- rfc3645Enabled: false
- ## @param rfc2136.kerberosConfig When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional)
- ##
- kerberosConfig: ""
- ## @param rfc2136.kerberosUsername When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional)
- ##
- kerberosUsername: ""
- ## @param rfc2136.kerberosPassword When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional)
- ##
- kerberosPassword: ""
- ## @param rfc2136.kerberosRealm When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true)
- ##
- kerberosRealm: ""
-
- ## PowerDNS configuration to be set via arguments/env. variables
- ##
- pdns:
- ## @param pdns.apiUrl When using the PowerDNS provider, specify the API URL of the server.
- ##
- apiUrl: ""
- ## @param pdns.apiPort When using the PowerDNS provider, specify the API port of the server.
- ##
- apiPort: "8081"
- ## @param pdns.apiKey When using the PowerDNS provider, specify the API key of the server.
- ##
- apiKey: ""
- ## @param pdns.secretName When using the PowerDNS provider, specify as secret name containing the API Key
- ##
- secretName: ""
- ## TransIP configuration to be set via arguments/env. variables
- ##
- transip:
- ## @param transip.account When using the TransIP provider, specify the account name.
- ##
- account: ""
- ## @param transip.apiKey When using the TransIP provider, specify the API key to use.
- ##
- apiKey: ""
- ## VinylDNS configuration to be set via arguments/env. variables
- ##
- vinyldns:
- ## @param vinyldns.host When using the VinylDNS provider, specify the VinylDNS API host.
- ##
- host: ""
- ## @param vinyldns.accessKey When using the VinylDNS provider, specify the Access Key to use.
- ##
- accessKey: ""
- ## @param vinyldns.secretKey When using the VinylDNS provider, specify the Secret key to use.
- ##
- secretKey: ""
- ## @param domainFilters Limit possible target zones by domain suffixes (optional)
- ##
- domainFilters: []
- ## @param excludeDomains Exclude subdomains (optional)
- ##
- excludeDomains: []
- ## @param regexDomainFilter Limit possible target zones by regex domain suffixes (optional)
- ## If regexDomainFilter is specified, domainFilters will be ignored
- ##
- regexDomainFilter: ""
- ## @param regexDomainExclusion Exclude subdomains by using regex pattern (optional)
- ## If regexDomainFilter is specified, excludeDomains will be ignored and external-dns will use regexDomainExclusion even though regexDomainExclusion is empty
- ##
- regexDomainExclusion: ""
- ## @param zoneNameFilters Filter target zones by zone domain (optional)
- ##
- zoneNameFilters: []
- ## @param zoneIdFilters Limit possible target zones by zone id (optional)
- ##
- zoneIdFilters: []
- ## @param annotationFilter Filter sources managed by external-dns via annotation using label selector (optional)
- ##
- annotationFilter: ""
- ## @param dryRun When enabled, prints DNS record changes rather than actually performing them (optional)
- ##
- dryRun: false
- ## @param triggerLoopOnEvent When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional)
- ##
- triggerLoopOnEvent: false
- ## @param interval Interval update period to use
- ##
- interval: "1m"
- ## @param logLevel Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace)
- ##
- logLevel: info
- ## @param logFormat Which format to output logs in (options: text, json)
- ##
- logFormat: text
- ## @param policy Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only )
- ##
- policy: upsert-only
- ## @param registry Registry method to use (options: txt, aws-sd, noop)
- ## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md
- ##
- registry: "txt"
- ## @param txtPrefix When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) (Mutual exclusive with txt-suffix)
- ##
- txtPrefix: ""
- ## @param txtSuffix When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix)
- ##
- txtSuffix: ""
- ## @param txtOwnerId A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional)
- ## But other registry types might be added in the future.
- ##
- txtOwnerId: ""
- ## @param forceTxtOwnerId (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional)
- ## This setting added for backward compatibility for
- ## customers who already used bitnami/external-dns helm chart
- ## to privision 'aws-sd' registry type.
- ## Previously bitnami/external-dns helm chart did not pass
- ## txtOwnerId value down to the external-dns application
- ## so the app itself sets that value to be a string 'default'.
- ## If existing customers force the actual txtOwnerId value to be
- ## passed properly, their external-dns updates will stop working
- ## because the owner's value for exting DNS records in
- ## AWS Service Discovery would remain 'default'.
- ## NOTE: It is up to the end user to update AWS Service Discovery
- ## 'default' values in description fields to make it work with new
- ## value passed as txtOwnerId when forceTxtOwnerId=true
- forceTxtOwnerId: false
- ## @param extraArgs Extra arguments to be passed to external-dns
- ##
- extraArgs: {}
- ## @param extraEnv Extra environment variables to be passed to external-dns
- ##
- ## extraEnv:
- ## - name: VARNAME1
- ## value: value1
- ## - name: VARNAME2
- ## valueFrom:
- ## secretKeyRef:
- ## name: existing-secret
- ## key: varname2-key
- ##
- extraEnv: []
- ## @param replicas Desired number of ExternalDNS replicas
- ##
- replicas: 1
- ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
- ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
- ##
- podAffinityPreset: ""
- ## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
- ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
- ## Allowed values: soft, hard
- ##
- podAntiAffinityPreset: soft
- ## Node affinity preset
- ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
- ##
- nodeAffinityPreset:
- ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
- ##
- type: ""
- ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
- ## E.g.
- ## key: "kubernetes.io/e2e-az-name"
- ##
- key: ""
- ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
- ## E.g.
- ## values:
- ## - e2e-az1
- ## - e2e-az2
- ##
- values: []
- ## @param affinity Affinity for pod assignment
- ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
- ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
- ##
- affinity: {}
- ## @param nodeSelector Node labels for pod assignment
- ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
- ##
- nodeSelector: {}
- ## @param tolerations Tolerations for pod assignment
- ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
- ##
- tolerations: []
- ## @param podAnnotations Additional annotations to apply to the pod.
- ##
- podAnnotations: {}
- ## @param podLabels Additional labels to be added to pods
- ##
- podLabels: {}
- ## @param priorityClassName priorityClassName
- ##
- priorityClassName: ""
- ## @param secretAnnotations Additional annotations to apply to the secret
- ##
- secretAnnotations: {}
- ## Options for the source type "crd"
- ##
- crd:
- ## @param crd.create Install and use the integrated DNSEndpoint CRD
- ##
- create: false
- ## @param crd.apiversion Sets the API version for the CRD to watch
- ##
- apiversion: ""
- ## @param crd.kind Sets the kind for the CRD to watch
- ##
- kind: ""
- ## Kubernetes svc configutarion
- ##
- service:
- ## @param service.enabled Whether to create Service resource or not
- ##
- enabled: true
- ## @param service.type Kubernetes Service type
- ##
- type: ClusterIP
- ## @param service.port ExternalDNS client port
- ##
- port: 7979
- ## @param service.nodePort Port to bind to for NodePort service type (client port)
- ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- ##
- nodePort: ""
- ## @param service.clusterIP IP address to assign to service
- ##
- clusterIP: ""
- ## @param service.externalIPs Service external IP addresses
- ##
- externalIPs: []
- ## @param service.loadBalancerIP IP address to assign to load balancer (if supported)
- ##
- loadBalancerIP: ""
- ## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported)
- ##
- loadBalancerSourceRanges: []
- ## @param service.annotations Annotations to add to service
- ## set the LoadBalancer service type to internal only.
- ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
- ##
- annotations: {}
- ## @param service.labels Provide any additional labels which may be required.
- ## This can be used to have external-dns show up in `kubectl cluster-info`
- ## kubernetes.io/cluster-service: "true"
- ## kubernetes.io/name: "external-dns"
- ##
- labels: {}
- ## ServiceAccount parameters
- ## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- ##
- serviceAccount:
- ## @param serviceAccount.create Determine whether a Service Account should be created or it should reuse a exiting one.
- ##
- create: true
- ## @param serviceAccount.name ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set
- ##
- name: ""
- ## @param serviceAccount.annotations Additional Service Account annotations
- ##
- annotations: {}
- ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
- ##
- automountServiceAccountToken: true
- ## RBAC parameters
- ## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
- ##
- rbac:
- ## @param rbac.create Whether to create & use RBAC resources or not
- ##
- create: true
- ## @param rbac.clusterRole Whether to create Cluster Role. When set to false creates a Role in `namespace`
- ##
- clusterRole: true
- ## @param rbac.apiVersion Version of the RBAC API
- ##
- apiVersion: v1
- ## @param rbac.pspEnabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
- ##
- pspEnabled: false
- ## @param securityContext Security context for the container
- ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- ## Example:
- ## securityContext:
- ## allowPrivilegeEscalation: false
- ## readOnlyRootFilesystem: true
- ## capabilities:
- ## drop: ["ALL"]
- ##
- securityContext: {}
- ## @param podSecurityContext.fsGroup Group ID for the container
- ## @param podSecurityContext.runAsUser User ID for the container
- ##
- podSecurityContext:
- fsGroup: 1001
- runAsUser: 1001
- ## Container resource requests and limits
- ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
- ## We usually recommend not to specify default resources and to leave this as a conscious
- ## choice for the user. This also increases chances charts run on environments with little
- ## resources, such as Minikube. If you do want to specify resources, uncomment the following
- ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- ## @param resources.limits The resources limits for the container
- ## @param resources.requests The requested resources for the container
- ##
- resources:
- ## Example:
- ## limits:
- ## cpu: 50m
- ## memory: 50Mi
- limits: {}
- ## Examples:
- ## requests:
- ## cpu: 10m
- ## memory: 50Mi
- requests: {}
- ## Configure extra options for liveness probe
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
- ## @param livenessProbe.enabled Enable livenessProbe
- ## @param livenessProbe.httpGet.path Request path for livenessProbe
- ## @param livenessProbe.httpGet.port Port for livenessProbe
- ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
- ## @param livenessProbe.periodSeconds Period seconds for livenessProbe
- ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
- ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
- ## @param livenessProbe.successThreshold Success threshold for livenessProbe
- ##
- livenessProbe:
- enabled: true
- httpGet:
- path: /healthz
- port: http
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 2
- successThreshold: 1
- ## Configure extra options for readiness probe
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
- ## @param readinessProbe.enabled Enable readinessProbe
- ## @param readinessProbe.httpGet.path Request path for readinessProbe
- ## @param readinessProbe.httpGet.port Port for readinessProbe
- ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
- ## @param readinessProbe.periodSeconds Period seconds for readinessProbe
- ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
- ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
- ## @param readinessProbe.successThreshold Success threshold for readinessProbe
- ##
- readinessProbe:
- enabled: true
- httpGet:
- path: /healthz
- port: http
- initialDelaySeconds: 5
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 6
- successThreshold: 1
- ## @param extraVolumes A list of volumes to be added to the pod
- ##
- extraVolumes: []
- ## @param extraVolumeMounts A list of volume mounts to be added to the pod
- ##
- extraVolumeMounts: []
- ## @param podDisruptionBudget Configure PodDisruptionBudget
- ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
- podDisruptionBudget: {}
- ## Prometheus Exporter / Metrics
- ##
- metrics:
- ## @param metrics.enabled Enable prometheus to access external-dns metrics endpoint
- ##
- enabled: false
- ## @param metrics.podAnnotations Annotations for enabling prometheus to access the metrics endpoint
- ##
- podAnnotations: {}
- ## Prometheus Operator ServiceMonitor configuration
- ##
- serviceMonitor:
- ## @param metrics.serviceMonitor.enabled Create ServiceMonitor object
- ##
- enabled: false
- ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
- ##
- namespace: ""
- ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
- ##
- interval: ""
- ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
- ##
- scrapeTimeout: ""
- ## @param metrics.serviceMonitor.selector Additional labels for ServiceMonitor object
- ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
- ## e.g:
- ## selector:
- ## prometheus: my-prometheus
- ##
- selector: {}
-
- ```
--8<-- "kubernetes-why-full-values-in-configmap.md"
Then work your way through the values you pasted, and change any which are specific to your configuration.
@@ -958,26 +116,25 @@ To:
As you work your way through `values.yaml`, you'll notice that it contains specific placholders for credentials for various DNS providers.
Take for example, this config for cloudflare:
-???+ example "Example snippet of CloudFlare config from ConfigMap"
- ```yaml
- cloudflare:
- ## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional)
- ##
- apiToken: ""
- ## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional)
- ##
- apiKey: ""
- ## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key.
- ## This ignores cloudflare.apiToken, and cloudflare.apiKey
- ##
- secretName: ""
- ## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY
- ##
- email: ""
- ## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)
- ##
- proxied: true
- ```
+```yaml title="Example snippet of CloudFlare config from ConfigMap"
+ cloudflare:
+ ## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional)
+ ##
+ apiToken: ""
+ ## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional)
+ ##
+ apiKey: ""
+ ## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key.
+ ## This ignores cloudflare.apiToken, and cloudflare.apiKey
+ ##
+ secretName: ""
+ ## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY
+ ##
+ email: ""
+ ## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)
+ ##
+ proxied: true
+```
In the case of CloudFlare (*and this may differ per-provider*), you can either enter your credentials in cleartext (*baaad idea, since we intend to commit these files into a repo*), or you can reference a secret, which External DNS will expect to find in its namespace.
@@ -997,32 +154,31 @@ And your sealed secret would end up in `external-dns/sealedsecret-cloudflare-api
### HelmRelease
-Lastly, having set the scene above, we define the HelmRelease which will actually deploy the external-dns controller into the cluster, with the config we defined above. I save this in my flux repo as `external-dns/helmrelease-external-dns.yaml`:
+Lastly, having set the scene above, we define the HelmRelease which will actually deploy the external-dns controller into the cluster, with the config we defined above. I save this in my flux repo as:
-??? example "Example HelmRelease (click to expand)"
- ```yaml
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
- kind: HelmRelease
- metadata:
- name: external-dns
- namespace: external-dns
+```yaml title="/external-dns/helmrelease-external-dns.yaml"
+ apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ metadata:
+ name: external-dns
+ namespace: external-dns
+ spec:
+ chart:
spec:
- chart:
- spec:
- chart: external-dns
- version: 4.x
- sourceRef:
- kind: HelmRepository
- name: bitnami
- namespace: flux-system
- interval: 15m
- timeout: 5m
- releaseName: external-dns
- valuesFrom:
- - kind: ConfigMap
- name: external-dns-helm-chart-value-overrides
- valuesKey: values.yaml # This is the default, but best to be explicit for clarity
- ```
+ chart: external-dns
+ version: 4.x
+ sourceRef:
+ kind: HelmRepository
+ name: bitnami
+ namespace: flux-system
+ interval: 15m
+ timeout: 5m
+ releaseName: external-dns
+ valuesFrom:
+ - kind: ConfigMap
+ name: external-dns-helm-chart-value-overrides
+ valuesKey: values.yaml # This is the default, but best to be explicit for clarity
+```
--8<-- "kubernetes-why-not-config-in-helmrelease.md"
diff --git a/docs/kubernetes/ingress/nginx.md b/docs/kubernetes/ingress/nginx.md
index 822047c..2a78fd6 100644
--- a/docs/kubernetes/ingress/nginx.md
+++ b/docs/kubernetes/ingress/nginx.md
@@ -80,7 +80,7 @@ Now that the "global" elements of this deployment (*Namespace and HelmRepository
### ConfigMap
-Now we're into the nginx-ingress-controller-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `nginx-ingress-controller/configmap-nginx-ingress-controller-helm-chart-value-overrides.yaml`:
+Now we're into the nginx-ingress-controller-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `nginx-ingress-controller/configmap-nginx-ingress-controller-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml
diff --git a/docs/kubernetes/ingress/traefik/index.md b/docs/kubernetes/ingress/traefik/index.md
index 055a7f3..30bd951 100644
--- a/docs/kubernetes/ingress/traefik/index.md
+++ b/docs/kubernetes/ingress/traefik/index.md
@@ -82,7 +82,7 @@ spec:
### ConfigMap
-Now we're into the traefik-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
+Now we're into the traefik-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="/traefik/configmap-traefik-helm-chart-value-overrides.yaml"
apiVersion: v1
diff --git a/docs/kubernetes/loadbalancer/metallb/index.md b/docs/kubernetes/loadbalancer/metallb/index.md
index c58276d..f9c8fdb 100644
--- a/docs/kubernetes/loadbalancer/metallb/index.md
+++ b/docs/kubernetes/loadbalancer/metallb/index.md
@@ -93,7 +93,7 @@ Now that the "global" elements of this deployment (*Namespace and HelmRepository
### ConfigMap (for HelmRelease)
-Now we're into the metallb-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/metallb/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `metallb-system/configmap-metallb-helm-chart-value-overrides.yaml`:
+Now we're into the metallb-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/metallb/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `metallb-system/configmap-metallb-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml
diff --git a/docs/kubernetes/persistence/rook-ceph/cluster.md b/docs/kubernetes/persistence/rook-ceph/cluster.md
index bade3c1..9a2f4d2 100644
--- a/docs/kubernetes/persistence/rook-ceph/cluster.md
+++ b/docs/kubernetes/persistence/rook-ceph/cluster.md
@@ -65,7 +65,7 @@ spec:
### ConfigMap
-Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
+Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="/rook-ceph-cluster/configmap-rook-ceph-cluster-helm-chart-value-overrides.yaml"
apiVersion: v1
diff --git a/docs/kubernetes/persistence/rook-ceph/operator.md b/docs/kubernetes/persistence/rook-ceph/operator.md
index 666b4dc..6210bf5 100644
--- a/docs/kubernetes/persistence/rook-ceph/operator.md
+++ b/docs/kubernetes/persistence/rook-ceph/operator.md
@@ -77,7 +77,7 @@ spec:
### ConfigMap
-Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
+Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="rook-ceph/configmap-rook-ceph-helm-chart-value-overrides.yaml"
apiVersion: v1
diff --git a/docs/kubernetes/persistence/topolvm.md b/docs/kubernetes/persistence/topolvm.md
index 340147c..e26ae49 100644
--- a/docs/kubernetes/persistence/topolvm.md
+++ b/docs/kubernetes/persistence/topolvm.md
@@ -109,7 +109,7 @@ Now that the "global" elements of this deployment (*Namespace and HelmRepository
### ConfigMap
-Now we're into the topolvm-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/topolvm/topolvm/blob/main/charts/topolvm/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `topolvm/configmap-topolvm-helm-chart-value-overrides.yaml`:
+Now we're into the topolvm-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/topolvm/topolvm/blob/main/charts/topolvm/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `topolvm/configmap-topolvm-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml
diff --git a/docs/kubernetes/sealed-secrets.md b/docs/kubernetes/sealed-secrets.md
index 98d8253..ff4d562 100644
--- a/docs/kubernetes/sealed-secrets.md
+++ b/docs/kubernetes/sealed-secrets.md
@@ -107,7 +107,7 @@ Now that the "global" elements of this deployment (*just the HelmRepository in t
### ConfigMap
{% raw %}
-Now we're into the sealed-secrets-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/sealed-secrets/blob/main/helm/sealed-secrets/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `sealed-secrets/configmap-sealed-secrets-helm-chart-value-overrides.yaml`:
+Now we're into the sealed-secrets-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/sealed-secrets/blob/main/helm/sealed-secrets/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `sealed-secrets/configmap-sealed-secrets-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml
diff --git a/docs/kubernetes/ssl-certificates/cert-manager.md b/docs/kubernetes/ssl-certificates/cert-manager.md
index d9e4169..48a5c44 100644
--- a/docs/kubernetes/ssl-certificates/cert-manager.md
+++ b/docs/kubernetes/ssl-certificates/cert-manager.md
@@ -75,7 +75,7 @@ spec:
### ConfigMap
-Now we're into the cert-manager-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/cert-manager/blob/main/helm/cert-manager/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
+Now we're into the cert-manager-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/cert-manager/blob/main/helm/cert-manager/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="/cert-manager/configmap-cert-manager-helm-chart-value-overrides.yaml"
apiVersion: v1
diff --git a/docs/kubernetes/ssl-certificates/secret-replicator.md b/docs/kubernetes/ssl-certificates/secret-replicator.md
index b5307d8..6f4ac78 100644
--- a/docs/kubernetes/ssl-certificates/secret-replicator.md
+++ b/docs/kubernetes/ssl-certificates/secret-replicator.md
@@ -67,7 +67,7 @@ spec:
### ConfigMap
-Now we're into the secret-replicator-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/kiwigrid/helm-charts/blob/master/charts/secret-replicator/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
+Now we're into the secret-replicator-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/kiwigrid/helm-charts/blob/master/charts/secret-replicator/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml hl_lines="21 27" title="/secret-replicator/configmap-secret-replicator-helm-chart-value-overrides.yaml"
apiVersion: v1
diff --git a/docs/premix/ansiblizing/index.md b/docs/premix/ansiblizing/index.md
new file mode 100644
index 0000000..dd26f78
--- /dev/null
+++ b/docs/premix/ansiblizing/index.md
@@ -0,0 +1,10 @@
+# Ansiblizing
+
+!!! warning "This section is under construction :hammer:"
+ This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)' "premix" repository
+ So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #premium-support channel if you're encountering issues 😁
+
+So you want to add a recipe to the the premix playbook which is not yet an Ansible role? Read on for details...
+
+1. [Ansiblizing for Docker Swarm](/premix/ansiblizing/swarm/)
+2. [Ansiblizing for Kubernetes (flux)](/premix/ansiblizing/kubernetes/)
\ No newline at end of file
diff --git a/docs/premix/ansiblizing/kubernetes.md b/docs/premix/ansiblizing/kubernetes.md
new file mode 100644
index 0000000..9513593
--- /dev/null
+++ b/docs/premix/ansiblizing/kubernetes.md
@@ -0,0 +1,41 @@
+# Ansiblizing a recipe for Kubernetes
+
+!!! warning "This section is under construction :hammer:"
+ This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)' "premix" repository
+ So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #premium-support channel if you're encountering issues 😁
+
+## Update deploy.yml
+
+Edit `ansible/deploy.yml`, and find the kubernetes section, starting with:
+
+```yaml
+# Create flux manifests using localhost
+- hosts: localhost
+```
+
+Add an `import_role` task like this (*alphabeticized*) at the bottom:
+
+```yaml
+# Traefik
+- { import_role: { name: flux-repo }, vars: { recipe: traefik, config: traefik }, tags: [ traefik ], when: combined_config.traefik.enabled | bool }
+```
+
+## Update config
+
+Edit `ansible/group_vars/all/main.yml`, and edit the `recipe_default_config` dictionary, adding the necessary values, like this:
+
+```yaml
+traefik:
+ enabled: true
+ helm_chart_namespace: traefik
+ helm_chart_name: traefik
+ helm_chart_repo: traefik
+ helm_chart_repo_url: https://helm.traefik.io/traefik
+ helm_chart_version: latest
+```
+
+## That's it!
+
+What, that's all? So easy?
+
+Yes, but remember all they playbook does in the case of a flux deployment is to create the necessary files for the user to customize themselves, since it's impractical to try to contain any chart config within our playbook!
diff --git a/docs/premix/ansiblizing/swarm.md b/docs/premix/ansiblizing/swarm.md
new file mode 100644
index 0000000..8a81d79
--- /dev/null
+++ b/docs/premix/ansiblizing/swarm.md
@@ -0,0 +1,44 @@
+# Ansiblizing a recipe for Swarm
+
+!!! warning "This section is under construction :hammer:"
+ This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)' "premix" repository
+ So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #premium-support channel if you're encountering issues 😁
+
+## Update deploy.yml
+
+Edit `ansible/deploy.yml`, and find the swarm section, starting with:
+
+```yaml
+### non-critical swarm recipes start here, alphabeticized
+```
+
+Add an `import_role` task like this (*alphabeticized*) at the bottom:
+
+```yaml
+# Setup immich
+- { import_role: { name: docker-stack }, vars: { recipe: immich }, tags: [ immich ], when: combined_config.immich.enabled | bool }
+```
+
+## Update config
+
+Edit `ansible/group_vars/all/main.yml`, and edit the `recipe_default_config` dictionary, adding the necessary values, like this:
+
+```yaml
+immich:
+ enabled: false #(1)!
+ run_pre_deploy: | #(2)!
+ mkdir -p /var/data/immich/database-dump
+ mkdir -p /var/data/immich/upload
+ mkdir -p /var/data/runtime/immich/database
+ run_post_deploy: | #(3)!
+ echo "this is just an example to show that it's possible to run tasks post-deploy!"
+```
+
+1. We disable all non-essential services by default - that way, the user can opt into them in their own config, which is later merged with this master config.
+2. Add as many pre-deploy commands as necessary - typically these will create the necessary data directories. `/var/data/config/` will be created automatically.
+3. Likewise, add any necessary post-deployment commands
+
+## Ensure the recipe files are valid
+
+The playbook assumes that `//.yml` and `//.env-sample` exist. Without these (*and any other supporting files, ending in `-sample`*), unpleasant things will happen!
+
diff --git a/docs/recipes/kubernetes/mastodon.md b/docs/recipes/kubernetes/mastodon.md
index d72b2aa..29f804c 100644
--- a/docs/recipes/kubernetes/mastodon.md
+++ b/docs/recipes/kubernetes/mastodon.md
@@ -104,7 +104,7 @@ spec:
### ConfigMap
-Now we're into the mastodon-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/mastodon/blob/main/helm/mastodon/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
+Now we're into the mastodon-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/mastodon/blob/main/helm/mastodon/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="mastodon/configmap-mastodon-helm-chart-value-overrides.yaml"
apiVersion: v1
diff --git a/mkdocs.yml b/mkdocs.yml
index bdc3793..90eda58 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -273,10 +273,18 @@ nav:
# - Webook Receiver: kubernetes/wip.md
- 🚀 Get Premix!:
- premix/index.md
- - Operation: premix/ansible/operation.md
- - Design: premix/ansible/design.md
- # - Swarm: premix/swarm.md
- # - Kubernetes: premix/kubernetes.md
+ - Get Started:
+ - Setup: premix/ansible/operation.md
+ - Deploy!:
+ - Swarm: premix/swarm.md
+ - Kubernetes: premix/kubernetes.md
+ - Contribute:
+ - Ansiblizing:
+ - premix/ansiblizing/index.md
+ - Swarm: premix/ansiblizing/swarm.md
+ - Kubernetes: premix/ansiblizing/kubernetes.md
+ - Reference:
+ - Design: premix/ansible/design.md
- ☑️ Reviews:
- review/index.md
- Immich: review/immich.md