charts icon indicating copy to clipboard operation
charts copied to clipboard

Published 20 hours ago verified publisher icon bitnami

[bitnami/external-dns] feat: Add support for TXT record encryption

Open lusu007 opened this issue 1 year ago • 1 comments

Description of the change

This PR introduces support for TXT record encryption in the external-dns Helm chart.

The txtEncrypt section has been added to the values.yaml file. This section allows enabling TXT record encryption and specifying the AES-256-GCM encryption key or an existing secret name to be used. The templates _helpers.tpl, dep-ds.yaml, and secret.yaml have been modified to include the necessary configuration and environment variables related to TXT record encryption.

Benefits

Possibility to configure TXT Registry encryption. See: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry/txt.md

Possible drawbacks

None

Applicable issues

  • fixes #23563

Additional information

None

Checklist

  • [x] Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
  • [x] Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • [x] Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
  • [x] All commits signed off and in agreement of Developer Certificate of Origin (DCO)

lusu007 avatar Feb 16 '24 19:02 lusu007

We could further enhance this functionality by adding a default value to aesKey generated by Helm using the randAlphaNum 32 function.

What do you think about this @migruiz4?

lusu007 avatar Feb 19 '24 13:02 lusu007

Hi @lusu007,

I'm sorry for the late response.

We could further enhance this functionality by adding a default value to aesKey generated by Helm using the randAlphaNum 32 function.

Your idea sounds great to me, just be careful to replace characters similar to what upstream recommends:

openssl rand -base64 32 | tr -- '+/' '-_'

This should be the equivalent Helm function {{ randAlphaNum 32 | replace "+" "-" | replace "/" "_" }}.

migruiz4 avatar Feb 27 '24 11:02 migruiz4

Hi @lusu007,

I'm sorry for the late response.

We could further enhance this functionality by adding a default value to aesKey generated by Helm using the randAlphaNum 32 function.

Your idea sounds great to me, just be careful to replace characters similar to what upstream recommends:

openssl rand -base64 32 | tr -- '+/' '-_'

This should be the equivalent Helm function {{ randAlphaNum 32 | replace "+" "-" | replace "/" "_" }}.

@migruiz4 Done! 😊

lusu007 avatar Feb 27 '24 11:02 lusu007

Ping @migruiz4

lusu007 avatar Mar 07 '24 08:03 lusu007