rackerlabs
diff --git a/‎charts/test.yaml
Lines changed: 213 additions & 0 deletions b/‎charts/test.yaml
Lines changed: 213 additions & 0 deletions
diff --git a/‎charts/values.yaml
Lines changed: 1 addition & 0 deletions b/‎charts/values.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎cmd/webhook/main.go
Lines changed: 20 additions & 8 deletions b/‎cmd/webhook/main.go
Lines changed: 20 additions & 8 deletions
diff --git a/‎internal/providers/auth.go
Lines changed: 29 additions & 0 deletions b/‎internal/providers/auth.go
Lines changed: 29 additions & 0 deletions
@@ -0,0 +1,213 @@
+---
+# Source: external-dns-rackspace/templates/serviceaccount.yaml
+# templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: default
+  labels:
+    app.kubernetes.io/name: external-dns
+    app.kubernetes.io/instance: dns
+---
+# Source: external-dns-rackspace/templates/secret.yaml
+# templates/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-dns-rackspace-webhook
+  namespace: default
+  labels:
+    app.kubernetes.io/name: external-dns
+    app.kubernetes.io/instance: dns
+type: Opaque
+stringData:
+  username: "YOUR_USERNAME"
+  api-key: "YOUR_API_KEY"
+---
+# Source: external-dns-rackspace/templates/clusterrole.yaml
+# templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dns-external-dns
+  labels:
+    app.kubernetes.io/name: external-dns
+    app.kubernetes.io/instance: dns
+rules:
+  - apiGroups: [""]
+    resources: ["services","endpoints","pods", "nodes"]
+    verbs: ["get","list","watch"]
+  - apiGroups: ["networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get","list","watch"]
+  - apiGroups: ["discovery.k8s.io"]
+    resources: ["endpointslices"]
+    verbs: ["get","list","watch"]
+---
+# Source: external-dns-rackspace/templates/clusterrolebinding.yaml
+# templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dns-external-dns-viewer
+  labels:
+    app.kubernetes.io/name: external-dns
+    app.kubernetes.io/instance: dns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: dns-external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: default
+---
+# Source: external-dns-rackspace/templates/service.yaml
+# templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: dns-external-dns
+  namespace: default
+  labels:
+    app.kubernetes.io/name: external-dns
+    app.kubernetes.io/instance: dns
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: external-dns
+    app.kubernetes.io/instance: dns
+  ports:
+  - name: http
+    port: 7979
+    targetPort: http
+    protocol: TCP
+---
+# Source: external-dns-rackspace/templates/deployment.yaml
+# templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dns-external-dns
+  namespace: default
+  labels:
+    app.kubernetes.io/name: external-dns
+    app.kubernetes.io/instance: dns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: external-dns
+      app.kubernetes.io/instance: dns
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: external-dns
+        app.kubernetes.io/instance: dns
+    spec:
+      serviceAccountName: external-dns
+      securityContext:
+        fsGroup: 65534
+      containers:
+      - name: external-dns
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65534
+        image: "registry.k8s.io/external-dns/external-dns:v0.18.0"
+        imagePullPolicy: IfNotPresent
+        args:
+          - --domain-filter=mydomain.com
+          - "--source=service"
+          - "--source=ingress"
+          - "--interval=2m"
+          - "--provider=webhook"
+          - "--webhook-provider-url=http://localhost:8888"
+          - "--policy=sync"
+          - "--log-level=debug"
+          - "--registry=noop"
+        ports:
+        - name: http
+          protocol: TCP
+          containerPort: 7979
+        livenessProbe:
+          failureThreshold: 2
+          httpGet:
+            path: /healthz
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        readinessProbe:
+          failureThreshold: 6
+          httpGet:
+            path: /healthz
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        resources:
+          {}
+      - name: rackspace-webhook
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65534
+        image: "ghcr.io/rackerlabs/external-dns-rackspace-webhook:latest"
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: http
+          protocol: TCP
+          containerPort: 8888
+        livenessProbe:
+          failureThreshold: 2
+          httpGet:
+            path: /healthz
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        readinessProbe:
+          failureThreshold: 6
+          httpGet:
+            path: /healthz
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        env:
+        - name: RACKSPACE_IDENTITY_ENDPOINT
+          value: "mydomain.com"
+        - name: DOMAIN_FILTER
+          value: "mydomain.com"
+        - name: RACKSPACE_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: external-dns-rackspace-webhook
+              key: username
+        - name: RACKSPACE_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: external-dns-rackspace-webhook
+              key: api-key
+        - name: DRY_RUN
+          value: "false"
+        - name: LOG_LEVEL
+          value: "info"
+        - name: RACKSPACE_IDENTITY_ENDPOINT
+          value: "https://identity.api.rackspacecloud.com/v2.0/"
+        resources:
+          {}
@@ -73,6 +73,7 @@ rackspaceWebhook:
   env:
     LOG_LEVEL: info
     DRY_RUN: "false"
+    RACKSPACE_IDENTITY_ENDPOINT: "https://identity.api.rackspacecloud.com/v2.0/"
   containerSecurityContext:
     capabilities:
       drop:
 
@@ -14,7 +14,10 @@ import (
 	"github.com/rackerlabs/external-dns-rackspace-webhook/internal/routes"
 )
 
-const defaultPort = 8888
+const (
+	defaultPort             = 8888
+	defaultIdentityEndpoint = "https://identity.api.rackspacecloud.com/v2.0/"
+)
 
 func main() {
 	config := loadConfig()
@@ -28,28 +31,33 @@ func main() {
 	e.HideBanner = true
 	routes.ConfigureRoutes(e, handler)
 
-	if err = e.Start(fmt.Sprintf(":%d", getStartPort())); err != nil {
+	port, err := getStartPort()
+	if err != nil {
+		log.Fatalf("invalid port", err)
+	}
+
+	if err = e.Start(fmt.Sprintf(":%d", port)); err != nil {
 		log.Fatalf("failed to start server: %v", err)
 	}
 }
 
-func getStartPort() int {
+func getStartPort() (int, error) {
 	portStr := os.Getenv("PORT")
 	if portStr == "" {
-		return defaultPort
+		return defaultPort, nil
 	}
 	port, err := strconv.Atoi(portStr)
-	if err != nil || port <= 0 {
-		return defaultPort
+	if err != nil {
+		return 0, fmt.Errorf("invalid port %s", err.Error())
 	}
-	return port
+	return port, nil
 }
 
 func loadConfig() *providers.RackspaceConfig {
 	config := &providers.RackspaceConfig{
 		Username:         os.Getenv("RACKSPACE_USERNAME"),
 		APIKey:           os.Getenv("RACKSPACE_API_KEY"),
-		IdentityEndpoint: "https://identity.api.rackspacecloud.com/v2.0/",
+		IdentityEndpoint: os.Getenv("RACKSPACE_IDENTITY_ENDPOINT"),
 		DryRun:           false,
 		LogLevel:         "info",
 	}
@@ -66,6 +74,10 @@ func loadConfig() *providers.RackspaceConfig {
 		config.LogLevel = logLevel
 	}
 
+	if config.IdentityEndpoint == "" {
+		config.IdentityEndpoint = defaultIdentityEndpoint
+	}
+
 	// Validate required fields
 	if config.Username == "" || config.APIKey == "" {
 		log.Fatal("RACKSPACE_USERNAME and RACKSPACE_API_KEY are required")
 
@@ -0,0 +1,29 @@
+package providers
+
+import (
+	"context"
+
+	"github.com/gophercloud/gophercloud/v2"
+	"github.com/rackerlabs/goclouddns"
+	"github.com/rackerlabs/goraxauth"
+)
+
+// AuthProvider interface abstracts the authentication process
+type AuthProvider interface {
+	Authenticate(ctx context.Context, opts goraxauth.AuthOptions) (*gophercloud.ProviderClient, error)
+	CreateDNSClient(provider *gophercloud.ProviderClient, opts gophercloud.EndpointOpts) (*gophercloud.ServiceClient, error)
+}
+
+type RackspaceAuthProvider struct{}
+
+func NewRackspaceAuthProvider() *RackspaceAuthProvider {
+	return &RackspaceAuthProvider{}
+}
+
+func (r *RackspaceAuthProvider) Authenticate(ctx context.Context, opts goraxauth.AuthOptions) (*gophercloud.ProviderClient, error) {
+	return goraxauth.AuthenticatedClient(ctx, opts)
+}
+
+func (r *RackspaceAuthProvider) CreateDNSClient(provider *gophercloud.ProviderClient, opts gophercloud.EndpointOpts) (*gophercloud.ServiceClient, error) {
+	return goclouddns.NewCloudDNS(provider, opts)
+}