Skip to content

feat: add Azure DNS support to external_dns module #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
julianklas wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add Azure DNS support to external_dns module #158

julianklas wants to merge 3 commits into from

Conversation

@julianklas
Copy link
Contributor

@julianklas julianklas commented Jan 26, 2026

Summary

  • Add Azure DNS as a new provider option for the external_dns module
  • Support two authentication methods:
    • Azure Workload Identity (recommended for AKS) - uses pod identity with federated credentials
    • Service Principal - uses client ID/secret via azure.json config file
  • Add proper null-safe handling for provider-specific variables using ternary operators
  • Mount azure.json config file for service principal authentication

Changes

  • variables.tf: Added Azure-specific variables (azure_resource_group, azure_tenant_id, azure_subscription_id, azure_client_id, azure_client_secret, azure_use_workload_identity)
  • locals.tf: Added azure_workload_identity_config and azure_service_principal_config with proper volume mounts
  • secret.tf: Added Kubernetes secret for Azure credentials (azure.json format)
  • main.tf: Added Azure secret to helm release dependencies
  • README.md: Added usage examples for both Azure authentication methods

Test plan

  • Test with Azure Workload Identity on AKS cluster
  • Test with Service Principal authentication
  • Verify DNS records are created/updated correctly
  • Verify no regressions with existing providers (AWS, Cloudflare, OCI)

🤖 Generated with Claude Code

@claude
feat: add Azure DNS support to external_dns module
23943fe 
Add Azure DNS as a new provider option with two authentication methods:

1. Azure Workload Identity (recommended for AKS)
   - Uses pod identity with federated credentials
   - Configures service account with workload identity labels/annotations

2. Service Principal
   - Uses client ID/secret via azure.json config file
   - Mounts credentials as volume at /etc/kubernetes/azure.json

Changes:
- Add Azure-specific variables (resource_group, tenant_id, subscription_id,
  client_id, client_secret, use_workload_identity)
- Add azure_workload_identity_config and azure_service_principal_config
- Add Kubernetes secret for Azure credentials (azure.json format)
- Use null-safe ternary operators for provider-specific variables
- Update README with Azure usage examples

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@claude
feat(cert_manager): wire azure_client_secret through to helm chart
9e59af3 
Following the Cloudflare pattern, pass azure_client_secret through
locals.tf to the template so the helm chart receives it.

This fixes Azure DNS authentication for cert-manager when using
Service Principal credentials.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@julianklas julianklas force-pushed the feature/extenral-dns-azure branch from bc6a261 to 9e59af3 Compare January 27, 2026 00:10
@violenti
Copy link
Collaborator

violenti commented Jan 29, 2026

@julianklas The policy creation is missing; it should be in a folder like azure/dns_role. For example, in "oci", there is the dynamic groups folder

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@violenti violenti Awaiting requested review from violenti

@sebastiancorrea81 sebastiancorrea81 Awaiting requested review from sebastiancorrea81

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@julianklas @violenti