Replace Bitnami Usage

[milldr]

what

• Migrated from deprecated Bitnami external-dns chart to official Kubernetes SIGs external-dns chart
• Updated chart repository from https://charts.bitnami.com/bitnami to https://kubernetes-sigs.github.io/external-dns/
• Modified configuration structure to match official chart format (e.g., provider.name: aws instead of provider: aws)
• Removed unused publish_internal_services variable
• Fixed deprecated Terraform index syntax (.* to [0])
• Updated documentation to reflect new chart structure and examples

why

• Bitnami external-dns chart is deprecated and no longer maintained
• Official Kubernetes SIGs chart provides active development and security updates
• Ensures long-term maintainability and support for the component
• Fixes TFLint warnings for deprecated syntax and unused variables
• Maintains all existing functionality while using actively supported chart

ref

• DEV-3586

Summary by CodeRabbit

• Documentation

  • Switched docs and examples to the official Kubernetes SIGs external-dns chart and updated links.
  • Removed publish_internal_services from docs and added rbac_enabled (default: true); updated examples to use provider.name and extraArgs.

• Chores

  • Migrated chart source/version to upstream external-dns (1.18.0) and aligned defaults.
  • Component/module creation and outputs now respect the enabled flag.

• Refactor

  • AWS config moved to provider/extraArgs style; removed legacy aws/rbac blocks.

• Tests

  • Updated fixtures and test expectations to match new repo/version and config format.

[coderabbitai]

Walkthrough

Migrate external-dns from Bitnami to Kubernetes SIGs, update Helm chart source/version and chart_values to provider.name + extraArgs, remove publish_internal_services variable and docs entry, gate module creation/outputs by local.enabled, and adjust IAM partition indexing and values YAML structure.

Changes

Cohort / File(s)	Summary of Changes
Docs: upstream external-dns references README.yaml, src/README.md, test/fixtures/stacks/catalog/usecase/*.yaml	Replace Bitnami references with Kubernetes SIGs external-dns, update chart_repository to https://kubernetes-sigs.github.io/external-dns/, set chart_version to 1.18.0, update Artifact Hub/GitHub links, and revise chart_values examples to use provider.name + extraArgs.
Docs: README inputs table README.md, src/README.md	Remove documentation entry for input_publish_internal_services; add/adjust input_rbac_enabled where noted; small formatting shifts in inputs table.
Terraform: module gating and outputs src/main.tf, src/outputs.tf	Add count = local.enabled ? 1 : 0 to module "external_dns"; change output metadata to local.enabled ? module.external_dns[0].metadata : null.
Terraform: IAM and Helm values structure src/main.tf, src/resources/values.yaml	Change ARN partition access to data.aws_partition.current[0].partition; remove inline aws region block and publishInternalServices in values; switch external-dns values to use provider = { name = "aws" } and top-level extraArgs (e.g., --aws-batch-change-size=1000).
Terraform vars: removed input src/variables.tf	Delete variable publish_internal_services (bool) and its block.
Tests: expectations & formatting test/component_test.go	Update metadata expectations (AppVersion 0.14.0→0.18.0, Version 6.33.0→1.18.0) and adjust unstructured DNSEndpoint map formatting.
Test fixtures: examples updated test/fixtures/stacks/catalog/usecase/basic.yaml, test/fixtures/stacks/catalog/usecase/disabled.yaml	Update chart_repository, chart_version, documentation links, and example chart_values to provider/extraArgs style; include ingress in sources and minor formatting (trailing newline).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant TF as Terraform
  participant Local as local.enabled
  participant Module as module.external_dns
  participant AWS as data.aws_partition

  note over TF,Local: plan/apply begins
  TF->>Local: evaluate local.enabled
  alt enabled == true
    TF->>Module: create module (count = 1)
    Module->>AWS: read partition (current[0].partition)
    Module->>Module: render Helm values (provider.name + extraArgs)
    Module-->>TF: export metadata (module.external_dns[0].metadata)
  else enabled == false
    TF-->>Module: skip creation (count = 0)
    TF-->>TF: output metadata = null
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

A rabbit swaps a chart with glee,
From Bitnami burrow to SIGs' tree.
Provider named, extraArgs in tow,
Gates open if the flags say so.
Little hops, the cluster grows — hop, go! 🥕🐇

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch replace-bitnami

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mergify]

Important

Description is necessary and should not be empty.

Kindly provide details with what was changed, why it was changed.

[milldr]

/terratest

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (6)

test/fixtures/stacks/catalog/usecase/disabled.yaml (2)

28-36: Example block aligns with upstream values schema—consider echoing a minimal concrete config

The example shifting to provider.name + extraArgs is correct for upstream. Optional: for consistency with basic.yaml, consider providing a minimal concrete chart_values example even in the disabled use case (will not apply when enabled=false) so test fixtures mirror the intended schema everywhere.

---

39-39: Nit: keep fixture comments aligned across use cases

dns_components: [] remains unchanged; no action needed. If you later add entries in basic.yaml to exercise multi-zone logic, mirror a commented example here for parity between fixtures.

src/resources/values.yaml (1)

1-5: Defaulting AWS flag via extraArgs is fine—document/guard list override behavior

Placing --aws-evaluate-target-health=false in extraArgs at the base values works, but note Helm’s list semantics: if users set chart_values.extraArgs, they will override (not merge) this default and silently drop the flag. Two options:

• Document this explicitly in README.yaml (values section) and in the catalog example.
• Or, in src/main.tf, render values as two separate values documents (base defaults and user overrides) where you programmatically concatenate lists. If helpful, I can propose a Terraform snippet to merge lists before yamlencoding.

I can open a follow-up PR that merges extraArgs from defaults + user input to avoid accidental drops.

src/main.tf (1)

50-74: Consider tying iam_role_enabled to component enablement

When the component is disabled, keeping iam_role_enabled = true is noisy and can surface evaluation gotchas in downstream expressions. Aligning it with local.enabled keeps behavior predictable and reduces risk.

-  iam_role_enabled = true
+  iam_role_enabled = local.enabled

src/README.md (2)

156-158: RBAC description is vague; clarify user intent

“Service Account for pods.” doesn’t explain behavior. Suggest clarifying that this toggles creation of RBAC resources (ClusterRole/Binding) required by the ServiceAccount.

-| <a name="input_rbac_enabled"></a> [rbac_enabled](#input_rbac_enabled) | Service Account for pods. | `bool` | `true` | no |
+| <a name="input_rbac_enabled"></a> [rbac_enabled](#input_rbac_enabled) | Whether to create RBAC resources (ClusterRole/ClusterRoleBinding) for the service account used by ExternalDNS. | `bool` | `true` | no |

---

51-52: Link points to Artifact Hub: consider adding a direct link to the chart values schema

For migrations, a direct link to the chart’s values.yaml (in GitHub) helps users map keys quickly when moving from Bitnami.

Propose adding a second link: “Values reference (GitHub)” right after the Artifact Hub link.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled
• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b86a2be and 396a365.

📒 Files selected for processing (8)

• README.md (1 hunks)
• README.yaml (4 hunks)
• src/README.md (5 hunks)
• src/main.tf (2 hunks)
• src/resources/values.yaml (1 hunks)
• src/variables.tf (1 hunks)
• test/fixtures/stacks/catalog/usecase/basic.yaml (2 hunks)
• test/fixtures/stacks/catalog/usecase/disabled.yaml (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Summary

🔇 Additional comments (11)

test/fixtures/stacks/catalog/usecase/disabled.yaml (1)

13-15: Verify external-dns chart version and Kubernetes compatibility

• Confirmed that version 1.18.0 of the external-dns Helm chart is published in the kubernetes-sigs repository, and that the current latest release is 1.19.0 .
• If you intend to stick with 1.18.0, please check its kubeVersion constraint in the Chart.yaml to ensure it supports your target Kubernetes versions. Otherwise, consider bumping to 1.19.0 for the latest fixes and features.

test/fixtures/stacks/catalog/usecase/basic.yaml (2)

28-36: Docs link and schema look correct for upstream; nice

The Artifact Hub path and the provider.name + extraArgs example align with upstream chart conventions.

---

13-15: external-dns Helm chart v1.18.0 is available and supports Kubernetes ≥1.21

• The external-dns-helm-chart-1.18.0 release is published in the https://kubernetes-sigs.github.io/external-dns/ repository. (github.com)
• According to the ExternalDNS compatibility matrix, versions ≥0.18.x (i.e. the chart’s AppVersion v0.18.0) only support Kubernetes 1.21 and above. Specifically:
  • Kubernetes 1.21 ✅
  • Kubernetes ≥1.22 and ≤1.32 ✅
  • Kubernetes ≥1.33 ✅
  • Kubernetes ≤1.20 ❌ (github.com)

Please ensure your CI clusters are running one of the supported Kubernetes versions (≥1.21) before pinning chart v1.18.0.

src/main.tf (2)

98-107: Provider block shape is correct as a mapping

The upstream external-dns chart v1.18.0 defines provider as a map with a name key (and additional subkeys such as webhook), not as a simple string. Your Terraform yamlencode already produces:

provider:
  name: aws
  # …other provider settings…

which exactly matches the chart’s values.yaml schema. No change is required here.

---

89-96: Manual Verification of External-DNS Metrics Keys Required

I attempted to fetch the upstream values.yaml for kubernetes-sigs/external-dns v1.18.0 but couldn’t locate any of the metrics, serviceMonitor, or prometheus blocks in the expected paths. To ensure we’re using the correct hierarchy for enabling the ServiceMonitor, please manually inspect the chart’s values.yaml at your targeted version and confirm which of the following is valid:

• serviceMonitor.enabled
• metrics.serviceMonitor.enabled
• prometheus.serviceMonitor.enabled

Once you’ve identified the correct path, update the snippet in src/main.tf (lines 89–96) so that the yamlencode matches the upstream schema.

src/README.md (2)

51-60: Provider configuration is already correct

The upstream Helm chart for ExternalDNS recommends using a nested provider.name field (with additional settings under provider.<name>.<key>) rather than the legacy flat provider: aws syntax — exactly as shown in your example snippet. (github.com, kubernetes-sigs.github.io)

No changes are needed to the README example.

Likely an incorrect or invalid review comment.

---

36-38: Chart version “1.18.0” upstream availability confirmed

• Verified that version 1.18.0 is listed in the external-dns Helm repository index (https://kubernetes-sigs.github.io/external-dns/index.yaml).
• No changes to the pinned chart_version in src/README.md (lines 36–38) are needed.

README.yaml (4)

6-8: Great doc update to upstream repo

Switching references to kubernetes-sigs/external-dns is consistent and clear. Nice.

---

68-75: References updated correctly

Artifact Hub and GitHub links now point to the upstream project. Looks good.

---

31-33: chart_version “1.18.0” confirmed in upstream repo

The pinned Helm chart version 1.18.0 was found in the external-dns index (see index.yaml lines showing version: 1.18.0 and corresponding download URL), so no update is needed and examples remain aligned.

---

51-55: No changes required for the provider shape
Upstream the external-dns Helm chart explicitly defines

provider:  # @schema type: [object, string];
  name: aws
  …

meaning it accepts either an object (with name and nested settings) or a simple string. The commented example in this README uses the object form, which exactly matches the chart’s default values.yaml. You may optionally use

provider: aws

for simpler cases, but the existing snippet is correct as written.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

src/main.tf (1)

61-61: Fix unsafe indexing: data.aws_partition when disabled will cause plan failure

Accessing data.aws_partition.current[0].partition will panic with an index error when local.enabled = false (because data.aws_partition.current has count = 0). Terraform still evaluates this expression even if the enclosing module has count = 0. This was raised earlier; repeating here since it remains.

Apply one of the safe patterns below (Option A mirrors prior behavior and avoids evaluation issues):

-      resources = formatlist("arn:${data.aws_partition.current[0].partition}:route53:::hostedzone/%s", local.zone_ids)
+      resources = formatlist("arn:${join("", data.aws_partition.current.*.partition)}:route53:::hostedzone/%s", local.zone_ids)

Or, short-circuit when disabled (also safe):

-      resources = formatlist("arn:${data.aws_partition.current[0].partition}:route53:::hostedzone/%s", local.zone_ids)
+      resources = local.enabled ? formatlist("arn:${join("", data.aws_partition.current.*.partition)}:route53:::hostedzone/%s", local.zone_ids) : []

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 396a365 and 299a927.

📒 Files selected for processing (2)

• src/main.tf (3 hunks)
• src/outputs.tf (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Summary

🔇 Additional comments (2)

src/outputs.tf (1)

2-2: LGTM: Output safely gated behind local.enabled

Using a conditional to avoid evaluating module.external_dns[0] when disabled prevents "index out of range" errors and matches the module’s count-based gating. Looks good.

src/main.tf (1)

27-27: LGTM: Module creation gated via count

count = local.enabled ? 1 : 0 is consistent with the output’s conditional indexing and prevents unnecessary evaluation of Helm arguments during disablement.

[goruha]

/terratest

[goruha]

@milldr can you fix the tests pls

[milldr]

/terratest

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

test/component_test.go (4)

69-76: Swap expected/actual in assertions to improve failure messages

assert.Equal takes expected before actual. Current order flips them, which muddles diffs on failure.

Apply this minimal diff for the changed lines:

-	assert.Equal(s.T(), metadata.AppVersion, "0.18.0")
+	assert.Equal(s.T(), "0.18.0", metadata.AppVersion)
...
-	assert.Equal(s.T(), metadata.Version, "1.18.0")
+	assert.Equal(s.T(), "1.18.0", metadata.Version)

If you want to align the whole block for consistency, I can follow up with a broader patch.

---

69-76: Reduce test flakiness: replace fixed 2-minute sleep with polling/backoff

ExternalDNS + Route53 propagation is eventually consistent; a fixed sleep can be flaky or unnecessarily slow.

Proposal: poll Route53 until the record appears (with timeout), instead of time.Sleep.

I can add a small helper (using the AWS SDK or a Terratest list call) to wait up to N minutes, checking every few seconds. Say the word and I’ll push a concrete implementation.

---

35-38: Nit: fix variable name typo for clarity

clusrerId → clusterID. Improves readability and follows Go naming conventions.

-	clusrerId := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
-	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), awsRegion, clusrerId)
+	clusterID := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
+	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), awsRegion, clusterID)

---

69-76: Centralize hard-coded version literals in tests

The assertions in test/component_test.go (lines 69–76) currently embed literal versions ("0.18.0" and "1.18.0") that don’t appear elsewhere in fixtures, source, or docs. Pinning these values in the test means you’ll need to update the file on every chart/app version bump.

• File: test/component_test.go
Lines: 69–76

Introduce file-level constants and update the assertions to use them:

 package test

+const (
+  expectedAppVersion   = "0.18.0"
+  expectedChartVersion = "1.18.0"
+)

@@ -69,7 +73,7 @@ func (s *ComponentTestSuite) TestMetadata() {
-  assert.Equal(s.T(), metadata.AppVersion, "0.18.0")
+  assert.Equal(s.T(), expectedAppVersion, metadata.AppVersion)
   assert.Equal(s.T(), metadata.Chart, "external-dns")
   assert.NotNil(s.T(), metadata.FirstDeployed)
   assert.NotNil(s.T(), metadata.LastDeployed)
@@ -75,7 +79,7 @@ func (s *ComponentTestSuite) TestMetadata() {
   assert.NotNil(s.T(), metadata.Values)
-  assert.Equal(s.T(), metadata.Version, "1.18.0")
+  assert.Equal(s.T(), expectedChartVersion, metadata.Version)
 }

Optional: if these version values are already surfaced via your Atmos stack inputs or another central source, consider reading them at test-time instead, so they automatically stay in sync.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e870970 and db4804a.

📒 Files selected for processing (1)

• test/component_test.go (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Summary

🔇 Additional comments (7)

test/component_test.go (7)

7-7: Import reordering looks good

Importing testing within the main block is correct and consistent with Go conventions.

---

9-9: Whitespace-only change

No functional impact.

---

12-13: Import aliasing and order are appropriate

awsHelper and helm are both used; aliases/readability are clear.

---

21-21: Runtime schema import is correct

Used for GroupVersionResource; matches usage below.

---

100-100: Formatting-only change

Map alignment change is cosmetic; no behavioral impact.

---

106-106: Formatting-only change

Whitespace alignment in the spec block; no functional difference.

---

21-21: Chart CRD configuration not found in this repository
It appears there is no Helm chart present here (no Chart.yaml or crds/ directory under any chart folder), so CRD installation and “CRD source” settings cannot be verified in this repo. Please instead confirm in your Helm chart repository that:

• The DNSEndpoint CRD (from externaldns.k8s.io/v1alpha1) is installed under the chart’s crds/ directory.
• The chart’s default values (or the CLI flags) enable the CRD source (e.g. --source=crd or values.sources includes "crd").
• If using an installCRDs toggle (for helm v3.7+), it’s set appropriately.

Likely an incorrect or invalid review comment.

[milldr]

/terratest

[milldr]

/terratest

[github-actions]

These changes were released in v2.0.0.