* feat(metrics): add source wrapper metrics for invalid and deduplicated endpoints
Add GaugeVecMetric.Reset() to clear stale label combinations between cycles.
Introduce invalidEndpoints and deduplicatedEndpoints gauge vectors in the
source wrappers package, partitioned by record_type and source_type. The
dedup source wrapper now tracks rejected (invalid) and de-duplicated
endpoints per collection cycle.
Update the metrics documentation and bump the known metrics count.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(source): add PTR source wrapper for automatic reverse DNS
Implement ptrSource, a source wrapper that generates PTR endpoints from
A/AAAA records. The wrapper supports:
- Global default via WithCreatePTR (maps to --create-ptr flag)
- Per-endpoint override via record-type provider-specific property
- Grouping multiple hostnames sharing an IP into a single PTR endpoint
- Skipping wildcard DNS names
Add WithPTRSupported and WithCreatePTR options to the wrapper Config
and wire the PTR wrapper into the WrapSources chain when PTR is in
managed-record-types.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(config): add --create-ptr flag and deprecate --rfc2136-create-ptr
Add the generic --create-ptr boolean flag to Config, enabling automatic
PTR record creation for any provider. Add IsPTRSupported() helper that
checks whether PTR is included in --managed-record-types.
Add validation: --create-ptr (or legacy --rfc2136-create-ptr) now
requires PTR in --managed-record-types, preventing misconfiguration.
Mark --rfc2136-create-ptr as deprecated in the flag description.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* refactor(rfc2136): remove inline PTR logic in favor of PTR source wrapper
Remove the createPTR field, AddReverseRecord, RemoveReverseRecord, and
GenerateReverseRecord methods from the rfc2136 provider. PTR record
generation is now handled generically by the PTR source wrapper before
records reach the provider.
Update the PTR creation test to supply pre-generated PTR endpoints
(simulating what the source wrapper produces) instead of relying on
the provider to create them internally.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(controller): wire PTR source wrapper into buildSource
Pass the top-level Config to buildSource so it can read IsPTRSupported()
and the CreatePTR / RFC2136CreatePTR flags. When PTR is in
managed-record-types, the PTR source wrapper is installed in the
wrapper chain with the combined create-ptr default.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* chore(pdns): remove stale comment and fix whitespace
Remove an outdated comment about a single-target-per-tuple assumption
that no longer applies.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* docs: add PTR records documentation and update existing guides
Add docs/advanced/ptr-records.md covering the --create-ptr flag,
per-resource annotation overrides, prerequisites, and usage examples.
Update:
- annotations.md: document record-type annotation
- flags.md: add --create-ptr, mark --rfc2136-create-ptr as deprecated
- tutorials/rfc2136.md: point to generic --create-ptr flag
- contributing/source-wrappers.md: add PTR wrapper to the chain
- mkdocs.yml: add PTR Records navigation entry
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(rfc2136)!: remove rfc2136-create-ptr in favor of create-ptr
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---------
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* perf(source/istio): replace API calls with indexed informer cache for gateway and virtualservice sources
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* perf(source/istio): replace API calls with indexed informer cache for gateway and virtualservice sources
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
---------
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* refactor(controller): move provider construction to provider/factory package
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* refactor(controller): move provider construction to provider/factory package
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* refactor(provider): introduce factory package with per-provider New constructors
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* refactor(provider): introduce factory package with per-provider New constructors
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* refactor(provider): introduce factory package with per-provider New constructors
* refactor(provider): introduce factory package with per-provider New constructors
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* refactor(provider): introduce factory package with per-provider New constructors
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
---------
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* feat(annotations): add custom annotation prefix support for split horizon DNS
Add --annotation-prefix flag to allow customizing the annotation prefix
used by external-dns. This enables split horizon DNS scenarios where
multiple instances process different sets of annotations from the same
Kubernetes resources.
Changes:
- Add AnnotationPrefix field to Config with validation
- Convert annotation constants to variables that can be reconfigured
- Add SetAnnotationPrefix() function to rebuild annotation keys
- Integrate annotation prefix setting in controller startup
- Update Helm chart with annotationPrefix value
- Add comprehensive split horizon DNS documentation
- Update FAQ with annotation prefix examples
This maintains full backward compatibility - the default prefix remains
"external-dns.alpha.kubernetes.io/".
Co-Authored-By: Claude <noreply@anthropic.com>
* docs(advanced): fix markdown formatting in split-horizon guide
Add blank lines before code blocks to improve markdown rendering
and comply with markdownlint rules.
Co-Authored-By: Claude <noreply@anthropic.com>
* docs(advanced): fix markdown formatting in split-horizon guide
Co-Authored-By: Claude <noreply@anthropic.com>
* docs(charts): regenerate Helm chart documentation
Co-Authored-By: Claude <noreply@anthropic.com>
* test: add AnnotationPrefix field to test configs
Add missing AnnotationPrefix field to minimalConfig and overriddenConfig
test configurations to match the new default value set in NewConfig().
Co-Authored-By: Claude <noreply@anthropic.com>
* test(charts): update error pattern in json-schema test
Update expected error message pattern to match current Helm validation
output format.
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor(annotations): remove init() for explicit initialization
- Remove init() function from annotations package
- Add explicit SetAnnotationPrefix() call in controller/execute.go
- Remove annotation key aliases from source/source.go
- Replace all alias usages with annotations.* references (348 changes in 28 files)
- Add TestMain to existing test files (service_test.go, cloudflare_test.go)
This change makes annotation initialization explicit and predictable,
avoiding hidden global state initialization at import time.
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: update changelog and mkdocs to include annotationPrefix and split horizon DNS
Signed-off-by: Aleksei Sviridkin <f@lex.la>
* docs(split-horizon): fix linting
Signed-off-by: Aleksei Sviridkin <f@lex.la>
* refactor(annotations): replace hardcoded annotation prefix with constant
Replace all hardcoded "external-dns.alpha.kubernetes.io/" strings
with annotations.DefaultAnnotationPrefix constant to establish
a single source of truth.
Changes:
- Add DefaultAnnotationPrefix constant in source/annotations/annotations.go
- Replace hardcoded string in controller/execute.go with constant reference
- Replace hardcoded strings in pkg/apis/externaldns/types.go (2 occurrences)
- Add helm unit tests for annotationPrefix value
This eliminates string duplication and makes future changes easier.
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Signed-off-by: Aleksei Sviridkin <f@lex.la>
Co-authored-by: Claude <noreply@anthropic.com>
Currently the `--label-filter` flag can only be used to filter CRDs
which match the label selector passed through that flag. This change
extends the functionality to the Ingress, Service and Openshift Route
type objects. When the flag is not specified the default value is
`labels.Everything()` which is an empty string, the same as before.
Annotation based filter is inefficient because the filtering has to be
done in the controller instead of the API server like with label
filtering.
refactor: remove dns api logic and use dns api library
enhancement: add additional args for auth credential retieval
cleanup: simplify, organize processing logic
test: update automation and validate
* Graceful handling of misconfigure password for dyn
If a bad password is given for provider "dyn" then the next
login attempt is at least 30minutes apart. This prevents an
account from being suspended.
Improve validation of flags for dyn provider. Add test for
ValidateConfig() and Config.String()
Also add --dyn-min-ttl option which sets the lower limit
of a record's TTL. Ignored if 0 (the default).
* docs: add graceful handling of misconfiguration to changelog
* Initial commit of Infoblox provider
* address @ideahitme's observations
* fail at addressing @szuecs comments
* fix(infoblox): avoid shadowing err variable
* fix flag descriptions
* default ssl verify to true. thanks @szuecs
* chore(infoblox): bump minium required version
This should ideally be a minor bump but let's do that when we have v0.5
* vendor Azure Go SDK (#210)
* vendor the Azure Go SDK and dependencies
* add initial Azure DNS provider implementation (#210)
* add 'azure' value to 'provider' command line option
* add 'azure-config-file' command line option
* add 'azure-resource-group' command line option
* implement initial Azure DNS provider
note: azure provider is not yet fully implemented (does not query for existing
records).
tests and documentation are forthcoming.
* add a tutorial for the Azure provider (#210)
* add tutorial for using ExternalDNS with Azure DNS
* finish implementation of Azure DNS provider (#210)
* implement the Records method for the Azure DNS provider
* refactor Azure API interface for future tests (#210)
* make Azure provider use an interface for future unit tests
* add unit tests for the Azure provider (#210)
* test retrieving Azure DNS records.
* test updating and deleting Azure DNS records.
* test dry run for the Azure provider (i.e. noop).
* ref(source): use testify with mocks in test code
* fix: re-introduce NewMockSource for convenience
* fix: avoid circular dependency
* ref: increase usage of testify
* chore: vendor testify as a dependency
* fix(*): cleanup testify expectations
* feat(config): change defaults, switch flag processing to kingpin
* chore: vendor kingpin as a dependency
* feat(config): auto-detect cluster config from the environment
* chore: clean up definition of flags
* chore: sanitize flags even further
* chore: update changelog with latest flags changes
* fix(aws): fix messed up test name
* feat(google): add ability to apply changes generated from a plan
* feat(controller): first implementation of controller
* feat: allow to configure in-cluster and kubeconfig
* fix(controller): call RunOnce at the right time and in a loop
* feat(google): add dryRun attribute to Google DNS provider
* fix: use hosted zone id instead of DNS name
* fix(google): stupidly filter by A records for now
* feat: allow specifying the google project and zone
* feat: provide a dry-run flag which defaults to false
* chore: vendor new dependencies
* fix(config): fix failing tests for config object
* ref(controller): return plain value of ApplyChanges
* ref: simplify how to get a valid kubernetes client
Types that we want to work using apimachinery typically go into
pkg/apis/X, and the validation goes into pkg/apis/X/validation. We then
add versions into e.g. pkg/apis/X/v1alpha1, but this feels premature at
the moment.
Changing this later is annoyingly difficult, especially in terms of
validation and dependencies.
We will want the apimachinery, so that we can configure from a
configuration file that is versioned. Hopefully dns-controller won't
end up so complicated that we will require it, but I think there is also
value in following the "standard" patterns for controllers that are
emerging from e.g. ingress.
For a fairly simple example of an API, please consult
https://github.com/kubernetes/kubernetes/tree/master/pkg/apis/certificates
