v0.3.0

What's changed in v0.3.0

• feat(deps): update crossplane-contrib/function-auto-ready docker tag to v0.6.4 (#2) (by @renovate[bot])

  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

See full diff: v0.2.0...v0.3.0

v0.2.0

What's changed in v0.2.0

• feat: istio source toggle and platform-default secret store (by @patrickleet)

  Adds spec.externalDNS.istio.enabled (defaults false). When on, ExternalDNS
  also watches istio-virtualservice and istio-gateway sources so Knative-on-
  Istio (and other Istio-routed) services auto-publish per-host DNS records
  without overrideAllValues gymnastics.

  Sources are now computed once in state-init instead of being hard-coded in
  the helm values block with the user's values appended below — this removes
  the duplicate-key YAML pattern that silently dropped overrides.

  Defaults externalSecrets.secretStoreRef.name to "hops-aws-secrets-manager"
  (the platform-wide ClusterSecretStore composed by aws-secret-stack), so
  consumer manifests only declare the AWS Secrets Manager path, not the
  backend reference.

See full diff: v0.1.2...v0.2.0

v0.1.2

What's changed in v0.1.2

• chore: Delete CHANGELOG.md (generated by each release) (by @patrickleet)

• fix: use chart's env: key, not extraEnvVars:, for CF_API_TOKEN injection (by @patrickleet)

  The external-dns Helm chart (v1.x) ignores extraEnvVars; environment
  variables on the controller pod are configured via the top-level env:
  array. The previous template wrote extraEnvVars and produced a pod
  without CF_API_TOKEN set, crashing with:

  failed to initialize cloudflare provider:
  invalid credentials: key & email must not be empty

  even when the cloudflare-api-token Secret was correctly populated by
  the ExternalSecret integration. Fixed by switching the values key.

See full diff: v0.1.1...v0.1.2

v0.1.1

What's changed in v0.1.1

• docs: add CHANGELOG.md so simple-release workflow can source release notes (by @patrickleet)

  The v0.1.0 GitHub Release was created manually because this file was
  missing; subsequent tags will pick notes from here.

• ci: enable automated version-and-tag on push to main (by @patrickleet)

  Adds the unbounded-tech/workflow-vnext-tag job after validate+test.
  Conventional commits on main now drive auto-tagging, which fires
  on-version-tagged → publish + simple-release.

  DEPLOY_KEY secret was provisioned via vnext generate-deploy-key.

See full diff: v0.1.0...v0.1.1

v0.1.0

v0.1.0 — initial release

ExternalDNS configured for Cloudflare, plus optional cert-manager DNS-01 ClusterIssuer integration and an ExternalSecrets-based DX for the Cloudflare API token.

What it does

• ExternalDNS Helm Release configured with provider.name: cloudflare. The pod reads CF_API_TOKEN from a K8s Secret (default name cloudflare-api-token, key api-token).
• cert-manager integration (spec.certManager.enabled: true, default): a Let's Encrypt DNS-01 ClusterIssuer wired to the Cloudflare API token Secret, plus a protection.crossplane.io.Usage that holds the external cert-manager Helm Release until the ClusterIssuer is deleted. This stack does not install cert-manager — pair with aws-cert-stack (or another install) when this is on.
• ExternalSecrets DX (spec.externalSecrets.enabled: true): one user-supplied backend ref fans out to ExternalSecret resources in both the external-dns and cert-manager namespaces, keeping the same Secret name + key in each.

Install

```yaml
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
name: cloudflare-dns-stack
spec:
package: ghcr.io/hops-ops/cloudflare-dns-stack:v0.1.0
```

Minimal claim

```yaml
apiVersion: cloudflare.hops.ops.com.ai/v1alpha1
kind: DNSStack
metadata:
name: dns
namespace: default
spec:
clusterName: my-cluster
domains:

• name: example.com
  clusterIssuer:
  email: admin@example.com
  ```

See the README for the full configuration reference and the with-external-secrets / standard examples.