Fix typos across codebase (#6385)

Fix spelling errors found via codespell in code comments, variable
names, log messages, and documentation files.

Makefile

@@ -203,7 +203,7 @@ helm-lint:
 	scripts/helm-tools.sh --docs
 
 .PHONY: go-dependency
-#? go-dependency: Dependency maintanance
+#? go-dependency: Dependency maintenance
 go-dependency:
 	go mod tidy
 

docs/advanced/fqdn-templating.md

@@ -498,7 +498,7 @@ args:
   - --fqdn-template="{{range .Status.Addresses}}{{if and (eq .Type \"ExternalIP\") (isIPv4 .Address)}}{{.Address | replace \".\" \"-\"}}{{break}}{{end}}{{end}}.example.com"
 ```
 
-This is a complex template that iternates through a list of a Node's Addresses and creates a FQDN with public IPv4 addresses.
+This is a complex template that iterates through a list of a Node's Addresses and creates a FQDN with public IPv4 addresses.
 
 ### Using `hasKey` for Safe Label and Annotation Access
 

docs/advanced/nat64.md

@@ -4,7 +4,7 @@ Some NAT64 configurations are entirely handled outside the Kubernetes cluster, t
 Therefore, we can configure `nat64-networks`, which **must** be a /96 network. You can also specify multiple `nat64-networks` for more complex setups.
 This creates an additional A record with a NAT64-translated IPv4 address for each AAAA record pointing to an IPv6 address within the given `nat64-networks`.
 
-This can be configured with the following flag passed to the operator binary. You can also pass multiple `nat64-networks` by using a comma as seperator.
+This can be configured with the following flag passed to the operator binary. You can also pass multiple `nat64-networks` by using a comma as separator.
 
 ```sh
 --nat64-networks="2001:db8:96::/96"
@@ -12,9 +12,9 @@ This can be configured with the following flag passed to the operator binary. Yo
 
 ## Setup Example
 
-We use an external NAT64 resolver and SIIT (Stateless IP/ICMP Translation). Therefore, our nodes only have IPv6 IP adresses but can reach IPv4 addresses *and* can be reached via IPv4.
+We use an external NAT64 resolver and SIIT (Stateless IP/ICMP Translation). Therefore, our nodes only have IPv6 IP addresses but can reach IPv4 addresses *and* can be reached via IPv4.
 Outgoing connections are a classic NAT64 setup, where all IPv6 addresses gets translated to a small pool of IPv4 addresses.
-Incoming connnections are mapped on a different IPv4 pool, e.g. `198.51.100.0/24`, which can get translated one-to-one to IPv6 addresses.
+Incoming connections are mapped on a different IPv4 pool, e.g. `198.51.100.0/24`, which can get translated one-to-one to IPv6 addresses.
 We dedicate a `/96` network for this, for example `2001:db8:96::/96`, so `198.51.100.0/24` can translated to `2001:db8:96::c633:6400/120`. Note: `/120` IPv6 network has exactly as many IP addresses as `/24` IPv4 network.
 
 Therefore, the `/96` network can be configured as `nat64-networks`. This means, that `2001:0DB8:96::198.51.100.10` or `2001:db8:96::c633:640a` can be translated to `198.51.100.10`.

docs/advanced/rate-limits.md

@@ -3,7 +3,7 @@
 ## Introduction
 
 By design, external-dns refreshes all the records of a zone using API calls.
-This refresh may happen peridically and upon any changed object if the flag `--events` is enabled.
+This refresh may happen periodically and upon any changed object if the flag `--events` is enabled.
 
 Depending on the size of the zone and the infrastructure deployment, this may lead to external-dns
 hitting the DNS provider's rate-limits more easily.

docs/contributing/dev-guide.md

@@ -84,7 +84,7 @@ In the context of the `external-dns`, acceptance tests are tests of interactions
 
 ### Log Unit Testing
 
-Testing log messages within codebase provides significant advantages, especially when it comes to debugging, monitoring, and gaining a deeper understanding of system behavior. Log library [build-in testing functionality](https://github.com/sirupsen/logrus?tab=readme-ov-file#testing)
+Testing log messages within codebase provides significant advantages, especially when it comes to debugging, monitoring, and gaining a deeper understanding of system behavior. Log library [built-in testing functionality](https://github.com/sirupsen/logrus?tab=readme-ov-file#testing)
 
 This practice enables:
 

docs/deprecation.md

@@ -53,7 +53,7 @@ Any maintainer may propose deprecating a feature, component, or behavior (both i
 
 The proposal must clearly outline the rationale for deprecation, the impact on users, and any alternatives, if such.
 
-The proposal must be formalized by submiting a `design` document as a Pull Request.
+The proposal must be formalized by submitting a `design` document as a Pull Request.
 
 ### Showcase to Maintainers
 

docs/sources/gloo-proxy.md

@@ -35,7 +35,7 @@ spec:
 
 ## Manifest (for clusters with RBAC enabled)
 
-Could be change if you have mulitple sources
+Could be change if you have multiple sources
 
 ```yaml
 apiVersion: v1

docs/sources/kong.md

@@ -34,7 +34,7 @@ spec:
 
 ## Manifest (for clusters with RBAC enabled)
 
-Could be changed if you have mulitple sources
+Could be changed if you have multiple sources
 
 ```yaml
 apiVersion: v1

docs/tutorials/aws-localstack.md

@@ -20,7 +20,7 @@ Before you start, ensure you have:
   - In this tutorial we are going to use [kind](https://kind.sigs.k8s.io/)
 - [`kubectl`](https://kubernetes.io/docs/tasks/tools/) and [`helm`](https://helm.sh/)
 - `external-dns` source code or [helm chart](https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns)
-- `Localstack` how to [documenation](https://docs.localstack.cloud/)
+- `Localstack` how to [documentation](https://docs.localstack.cloud/)
 - Optional
   - `AWS` [cli](https://aws.amazon.com/cli/)
   - `Localstack` [cli](https://docs.localstack.cloud/aws/getting-started/installation/)

docs/tutorials/aws.md

@@ -84,7 +84,7 @@ Explicitly providing a list of selected zones instead of `*` you can scope the d
 Additional resources:
 
 - AWS IAM actions [documentation](https://www.awsiamactions.io/?o=route53%3A)
-- AWS IAM [fine grained controll](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-conditions-route53.html#route53_rrsetConditionKeys)
+- AWS IAM [fine grained control](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-conditions-route53.html#route53_rrsetConditionKeys)
 - [Actions and condition keys for Amazon Route 53](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html)
 
 ## Create Role with AWS CLI
@@ -309,7 +309,7 @@ This is the preferred method as it implements [PoLP](https://csrc.nist.gov/gloss
 This method requires deploying with RBAC.  See [When using clusters with RBAC enabled](#when-using-clusters-with-rbac-enabled) when ready to deploy ExternalDNS.
 
 > [!NOTE]
-> Similar methods to IRSA on AWS are [kiam](https://github.com/uswitch/kiam), which is in maintenence mode, and has [instructions](https://github.com/uswitch/kiam/blob/HEAD/docs/IAM.md) for creating an IAM role, and also [kube2iam](https://github.com/jtblin/kube2iam).
+> Similar methods to IRSA on AWS are [kiam](https://github.com/uswitch/kiam), which is in maintenance mode, and has [instructions](https://github.com/uswitch/kiam/blob/HEAD/docs/IAM.md) for creating an IAM role, and also [kube2iam](https://github.com/jtblin/kube2iam).
 > IRSA is the officially supported method for EKS clusters, and so for non-EKS clusters on AWS, these other tools could be an option.
 
 #### Verify OIDC is supported
@@ -568,7 +568,7 @@ If using your own domain that was registered with a third-party domain registrar
 Connect your `kubectl` client to the cluster you want to test ExternalDNS with.
 Then apply one of the following manifests file to deploy ExternalDNS. You can check if your cluster has RBAC by `kubectl api-versions | grep rbac.authorization.k8s.io`.
 
-For clusters with RBAC enabled, be sure to choose the correct `namespace`.  For this tutorial, the enviornment variable `EXTERNALDNS_NS` will refer to the namespace.  You can set this to a value of your choice:
+For clusters with RBAC enabled, be sure to choose the correct `namespace`.  For this tutorial, the environment variable `EXTERNALDNS_NS` will refer to the namespace.  You can set this to a value of your choice:
 
 ```bash
 export EXTERNALDNS_NS="default" # externaldns, kube-addons, etc
@@ -915,7 +915,7 @@ With the previous `deployment` and `service` objects deployed, we can add an `in
 
 > For ingress objects ExternalDNS will create a DNS record based on the host specified for the ingress object.
 
-For this tutorial, we have two endpoints, the service with `LoadBalancer` type and an ingress.  For practical purposes, if an ingress is used, the service type can be changed to `ClusterIP` as two endpoints are unecessary in this scenario.
+For this tutorial, we have two endpoints, the service with `LoadBalancer` type and an ingress.  For practical purposes, if an ingress is used, the service type can be changed to `ClusterIP` as two endpoints are unnecessary in this scenario.
 
 > [!IMPORTANT]
 > This requires that an ingress controller has been installed in your Kubernetes cluster.

docs/tutorials/azure.md

@@ -57,7 +57,7 @@ The following fields are used:
 * `aadClientID` is associated with the Service Principal. This is used with Service Principal or Workload Identity methods documented in the next section.
 * `aadClientSecret` is associated with the Service Principal. This is only used with Service Principal method documented in the next section.
 * `useManagedIdentityExtension` - this is set to `true` if you use either AKS Kubelet Identity or AAD Pod Identities methods documented in the next section.
-* `userAssignedIdentityID` - this contains the client id from the Managed identity when using the AAD Pod Identities method documented in the next setion.
+* `userAssignedIdentityID` - this contains the client id from the Managed identity when using the AAD Pod Identities method documented in the next section.
 * `activeDirectoryAuthorityHost` - this contains the URI to override the default Azure Active Directory authority endpoint.
   This is useful for Azure Stack Cloud deployments or custom environments.
 * `useWorkloadIdentityExtension` - this is set to `true` if you use Workload Identity method documented in the next section.
@@ -141,7 +141,7 @@ The [managed identity](https://docs.microsoft.com/azure/active-directory/managed
 Managed identities are essentially a service principal whose lifecycle is managed, such as deleting the AKS cluster will also delete the service principals associated with the AKS cluster.
 The managed identity assigned Kubernetes node pool, or specifically the [VMSS](https://docs.microsoft.com/azure/virtual-machine-scale-sets/overview), is called the Kubelet identity.
 
-The managed identites were previously called MSI (Managed Service Identity) and are enabled by default when creating an AKS cluster.
+The managed identities were previously called MSI (Managed Service Identity) and are enabled by default when creating an AKS cluster.
 
 Note that permissions granted to this identity will be accessible to all containers running inside the Kubernetes cluster, not just the ExternalDNS container(s).
 
@@ -496,7 +496,7 @@ NOTE: make sure the pod is restarted whenever you make a configuration change.
 ## Throttling
 
 When the ExternalDNS managed zones list doesn't change frequently, one can set `--azure-zones-cache-duration` (zones list cache time-to-live). The zones list cache is disabled by default, with a value of 0s.
-Also, one can leverage the built-in retry policies of the Azure SDK with a tunable maxRetries value. Environment variable AZURE_SDK_MAX_RETRIES can be specified in the manifest yaml to configure behavior. The defualt value of Azure SDK retry is 3.
+Also, one can leverage the built-in retry policies of the Azure SDK with a tunable maxRetries value. Environment variable AZURE_SDK_MAX_RETRIES can be specified in the manifest yaml to configure behavior. The default value of Azure SDK retry is 3.
 
 ## Ingress used with ExternalDNS
 

docs/tutorials/gke.md

@@ -1,6 +1,6 @@
 # GKE with default controller
 
-This tutorial describes how to setup ExternalDNS for usage within a [GKE](https://cloud.google.com/kubernetes-engine) ([Google Kuberentes Engine](https://cloud.google.com/kubernetes-engine)) cluster. Make sure to use **>=0.11.0** version of ExternalDNS for this tutorial
+This tutorial describes how to setup ExternalDNS for usage within a [GKE](https://cloud.google.com/kubernetes-engine) ([Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine)) cluster. Make sure to use **>=0.11.0** version of ExternalDNS for this tutorial
 
 ## Single project test scenario using access scopes
 
@@ -43,7 +43,7 @@ gcloud container clusters create $GKE_CLUSTER_NAME \
 ```
 
 > [!WARNING]
-> Note that this cluster will use the default [compute engine GSA](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) that contians the overly permissive project editor (`roles/editor`) role.
+> Note that this cluster will use the default [compute engine GSA](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) that contains the overly permissive project editor (`roles/editor`) role.
 > So essentially, anything on the cluster could potentially grant escalated privileges.
 > Also, as mentioned earlier, the access scope `ndev.clouddns.readwrite` will allow anything running on the cluster to have read/write permissions on all Cloud DNS zones within the same project.
 

docs/tutorials/pdns.md

@@ -63,7 +63,7 @@ eg. ```--domain-filter=example.org``` will allow for zone `example.org` and any
 
 eg. ```--domain-filter=.example.org``` will allow *only* zones that end in `.example.org`, ie. the subdomains of example.org but not the `example.org` zone itself.
 
-The filter can also match parent zones. For example `--domain-filter=a.example.com` will allow for zone `example.com`. If you want to match parent zones, you cannot pre-pend your filter with a ".", eg. `--domain-filter=.example.com` will not attempt to match parent zones.
+The filter can also match parent zones. For example `--domain-filter=a.example.com` will allow for zone `example.com`. If you want to match parent zones, you cannot prepend your filter with a ".", eg. `--domain-filter=.example.com` will not attempt to match parent zones.
 
 ### Regex Domain Filter (`--regex-domain-filter`)
 

internal/idna/idna.go

@@ -32,7 +32,7 @@ var (
 )
 
 // NormalizeDNSName converts a DNS name to a canonical form, so that we can use string equality
-// it: removes space, get ASCII version of dnsName complient with Section 5 of RFC 5891, ensures there is a trailing dot
+// it: removes space, get ASCII version of dnsName compliant with Section 5 of RFC 5891, ensures there is a trailing dot
 func NormalizeDNSName(dnsName string) string {
 	s, err := Profile.ToASCII(strings.TrimSpace(dnsName))
 	if err != nil {

plan/plan_test.go

@@ -617,7 +617,7 @@ func (suite *PlanTestSuite) TestExistingDualStackWithCNameDesired() {
 
 // TestExistingOwnerNotMatchingDualStackDesired validates that if there is an existing
 // record for a domain but there is no ownership claim over it and there are desired
-// records no changes are planed. Only domains that have explicit ownership claims should
+// records no changes are planned. Only domains that have explicit ownership claims should
 // be updated.
 func (suite *PlanTestSuite) TestExistingOwnerNotMatchingDualStackDesired() {
 	suite.fooA5.Labels = nil
@@ -673,7 +673,7 @@ func (suite *PlanTestSuite) TestConflictingCurrentNonConflictingDesired() {
 
 // TestConflictingCurrentNoDesired is a bit of a corner case as it would indicate
 // that the provider is not following valid DNS rules or there may be some
-// caching issues. In this case there are no desired enpoint candidates so plan
+// caching issues. In this case there are no desired endpoint candidates so plan
 // on deleting the records.
 func (suite *PlanTestSuite) TestConflictingCurrentNoDesired() {
 	suite.fooA5.Labels[endpoint.OwnerLabelKey] = suite.fooV1Cname.Labels[endpoint.OwnerLabelKey]

provider/cloudflare/cloudflare.go

@@ -288,8 +288,8 @@ func newProvider(
 
 	token := os.Getenv(cfAPITokenEnvKey)
 	if token != "" {
-		if trimed, ok := strings.CutPrefix(token, "file:"); ok {
-			tokenBytes, err := os.ReadFile(trimed)
+		if trimmed, ok := strings.CutPrefix(token, "file:"); ok {
+			tokenBytes, err := os.ReadFile(trimmed)
 			if err != nil {
 				return nil, fmt.Errorf("failed to read %s from file: %w", cfAPITokenEnvKey, err)
 			}

provider/godaddy/client.go

@@ -77,7 +77,7 @@ type Client struct {
 	// API endpoint
 	APIEndPoint string
 
-	// Client is the underlying HTTP client used to run the requests. It may be overloaded but a default one is instanciated in ``NewClient`` by default.
+	// Client is the underlying HTTP client used to run the requests. It may be overloaded but a default one is instantiated in ``NewClient`` by default.
 	Client *http.Client
 
 	// GoDaddy limits to 60 requests per minute
@@ -301,7 +301,7 @@ func (c *Client) CallAPI(method, path string, reqBody, resType any) error {
 // - full serialized request body
 // - server current time (takes time delta into account)
 //
-// # Context is used by http.Client to handle context cancelation
+// # Context is used by http.Client to handle context cancellation
 //
 // Call will automatically assemble the target url from the endpoint
 // configured in the client instance and the path argument. If the reqBody

provider/oci/oci.go

@@ -374,7 +374,7 @@ func (p *OCIProvider) AdjustEndpoints(endpoints []*endpoint.Endpoint) ([]*endpoi
 	for _, e := range endpoints {
 		// OCI DNS does not support the set-identifier attribute, so we remove it to avoid plan failure
 		if e.SetIdentifier != "" {
-			log.Warnf("Adjusting endpont: %v. Ignoring unsupported annotation 'set-identifier': %s", *e, e.SetIdentifier)
+			log.Warnf("Adjusting endpoint: %v. Ignoring unsupported annotation 'set-identifier': %s", *e, e.SetIdentifier)
 			e.SetIdentifier = ""
 		}
 		adjustedEndpoints = append(adjustedEndpoints, e)

provider/ovh/ovh.go

@@ -67,8 +67,8 @@ type OVHProvider struct {
 	DryRun bool
 
 	// EnableCNAMERelativeTarget controls if CNAME target should be sent with relative format.
-	// Previous implementations of the OVHProvider always added a final dot as for absolut format.
-	// Default value is false, all CNAME are transformed into absolut format.
+	// Previous implementations of the OVHProvider always added a final dot as for absolute format.
+	// Default value is false, all CNAME are transformed into absolute format.
 	// Setting this to true will allow relative format to be sent to DNS zone.
 	EnableCNAMERelativeTarget bool
 

provider/scaleway/scaleway.go

@@ -109,7 +109,7 @@ func newProvider(domainFilter *endpoint.DomainFilter, dryRun bool) (*ScalewayPro
 	}, nil
 }
 
-// AdjustEndpoints is used to normalize the endoints
+// AdjustEndpoints is used to normalize the endpoints
 func (p *ScalewayProvider) AdjustEndpoints(endpoints []*endpoint.Endpoint) ([]*endpoint.Endpoint, error) {
 	eps := make([]*endpoint.Endpoint, len(endpoints))
 	for i := range endpoints {