Hey Kubernetes community! I'm facing a challenge with my deployment. I'm using External-DNS to automatically register services in my PowerDNS setup, and while it's working seamlessly in my test environment, I'm stuck in production. Currently, I have to include the PowerDNS API key in plain text in my Helm values file, which isn't ideal since I'm using vault and external-secrets for sensitive data management. I attempted to set the API key using the extraEnv parameter in my Helm chart, but that didn't work out. Has anyone successfully tackled this issue? Thanks a ton for any help!
3 Answers
Hey there! I’m one of the maintainers for the ExternalDNS Helm chart. It seems you might be using the `extraEnv` parameter instead of the `env` one. Check out your values file and make sure to define the environment variable like this:
```yaml
env:
- name: EXTERNAL_DNS_PDNS_API_KEY
valueFrom:
secretKeyRef:
name: external-dns
key: EXTERNAL_DNS_PDNS_API_KEY
``` This should resolve your issue! Let me know if you have more questions.
Have you thought about setting the whole externaldns-config secret via the VSO? It can be more secure and give you more control. Also, if possible, I highly recommend switching to RFC2136 over the PDNS API for better granularity in managing zones.
Hi u/SysAdminPro, thanks for that tip! I’m using ESO, not VSO, and only have one secret for the API key. I tried implementing it in my Helm file but ran into issues with External-DNS recognizing the env correctly.
Here's how we handle the External-DNS Helm chart, and it works brilliantly for us. Make sure you're defining your API key correctly in the `env` section of your Helm chart to pull it from your secret. It should look something like this:
```yaml
env:
- name: EXTERNAL_DNS_PDNS_API_KEY
valueFrom:
secretKeyRef:
name: external-dns
key: EXTERNAL_DNS_PDNS_API_KEY
``` Adjusting this fixed our problems.
Uhhh okay, indeed it was the issue! Thanks! 😀