improve test coverage
test the edge case when the custom hostname has changed during the record deletion
don't use custom hostnames if Cloudflare for SaaS fails to authenticate
Use new --cloudflare-custom-hostnames flag to enable cloudflare custom hostnames support
custom hostnames flags --cloudflare-custom-hostnames-min-tls-version and --cloudflare-custom-hostnames-certificate-authority support
markdown lint
Update cloudflare.md
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Fixed go tests, added checks to ensure multiple hosts, and RFC2136LoadBalancingStrategy is set and can be overritten
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Documentation to support Multiple Hosts and Load Balancing features
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
WIP, counter not working correctly
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Make pointers to the rfc2136 provider, fixed counter issue, log out last error.
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Fix error with failover not working correctly
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Repoint makefile us.gcr.io/k8s-artifacts-prod/external-dns
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Repoint makefile us.gcr.io/k8s-artifacts-prod/external-dns
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Fix changes that arent related directly to this PR
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Changed comment message details for counter
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
* feat: add option to use only new format TXT records
* add flag and docs
* refine documentation on how to use the flag
* add section regarding manual migration
* update documentation to be same as in types.go
* fix compile issue
* add tests for new flag
* update flags documentation correctly
* add new option to helm chart
* run helm-docs
* remove unessery newline
* add entry to unreleased chart items
* Revert "run helm-docs"
This reverts commit a1d64bd3e8.
* Revert "add new option to helm chart"
This reverts commit 299d087917.
* Revert "add entry to unreleased chart items"
This reverts commit 0bcd0e3612.
* fix test cases that have changed
Add two new options:
- --ignore-non-host-network-pods
- --pod-source-domain
Combined toghether, they can be used to register the IPs
of all pods with their associated PTR record.
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
**Description**
In the current implementation, DNS providers are called to list all
records on every loop. This is expensive in terms of number of requests
to the provider and may result in being rate limited, as reported in 1293
and 3397.
In our case, we have approximately 20,000 records in our AWS Hosted Zone.
The ListResourceRecordSets API call allows a maximum of 300 items per call.
That requires 67 API calls per external-dns deployment during every sync period
With this, we introduce an optional generic caching mechanism at the provider
level, that re-uses the latest known list of records for a given time.
This prevents from expensive Provider calls to list all records for each
object modification that does not change the actual record (annotations,
statuses, ingress routing, ...)
This introduces 2 trade-offs:
1. Any changes or corruption directly on the provider side will be
longer to detect and to resolve, up to the cache time
2. Any conflicting records in the DNS provider (such as a different
external-dns instance) injected during the cache validity will cause
the first iteration of the next reconcile loop to fail, and hence add a
delay until the next retry
**Checklist**
- [X] Unit tests updated
- [X] End user documentation updated
Change-Id: I0bdcfa994ac1b76acedb05d458a97c080284c5aa
* Reuse the existing TLS options.
* Add two new flags, one to enable DNS-over-TLS, and the second to
disable cert checks for DNS-over-TLS.
* Factor out the connection code so that it can be shared between the
zone transfer and the updates. If TLS was requested, it will be used
for both.
* RFC9013 requires TLS 1.3 or later, and an ALPN negotiation of "dot".