Merge pull request #3433 from jwenz723/master

Add AWS VPC endpoint canonical hosted zone IDs
2025-08-06 17:46:57 +02:00 · 2023-03-08 12:50:09 -08:00 · 2023-03-08 12:50:09 -08:00 · 38e786203c
commit 38e786203c
parent f4acab18a8 31f06153f6
3 changed files with 48 additions and 55 deletions
--- a/docs/tutorials/aws.md
+++ b/docs/tutorials/aws.md
@ -557,6 +557,10 @@ Annotations which are specific to AWS.
 `external-dns.alpha.kubernetes.io/alias` if set to `true` on an ingress, it will create an ALIAS record when the target is an ALIAS as well. To make the target an alias, the ingress needs to be configured correctly as described in [the docs](./nginx-ingress.md#with-a-separate-tcp-load-balancer). In particular, the argument `--publish-service=default/nginx-ingress-controller` has to be set on the `nginx-ingress-controller` container. If one uses the `nginx-ingress` Helm chart, this flag can be set with the `controller.publishService.enabled` configuration option.
 ### target-hosted-zone
 `external-dns.alpha.kubernetes.io/aws-target-hosted-zone` can optionally be set to the ID of a Route53 hosted zone. This will force external-dns to use the specified hosted zone when creating an ALIAS target.
 ## Verify ExternalDNS works (Service example)
 Create the following sample application to test that ExternalDNS works.
@ -833,6 +837,14 @@ You can configure Route53 to associate DNS records with healthchecks for automat
 Note: ExternalDNS does not support creating healthchecks, and assumes that `<health-check-id>` already exists.
 ## Canonical Hosted Zones
 When creating ALIAS type records in Route53 it is required that external-dns be aware of the canonical hosted zone in which
 the specified hostname is created. External-dns is able to automatically identify the canonical hosted zone for many
 hostnames based upon known hostname suffixes which are defined in [aws.go](../../provider/aws/aws.go). If a hostname
 does not have a known suffix then the suffix can be added into `aws.go` or the [target-hosted-zone annotation](#target-hosted-zone)
 can be used to manually define the ID of the canonical hosted zone.
 ## Govcloud caveats
 Due to the special nature with how Route53 runs in Govcloud, there are a few tweaks in the deployment settings.
--- a/provider/aws/aws.go
+++ b/provider/aws/aws.go
@ -127,6 +127,36 @@ var canonicalHostedZones = map[string]string{
 	"awsglobalaccelerator.com": "Z2BJ6XQ5FK7U4H",
 	// Cloudfront
 	"cloudfront.net": "Z2FDTNDATAQYW2",
 	// VPC Endpoint (PrivateLink)
 	"eu-west-2.vpce.amazonaws.com":      "Z7K1066E3PUKB",
 	"us-east-2.vpce.amazonaws.com":      "ZC8PG0KIFKBRI",
 	"af-south-1.vpce.amazonaws.com":     "Z09302161J80N9A7UTP7U",
 	"ap-east-1.vpce.amazonaws.com":      "Z2LIHJ7PKBEMWN",
 	"ap-northeast-1.vpce.amazonaws.com": "Z2E726K9Y6RL4W",
 	"ap-northeast-2.vpce.amazonaws.com": "Z27UANNT0PRK1T",
 	"ap-northeast-3.vpce.amazonaws.com": "Z376B5OMM2JZL2",
 	"ap-south-1.vpce.amazonaws.com":     "Z2KVTB3ZLFM7JR",
 	"ap-south-2.vpce.amazonaws.com":     "Z0952991RWSF5AHIQDIY",
 	"ap-southeast-1.vpce.amazonaws.com": "Z18LLCSTV4NVNL",
 	"ap-southeast-2.vpce.amazonaws.com": "ZDK2GCRPAFKGO",
 	"ap-southeast-3.vpce.amazonaws.com": "Z03881013RZ9BYYZO8N5W",
 	"ap-southeast-4.vpce.amazonaws.com": "Z07508191CO1RNBX3X3AU",
 	"ca-central-1.vpce.amazonaws.com":   "ZRCXCF510Y6P9",
 	"eu-central-1.vpce.amazonaws.com":   "Z273ZU8SZ5RJPC",
 	"eu-central-2.vpce.amazonaws.com":   "Z045369019J4FUQ4S272E",
 	"eu-north-1.vpce.amazonaws.com":     "Z3OWWK6JFDEDGC",
 	"eu-south-1.vpce.amazonaws.com":     "Z2A5FDNRLY7KZG",
 	"eu-south-2.vpce.amazonaws.com":     "Z014396544HENR57XQCJ",
 	"eu-west-1.vpce.amazonaws.com":      "Z38GZ743OKFT7T",
 	"eu-west-3.vpce.amazonaws.com":      "Z1DWHTMFP0WECP",
 	"me-central-1.vpce.amazonaws.com":   "Z07122992YCEUCB9A9570",
 	"me-south-1.vpce.amazonaws.com":     "Z3B95P3VBGEQGY",
 	"sa-east-1.vpce.amazonaws.com":      "Z2LXUWEVLCVZIB",
 	"us-east-1.vpce.amazonaws.com":      "Z7HUB22UULQXV",
 	"us-gov-east-1.vpce.amazonaws.com":  "Z2MU5TEIGO9WXB",
 	"us-gov-west-1.vpce.amazonaws.com":  "Z12529ZODG2B6H",
 	"us-west-1.vpce.amazonaws.com":      "Z12I86A8N7VCZO",
 	"us-west-2.vpce.amazonaws.com":      "Z1YSA3EXCYUU9Z",
 }
 // Route53API is the subset of the AWS Route53 API that we actually use.  Add methods as required. Signatures must match exactly.
--- a/provider/aws/aws_test.go
+++ b/provider/aws/aws_test.go
@ -1183,62 +1183,13 @@ func TestAWSisAWSAlias(t *testing.T) {
 }
 func TestAWSCanonicalHostedZone(t *testing.T) {
-	for _, tc := range []struct {
+	for suffix, id := range canonicalHostedZones {
-		hostname string
+		zone := canonicalHostedZone(fmt.Sprintf("foo.%s", suffix))
-		expected string
+		assert.Equal(t, id, zone)
 	}{
 		// Application Load Balancers and Classic Load Balancers
 		{"foo.us-east-2.elb.amazonaws.com", "Z3AADJGX6KTTL2"},
 		{"foo.us-east-1.elb.amazonaws.com", "Z35SXDOTRQ7X7K"},
 		{"foo.us-west-1.elb.amazonaws.com", "Z368ELLRRE2KJ0"},
 		{"foo.us-west-2.elb.amazonaws.com", "Z1H1FL5HABSF5"},
 		{"foo.ca-central-1.elb.amazonaws.com", "ZQSVJUPU6J1EY"},
 		{"foo.ap-east-1.elb.amazonaws.com", "Z3DQVH9N71FHZ0"},
 		{"foo.ap-south-1.elb.amazonaws.com", "ZP97RAFLXTNZK"},
 		{"foo.ap-northeast-2.elb.amazonaws.com", "ZWKZPGTI48KDX"},
 		{"foo.ap-northeast-3.elb.amazonaws.com", "Z5LXEXXYW11ES"},
 		{"foo.ap-southeast-1.elb.amazonaws.com", "Z1LMS91P8CMLE5"},
 		{"foo.ap-southeast-2.elb.amazonaws.com", "Z1GM3OXH4ZPM65"},
 		{"foo.ap-southeast-3.elb.amazonaws.com", "Z08888821HLRG5A9ZRTER"},
 		{"foo.ap-northeast-1.elb.amazonaws.com", "Z14GRHDCWA56QT"},
 		{"foo.eu-central-1.elb.amazonaws.com", "Z215JYRZR1TBD5"},
 		{"foo.eu-west-1.elb.amazonaws.com", "Z32O12XQLNTSW2"},
 		{"foo.eu-west-2.elb.amazonaws.com", "ZHURV8PSTC4K8"},
 		{"foo.eu-west-3.elb.amazonaws.com", "Z3Q77PNBQS71R4"},
 		{"foo.eu-south-1.elb.amazonaws.com", "Z3ULH7SSC9OV64"},
 		{"foo.sa-east-1.elb.amazonaws.com", "Z2P70J7HTTTPLU"},
 		{"foo.cn-north-1.elb.amazonaws.com.cn", "Z1GDH35T77C1KE"},
 		{"foo.cn-northwest-1.elb.amazonaws.com.cn", "ZM7IZAIOVVDZF"},
 		{"foo.af-south-1.elb.amazonaws.com", "Z268VQBMOI5EKX"},
 		// Network Load Balancers
 		{"foo.elb.us-east-2.amazonaws.com", "ZLMOA37VPKANP"},
 		{"foo.elb.us-east-1.amazonaws.com", "Z26RNL4JYFTOTI"},
 		{"foo.elb.us-west-1.amazonaws.com", "Z24FKFUX50B4VW"},
 		{"foo.elb.us-west-2.amazonaws.com", "Z18D5FSROUN65G"},
 		{"foo.elb.ca-central-1.amazonaws.com", "Z2EPGBW3API2WT"},
 		{"foo.elb.ap-east-1.amazonaws.com", "Z12Y7K3UBGUAD1"},
 		{"foo.elb.ap-south-1.amazonaws.com", "ZVDDRBQ08TROA"},
 		{"foo.elb.ap-northeast-3.amazonaws.com", "Z1GWIQ4HH19I5X"},
 		{"foo.elb.ap-northeast-2.amazonaws.com", "ZIBE1TIR4HY56"},
 		{"foo.elb.ap-southeast-1.amazonaws.com", "ZKVM4W9LS7TM"},
 		{"foo.elb.ap-southeast-2.amazonaws.com", "ZCT6FZBF4DROD"},
 		{"foo.elb.ap-southeast-3.amazonaws.com", "Z01971771FYVNCOVWJU1G"},
 		{"foo.elb.ap-northeast-1.amazonaws.com", "Z31USIVHYNEOWT"},
 		{"foo.elb.eu-central-1.amazonaws.com", "Z3F0SRJ5LGBH90"},
 		{"foo.elb.eu-west-1.amazonaws.com", "Z2IFOLAFXWLO4F"},
 		{"foo.elb.eu-west-2.amazonaws.com", "ZD4D7Y8KGAS4G"},
 		{"foo.elb.eu-west-3.amazonaws.com", "Z1CMS0P5QUZ6D5"},
 		{"foo.elb.eu-south-1.amazonaws.com", "Z23146JA1KNAFP"},
 		{"foo.elb.sa-east-1.amazonaws.com", "ZTK26PT1VY4CU"},
 		{"foo.elb.cn-north-1.amazonaws.com.cn", "Z3QFB96KMJ7ED6"},
 		{"foo.elb.cn-northwest-1.amazonaws.com.cn", "ZQEIKTCZ8352D"},
 		{"foo.elb.af-south-1.amazonaws.com", "Z203XCE67M25HM"},
 		// No Load Balancer
 		{"foo.example.org", ""},
 	} {
 		zone := canonicalHostedZone(tc.hostname)
 		assert.Equal(t, tc.expected, zone)
 	}
 	zone := canonicalHostedZone("foo.example.org")
 	assert.Equal(t, "", zone, "no canonical zone should be returned for a non-aws hostname")
 }
 func TestAWSSuitableZones(t *testing.T) {