Closed sunsided closed 3 months ago
Thank you for your contribution. LGTM! I just copied your description of the change to a new value documentation file. I'm planning on adding some more documentation and I appreciate your extensive description of the change!
There's one little part missing when it comes to Reflector itself (namely the target secret), but that's easily found on the Reflector docs. It I don't forget about it tomorrow I'll add that in.
Here we go: For Reflector to work we also need to create the mirror (target) secret in ExternalDNS' namespace:
apiVersion: v1
kind: Secret
metadata:
# Change this to match the secretRef used in the ExternalDNS deployment:
name: pihole-password
# Change this to ExternalDNS' namespace:
namespace: external-dns
annotations:
# Change this to address the pihole password secret: 'namespace/secret-name':
reflector.v1.k8s.emberstack.com/reflects: "pihole/pihole-password"
data: {} # Will be overwritten by Reflector
I added the example to the documentation file. Could you please double check if the documentation makes sense as it is now?
@MoJo2600 Looks good to me. :)
Description of the change
Adds the
admin.annotations
value for adding annotations to the admin passwordSecret
.Benefits
By allowing annotations to be added to the password secret, we can use tools like Reflector to synchronize secrets across namespaces.
This is interesting e.g. with the ExternalDNS 0.14+'s Pi-Hole integration that can automatically expose Ingress host names to the Local DNS configuration:
Since the Secret reference can only refer to a secret in the same namespace as ExternalDNS, using Reflector is a viable option to synchronize the two secrets. This can now be done via
Possible drawbacks
Applicable issues
none
Additional information
none
Checklist