diff --git a/docs/tutorials/aws.md b/docs/tutorials/aws.md index b14136ad3..6b073b574 100644 --- a/docs/tutorials/aws.md +++ b/docs/tutorials/aws.md @@ -557,6 +557,10 @@ Annotations which are specific to AWS. `external-dns.alpha.kubernetes.io/alias` if set to `true` on an ingress, it will create an ALIAS record when the target is an ALIAS as well. To make the target an alias, the ingress needs to be configured correctly as described in [the docs](./nginx-ingress.md#with-a-separate-tcp-load-balancer). In particular, the argument `--publish-service=default/nginx-ingress-controller` has to be set on the `nginx-ingress-controller` container. If one uses the `nginx-ingress` Helm chart, this flag can be set with the `controller.publishService.enabled` configuration option. +### target-hosted-zone + +`external-dns.alpha.kubernetes.io/aws-target-hosted-zone` can optionally be set to the ID of a Route53 hosted zone. This will force external-dns to use the specified hosted zone when creating an ALIAS target. + ## Verify ExternalDNS works (Service example) Create the following sample application to test that ExternalDNS works. @@ -833,6 +837,14 @@ You can configure Route53 to associate DNS records with healthchecks for automat Note: ExternalDNS does not support creating healthchecks, and assumes that `` already exists. +## Canonical Hosted Zones + +When creating ALIAS type records in Route53 it is required that external-dns be aware of the canonical hosted zone in which +the specified hostname is created. External-dns is able to automatically identify the canonical hosted zone for many +hostnames based upon known hostname suffixes which are defined in [aws.go](../../provider/aws/aws.go). If a hostname +does not have a known suffix then the suffix can be added into `aws.go` or the [target-hosted-zone annotation](#target-hosted-zone) +can be used to manually define the ID of the canonical hosted zone. + ## Govcloud caveats Due to the special nature with how Route53 runs in Govcloud, there are a few tweaks in the deployment settings. diff --git a/provider/aws/aws.go b/provider/aws/aws.go index 6818cc375..5f7457420 100644 --- a/provider/aws/aws.go +++ b/provider/aws/aws.go @@ -127,6 +127,36 @@ var canonicalHostedZones = map[string]string{ "awsglobalaccelerator.com": "Z2BJ6XQ5FK7U4H", // Cloudfront "cloudfront.net": "Z2FDTNDATAQYW2", + // VPC Endpoint (PrivateLink) + "eu-west-2.vpce.amazonaws.com": "Z7K1066E3PUKB", + "us-east-2.vpce.amazonaws.com": "ZC8PG0KIFKBRI", + "af-south-1.vpce.amazonaws.com": "Z09302161J80N9A7UTP7U", + "ap-east-1.vpce.amazonaws.com": "Z2LIHJ7PKBEMWN", + "ap-northeast-1.vpce.amazonaws.com": "Z2E726K9Y6RL4W", + "ap-northeast-2.vpce.amazonaws.com": "Z27UANNT0PRK1T", + "ap-northeast-3.vpce.amazonaws.com": "Z376B5OMM2JZL2", + "ap-south-1.vpce.amazonaws.com": "Z2KVTB3ZLFM7JR", + "ap-south-2.vpce.amazonaws.com": "Z0952991RWSF5AHIQDIY", + "ap-southeast-1.vpce.amazonaws.com": "Z18LLCSTV4NVNL", + "ap-southeast-2.vpce.amazonaws.com": "ZDK2GCRPAFKGO", + "ap-southeast-3.vpce.amazonaws.com": "Z03881013RZ9BYYZO8N5W", + "ap-southeast-4.vpce.amazonaws.com": "Z07508191CO1RNBX3X3AU", + "ca-central-1.vpce.amazonaws.com": "ZRCXCF510Y6P9", + "eu-central-1.vpce.amazonaws.com": "Z273ZU8SZ5RJPC", + "eu-central-2.vpce.amazonaws.com": "Z045369019J4FUQ4S272E", + "eu-north-1.vpce.amazonaws.com": "Z3OWWK6JFDEDGC", + "eu-south-1.vpce.amazonaws.com": "Z2A5FDNRLY7KZG", + "eu-south-2.vpce.amazonaws.com": "Z014396544HENR57XQCJ", + "eu-west-1.vpce.amazonaws.com": "Z38GZ743OKFT7T", + "eu-west-3.vpce.amazonaws.com": "Z1DWHTMFP0WECP", + "me-central-1.vpce.amazonaws.com": "Z07122992YCEUCB9A9570", + "me-south-1.vpce.amazonaws.com": "Z3B95P3VBGEQGY", + "sa-east-1.vpce.amazonaws.com": "Z2LXUWEVLCVZIB", + "us-east-1.vpce.amazonaws.com": "Z7HUB22UULQXV", + "us-gov-east-1.vpce.amazonaws.com": "Z2MU5TEIGO9WXB", + "us-gov-west-1.vpce.amazonaws.com": "Z12529ZODG2B6H", + "us-west-1.vpce.amazonaws.com": "Z12I86A8N7VCZO", + "us-west-2.vpce.amazonaws.com": "Z1YSA3EXCYUU9Z", } // Route53API is the subset of the AWS Route53 API that we actually use. Add methods as required. Signatures must match exactly. diff --git a/provider/aws/aws_test.go b/provider/aws/aws_test.go index fee401373..362ebb989 100644 --- a/provider/aws/aws_test.go +++ b/provider/aws/aws_test.go @@ -1183,62 +1183,13 @@ func TestAWSisAWSAlias(t *testing.T) { } func TestAWSCanonicalHostedZone(t *testing.T) { - for _, tc := range []struct { - hostname string - expected string - }{ - // Application Load Balancers and Classic Load Balancers - {"foo.us-east-2.elb.amazonaws.com", "Z3AADJGX6KTTL2"}, - {"foo.us-east-1.elb.amazonaws.com", "Z35SXDOTRQ7X7K"}, - {"foo.us-west-1.elb.amazonaws.com", "Z368ELLRRE2KJ0"}, - {"foo.us-west-2.elb.amazonaws.com", "Z1H1FL5HABSF5"}, - {"foo.ca-central-1.elb.amazonaws.com", "ZQSVJUPU6J1EY"}, - {"foo.ap-east-1.elb.amazonaws.com", "Z3DQVH9N71FHZ0"}, - {"foo.ap-south-1.elb.amazonaws.com", "ZP97RAFLXTNZK"}, - {"foo.ap-northeast-2.elb.amazonaws.com", "ZWKZPGTI48KDX"}, - {"foo.ap-northeast-3.elb.amazonaws.com", "Z5LXEXXYW11ES"}, - {"foo.ap-southeast-1.elb.amazonaws.com", "Z1LMS91P8CMLE5"}, - {"foo.ap-southeast-2.elb.amazonaws.com", "Z1GM3OXH4ZPM65"}, - {"foo.ap-southeast-3.elb.amazonaws.com", "Z08888821HLRG5A9ZRTER"}, - {"foo.ap-northeast-1.elb.amazonaws.com", "Z14GRHDCWA56QT"}, - {"foo.eu-central-1.elb.amazonaws.com", "Z215JYRZR1TBD5"}, - {"foo.eu-west-1.elb.amazonaws.com", "Z32O12XQLNTSW2"}, - {"foo.eu-west-2.elb.amazonaws.com", "ZHURV8PSTC4K8"}, - {"foo.eu-west-3.elb.amazonaws.com", "Z3Q77PNBQS71R4"}, - {"foo.eu-south-1.elb.amazonaws.com", "Z3ULH7SSC9OV64"}, - {"foo.sa-east-1.elb.amazonaws.com", "Z2P70J7HTTTPLU"}, - {"foo.cn-north-1.elb.amazonaws.com.cn", "Z1GDH35T77C1KE"}, - {"foo.cn-northwest-1.elb.amazonaws.com.cn", "ZM7IZAIOVVDZF"}, - {"foo.af-south-1.elb.amazonaws.com", "Z268VQBMOI5EKX"}, - // Network Load Balancers - {"foo.elb.us-east-2.amazonaws.com", "ZLMOA37VPKANP"}, - {"foo.elb.us-east-1.amazonaws.com", "Z26RNL4JYFTOTI"}, - {"foo.elb.us-west-1.amazonaws.com", "Z24FKFUX50B4VW"}, - {"foo.elb.us-west-2.amazonaws.com", "Z18D5FSROUN65G"}, - {"foo.elb.ca-central-1.amazonaws.com", "Z2EPGBW3API2WT"}, - {"foo.elb.ap-east-1.amazonaws.com", "Z12Y7K3UBGUAD1"}, - {"foo.elb.ap-south-1.amazonaws.com", "ZVDDRBQ08TROA"}, - {"foo.elb.ap-northeast-3.amazonaws.com", "Z1GWIQ4HH19I5X"}, - {"foo.elb.ap-northeast-2.amazonaws.com", "ZIBE1TIR4HY56"}, - {"foo.elb.ap-southeast-1.amazonaws.com", "ZKVM4W9LS7TM"}, - {"foo.elb.ap-southeast-2.amazonaws.com", "ZCT6FZBF4DROD"}, - {"foo.elb.ap-southeast-3.amazonaws.com", "Z01971771FYVNCOVWJU1G"}, - {"foo.elb.ap-northeast-1.amazonaws.com", "Z31USIVHYNEOWT"}, - {"foo.elb.eu-central-1.amazonaws.com", "Z3F0SRJ5LGBH90"}, - {"foo.elb.eu-west-1.amazonaws.com", "Z2IFOLAFXWLO4F"}, - {"foo.elb.eu-west-2.amazonaws.com", "ZD4D7Y8KGAS4G"}, - {"foo.elb.eu-west-3.amazonaws.com", "Z1CMS0P5QUZ6D5"}, - {"foo.elb.eu-south-1.amazonaws.com", "Z23146JA1KNAFP"}, - {"foo.elb.sa-east-1.amazonaws.com", "ZTK26PT1VY4CU"}, - {"foo.elb.cn-north-1.amazonaws.com.cn", "Z3QFB96KMJ7ED6"}, - {"foo.elb.cn-northwest-1.amazonaws.com.cn", "ZQEIKTCZ8352D"}, - {"foo.elb.af-south-1.amazonaws.com", "Z203XCE67M25HM"}, - // No Load Balancer - {"foo.example.org", ""}, - } { - zone := canonicalHostedZone(tc.hostname) - assert.Equal(t, tc.expected, zone) + for suffix, id := range canonicalHostedZones { + zone := canonicalHostedZone(fmt.Sprintf("foo.%s", suffix)) + assert.Equal(t, id, zone) } + + zone := canonicalHostedZone("foo.example.org") + assert.Equal(t, "", zone, "no canonical zone should be returned for a non-aws hostname") } func TestAWSSuitableZones(t *testing.T) {