Cutover external-dns-unifi to API key (#3496)

* feat(external-dns): cut to API key instead of user/pass

* feat(external-dns): new release

kubernetes/main/apps/network/external-dns/unifi/externalsecret.yaml

@@ -3,7 +3,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: &name external-dns-unifi-secret
+  name: &name external-dns-unifi
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -13,8 +13,7 @@ spec:
     template:
       engineVersion: v2
       data:
-        EXTERNAL_DNS_UNIFI_USER: "{{ .EXTERNAL_DNS_UNIFI_USER }}"
-        EXTERNAL_DNS_UNIFI_PASS: "{{ .EXTERNAL_DNS_UNIFI_PASS }}"
+        EXTERNAL_DNS_UNIFI_API_KEY: "{{ .EXTERNAL_DNS_UNIFI_API_KEY }}"
   dataFrom:
   - extract:
       key: unifi

kubernetes/main/apps/network/external-dns/unifi/helmrelease.yaml

@@ -30,20 +30,15 @@ spec:
       webhook:
         image:
           repository: ghcr.io/kashalls/external-dns-unifi-webhook
-          tag: v0.3.4@sha256:28dc00c7a21f9571d43181fcc0dd3de59e291741f27bc075d7e06378876b2974
+          tag: v0.4.0@sha256:f71f9e64f723a1af77e9ecdcbaef2db2095721d33b385baee1848d0bf09d44e7
         env:
           - name: UNIFI_HOST
             value: https://192.168.1.1
-          - name: UNIFI_USER
+          - name: UNIFI_API_KEY
             valueFrom:
               secretKeyRef:
-                name: &secret external-dns-unifi-secret
-                key: EXTERNAL_DNS_UNIFI_USER
-          - name: UNIFI_PASS
-            valueFrom:
-              secretKeyRef:
-                name: *secret
-                key: EXTERNAL_DNS_UNIFI_PASS
+                name: &secret external-dns-unifi
+                key: EXTERNAL_DNS_UNIFI_API_KEY
           # - name: LOG_LEVEL
           #   value: "debug"
         livenessProbe:
@@ -63,8 +58,8 @@ spec:
     triggerLoopOnEvent: true
     policy: sync
     sources: ["ingress", "service"]
-    txtOwnerId: main
-    txtPrefix: k8s.main.
+    txtOwnerId: ${CLUSTER}
+    txtPrefix: k8s.${CLUSTER}.
     domainFilters: ["${SECRET_DOMAIN}"]
     serviceMonitor:
       enabled: true

kubernetes/utility/apps/network/external-dns/unifi/externalsecret.yaml

@@ -3,7 +3,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: &name external-dns-unifi-secret
+  name: &name external-dns-unifi
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -13,8 +13,7 @@ spec:
     template:
       engineVersion: v2
       data:
-        EXTERNAL_DNS_UNIFI_USER: "{{ .EXTERNAL_DNS_UNIFI_USER }}"
-        EXTERNAL_DNS_UNIFI_PASS: "{{ .EXTERNAL_DNS_UNIFI_PASS }}"
+        EXTERNAL_DNS_UNIFI_API_KEY: "{{ .EXTERNAL_DNS_UNIFI_API_KEY }}"
   dataFrom:
   - extract:
       key: unifi

kubernetes/utility/apps/network/external-dns/unifi/helmrelease.yaml

@@ -30,20 +30,15 @@ spec:
       webhook:
         image:
           repository: ghcr.io/kashalls/external-dns-unifi-webhook
-          tag: v0.3.4@sha256:28dc00c7a21f9571d43181fcc0dd3de59e291741f27bc075d7e06378876b2974
+          tag: v0.4.0@sha256:f71f9e64f723a1af77e9ecdcbaef2db2095721d33b385baee1848d0bf09d44e7
         env:
           - name: UNIFI_HOST
             value: https://192.168.1.1
-          - name: UNIFI_USER
+          - name: UNIFI_API_KEY
             valueFrom:
               secretKeyRef:
-                name: &secret external-dns-unifi-secret
-                key: EXTERNAL_DNS_UNIFI_USER
-          - name: UNIFI_PASS
-            valueFrom:
-              secretKeyRef:
-                name: *secret
-                key: EXTERNAL_DNS_UNIFI_PASS
+                name: &secret external-dns-unifi
+                key: EXTERNAL_DNS_UNIFI_API_KEY
           # - name: LOG_LEVEL
           #   value: "debug"
         livenessProbe:
@@ -63,8 +58,8 @@ spec:
     triggerLoopOnEvent: true
     policy: sync
     sources: ["ingress", "service"]
-    txtOwnerId: utility
-    txtPrefix: k8s.utility.
+    txtOwnerId: ${CLUSTER}
+    txtPrefix: k8s.${CLUSTER}.
     domainFilters: ["${SECRET_DOMAIN}"]
     serviceMonitor:
       enabled: true