cozystack · mattia-eleuteri · Feb 16, 2026 · coderabbitai · Feb 12, 2026
@@ -0,0 +1,44 @@
+#!/usr/bin/env bats
+
+@test "Create and Verify ExternalDNS with inmemory provider" {
+  name='test'
+  kubectl apply -f - <<EOF
+apiVersion: apps.cozystack.io/v1alpha1
+kind: ExternalDNS
+metadata:
+  name: ${name}
+  namespace: tenant-test
+spec:
+  provider: inmemory
+  domainFilters:
+    - example.com
+EOF
+
+  sleep 5
+  kubectl -n tenant-test wait hr ${name} --timeout=120s --for=condition=ready
+  timeout 60 sh -ec "until kubectl -n tenant-test get deploy -l app.kubernetes.io/name=external-dns -o jsonpath='{.items[0].status.readyReplicas}' | grep -q '1'; do sleep 5; done"
+
+  kubectl -n tenant-test delete externaldns.apps.cozystack.io ${name}
+}
+
+@test "Create and Verify ExternalDNS with custom annotationPrefix" {
+  name='test-prefix'
+  kubectl apply -f - <<EOF
+apiVersion: apps.cozystack.io/v1alpha1
+kind: ExternalDNS
+metadata:
+  name: ${name}
+  namespace: tenant-test
+spec:
+  provider: inmemory
+  annotationPrefix: custom-dns
+  domainFilters:
+    - example.org
+EOF
+
+  sleep 5
+  kubectl -n tenant-test wait hr ${name} --timeout=120s --for=condition=ready
+  timeout 60 sh -ec "until kubectl -n tenant-test get deploy -l app.kubernetes.io/name=external-dns -o jsonpath='{.items[0].status.readyReplicas}' | grep -q '1'; do sleep 5; done"
+
+  kubectl -n tenant-test delete externaldns.apps.cozystack.io ${name}
+}
@@ -41,6 +41,9 @@ spec:
         publishing:
           host: "example.org"
           apiServerEndpoint: "https://192.168.123.10:6443"
+        bundles:
+          enabledPackages:
+            - cozystack.external-dns-application
 EOF
 
   # Wait until HelmReleases appear & reconcile them

@@ -0,0 +1,29 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: PackageSource
+metadata:
+  name: cozystack.external-dns-application
+spec:
+  sourceRef:
+    kind: OCIRepository
+    name: cozystack-packages
+    namespace: cozy-system
+    path: /
+  variants:
+    - name: default
+      dependsOn:
+        - cozystack.networking
+      libraries:
+        - name: cozy-lib
+          path: library/cozy-lib
+      components:
+        - name: external-dns-system
+          path: system/external-dns
+        - name: external-dns
+          path: extra/external-dns
+          libraries: ["cozy-lib"]
+        - name: external-dns-rd
+          path: system/external-dns-rd
+          install:
+            namespace: cozy-system
+            releaseName: external-dns-rd
@@ -148,6 +148,7 @@
 {{include "cozystack.platform.package.optional.default" (list "cozystack.nfs-driver" $) }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.telepresence" $) }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.external-dns" $) }}
+{{include "cozystack.platform.package.optional.default" (list "cozystack.external-dns-application" $) }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.external-secrets-operator" $) }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.bootbox" $) }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.hetzner-robotlb" $) }}

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: external-dns
+description: External DNS for automatic DNS record management
+icon: /logos/external-dns.svg
+type: application
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
@@ -0,0 +1,7 @@
+NAME=external-dns
+
+include ../../../hack/package.mk
+
+generate:
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
+	../../../hack/update-crd.sh
@@ -0,0 +1,88 @@
+# External DNS
+
+## Parameters
+
+### Common parameters
+
+| Name               | Description                                                                        | Type       | Value         |
+| ------------------ | ---------------------------------------------------------------------------------- | ---------- | ------------- |
+| `provider`         | DNS provider name.                                                                 | `string`   | `{}`          |
+| `domainFilters`    | List of domains this external-dns instance can manage.                             | `[]string` | `[]`          |
+| `policy`           | How DNS records are synchronized.                                                  | `string`   | `upsert-only` |
+| `extraArgs`        | Extra arguments for external-dns.                                                  | `[]string` | `[]`          |
+| `gatewayAPI`       | Enable Gateway API HTTPRoute as a source for DNS records.                          | `bool`     | `false`       |
+| `annotationPrefix` | Custom annotation prefix for external-dns (useful for running multiple instances). | `string`   | `""`          |
+
+
+### Cloudflare
+
+| Name         | Description                      | Type     | Value                                                       |
+| ------------ | -------------------------------- | -------- | ----------------------------------------------------------- |
+| `cloudflare` | Cloudflare provider credentials. | `object` | `{"apiEmail":"","apiKey":"","apiToken":"","proxied":false}` |
+
+
+### AWS
+
+| Name  | Description                       | Type     | Value                                                               |
+| ----- | --------------------------------- | -------- | ------------------------------------------------------------------- |
+| `aws` | AWS Route53 provider credentials. | `object` | `{"accessKeyId":"","region":"","secretAccessKey":"","zoneType":""}` |
+
+
+### Azure
+
+| Name    | Description                     | Type     | Value                                                                                          |
+| ------- | ------------------------------- | -------- | ---------------------------------------------------------------------------------------------- |
+| `azure` | Azure DNS provider credentials. | `object` | `{"aadClientId":"","aadClientSecret":"","resourceGroup":"","subscriptionId":"","tenantId":""}` |
+
+
+### Google
+
+| Name     | Description                            | Type     | Value                                   |
+| -------- | -------------------------------------- | -------- | --------------------------------------- |
+| `google` | Google Cloud DNS provider credentials. | `object` | `{"project":"","serviceAccountKey":""}` |
+
+
+### DigitalOcean
+
+| Name           | Description                            | Type     | Value          |
+| -------------- | -------------------------------------- | -------- | -------------- |
+| `digitalocean` | DigitalOcean DNS provider credentials. | `object` | `{"token":""}` |
+
+
+### Linode
+
+| Name     | Description                      | Type     | Value          |
+| -------- | -------------------------------- | -------- | -------------- |
+| `linode` | Linode DNS provider credentials. | `object` | `{"token":""}` |
+
+
+### OVH
+
+| Name  | Description                   | Type     | Value                                                                         |
+| ----- | ----------------------------- | -------- | ----------------------------------------------------------------------------- |
+| `ovh` | OVH DNS provider credentials. | `object` | `{"applicationKey":"","applicationSecret":"","consumerKey":"","endpoint":""}` |
+
+
+### Exoscale
+
+| Name       | Description                        | Type     | Value                          |
+| ---------- | ---------------------------------- | -------- | ------------------------------ |
+| `exoscale` | Exoscale DNS provider credentials. | `object` | `{"apiKey":"","apiSecret":""}` |
+
+
+### GoDaddy
+
+| Name      | Description                       | Type     | Value                          |
+| --------- | --------------------------------- | -------- | ------------------------------ |
+| `godaddy` | GoDaddy DNS provider credentials. | `object` | `{"apiKey":"","apiSecret":""}` |
+
+
+### Resources
+
+| Name               | Description                                                                                              | Type       | Value  |
+| ------------------ | -------------------------------------------------------------------------------------------------------- | ---------- | ------ |
+| `resources`        | Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`   |
+| `resources.cpu`    | CPU available to each replica.                                                                           | `quantity` | `""`   |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                  | `quantity` | `""`   |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                  | `string`   | `nano` |
+
@@ -0,0 +1 @@
+../../../library/cozy-lib
@@ -0,0 +1,23 @@
+{
+  "comments": {
+    "format": "##"
+  },
+  "tags": {
+    "param": "@param",
+    "section": "@section",
+    "descriptionStart": "@descriptionStart",
+    "descriptionEnd": "@descriptionEnd",
+    "skip": "@skip",
+    "extra": "@extra"
+  },
+  "modifiers": {
+    "array": "array",
+    "object": "object",
+    "string": "string",
+    "nullable": "nullable",
+    "default": "default"
+  },
+  "regexp": {
+    "paramsSectionTitle": "Parameters"
+  }
+}
@@ -0,0 +1,3 @@
+{{- if ne .Release.Name .Chart.Name }}
+{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }}
+{{- end -}}
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - helm.toolkit.fluxcd.io
+  resources:
+  - helmreleases
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+subjects:
+{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "admin" .Release.Namespace) }}
+roleRef:
+  kind: Role
+  name: {{ .Release.Name }}-dashboard-resources
+  apiGroup: rbac.authorization.k8s.io