The extensions/v1beta1 API is deprecated for Deployment and with 1.16 is
not served by default anymore. This breaks the examples on k8s 1.16.
See this blog post for details on the deprecations:
https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
Amazon EKS supports IAM Roles for Service Accounts. It mounts tokens
files to `/var/run/secrets/eks.amazonaws.com/serviceaccount/token`.
Unfortunately, external-dns runs as 'nobody' so it cannot access this
file. External DNS is then unable to make any AWS API calls to work:
```
time="2019-09-11T07:31:53Z" level=error msg="WebIdentityErr: unable to read file at /var/run/secrets/eks.amazonaws.com/serviceaccount/token\ncaused by: open /var/run/secrets/eks.amazonaws.com/serviceaccount/token: permission denied"
```
See: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
Below are the file permissions mounted on External DNS pod:
```
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/
total 0
drwxrwxrwt 3 root root 100 Sep 11 06:40 .
drwxr-xr-x 3 root root 28 Sep 11 06:40 ..
drwxr-xr-x 2 root root 60 Sep 11 06:40 ..2019_09_11_06_40_49.865776187
lrwxrwxrwx 1 root root 31 Sep 11 06:40 ..data -> ..2019_09_11_06_40_49.865776187
lrwxrwxrwx 1 root root 12 Sep 11 06:40 token -> ..data/token
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
-rw------- 1 root root 1028 Sep 11 06:40 /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
```
This commit fixes this problem by specifying securityContext to make
mounted volumes with 65534 (nobody) group ownership.
Tutorial specifies version >0.4 which also removed the requirement for a trailing period. New users could misunderstand the trailing dot as a significant syntax. Removing the dot simplifies the configuration of the annotation.
* add Istio Gateway Source
* add documentation for Istio Gateway Source
* make both istio namespace and ingress gateway service configurable
* prefix gateway types, constructors, and flags with 'istio-'
* fix: add missing sources to source flag docs
Introducing support for NodePort services might break cluster which
using RBAC
* allow external-dns to list nodes
Signed-off-by: Nick Jüttner <nick@zalando.de>
* update RBAC rules in docs
* update docs with split between rbac and non
* make deployment use new sa
* docs: correctly reference service account in CRB
* docs: correctly reference service account in CRB in other docs
* add "dyn" provider
* add several --dyn-* args to configure Dyn login
* add github.com/nesv/go-dynect/dynect@0.6.0 to Gopkg and vender/ (the client
of choice by Terraform)
* make externdns.Version public so it can be stored when committing
zone changes
* add tutorial for Ingress resources and update root README.md file
Dyn REST API is documented here: https://help.dyn.com/dns-api-knowledge-base/
Example usage:
external-dns \
--provider=dyn \
--dyn-customer-name=acme \
--dyn-username=acme-api \
--dyn-password=t0pS3cr3t \
--domain-filter=portal.acme.com \
--zone-id-filter=acme.com \
--namespace=my-test-ns \
--log-level=debug \
--txt-prefix=_
* [aws-doc-update] docker image version and new arg aws-zone-type
* changes after review
* remove annotation for ingress
* docs: modify docs according to suggestions
* How to use Azure DNS from non-Azure cluster
If the cluster is not Azure Container Service (or acs-engine) the configuration file for Azure DNS needs to be created manually.
* Azure.md, give explicit name to Service Principal
* Initial commit of Infoblox provider
* address @ideahitme's observations
* fail at addressing @szuecs comments
* fix(infoblox): avoid shadowing err variable
* fix flag descriptions
* default ssl verify to true. thanks @szuecs
* chore(infoblox): bump minium required version
This should ideally be a minor bump but let's do that when we have v0.5
* Add RecordTTL
* Route53: test for custom TTL
* Fix tests
* Fix remaining tests
* Add ttl when endpoint is created from ingress
* Missed a word
* Fix bad refactoring
* Add ingress custom TTL test
* gofmt
* Satisfy go-lint
* Unshadow `endpoint` in azure provider
* Fix and add an output test
* Add TTL for endpoints generated from service templates
* Take TTL into account when generating update plan
* Tests for TTL change impact on the plan
* Refactor factory method name
* Refactoring
* Run gofmt
* Make endpoint string format look like BIND config
* Update plan and plan_test
* Replace NewEndpointWithTTLValue with NewEndpointWithTTL in aws
* Remove NewEndpointWithTTLValue func
* Update references to TTL
* Remove getTTLValue func
* Handle merge conflict
* Update tests
* Update README, CHANGELOG and documentation
* Run gofmt
* Move getTTLFromAnnotations to a common file
* Refactor getTTLFromAnnotations
* Gofmt
* Add tests for getTTLFromAnnotations
* Trigger build
* Add boilerplate header
* Update README/CHANGELOG according to code review
* Add ttl.md and link it from README
* change CNAME string to endpoint.RecordTypeCNAME
* fix test cases with AWS ALIAS records, these do not behave different in these tests
* docs(tutorials): add tutorial for digital ocean
* docs(tutorials): fix version used in cloudflare tutorial
* chore: update the changelog with the latest and greatest, thanks to all who contributed
* Support for multiple domains within --domain-filter
The parameter accepts a comma separated list of domains with or without trailing dot. Example: --domain-filter="example.org, company.test.,staging.com". Closes#247 and #229
* Add boilerplate header
* Add documentation for methods and structs
* use StringsVar for the domain-filter flag
* go fmt
* Remove camel case from tests
* Revert changes in README.md
* Move DomainFilter to provider package
* Make a new slice and copy elements to it
* Update CHANGELOG.md
* docs: change minor spelling mistake
* vendor Azure Go SDK (#210)
* vendor the Azure Go SDK and dependencies
* add initial Azure DNS provider implementation (#210)
* add 'azure' value to 'provider' command line option
* add 'azure-config-file' command line option
* add 'azure-resource-group' command line option
* implement initial Azure DNS provider
note: azure provider is not yet fully implemented (does not query for existing
records).
tests and documentation are forthcoming.
* add a tutorial for the Azure provider (#210)
* add tutorial for using ExternalDNS with Azure DNS
* finish implementation of Azure DNS provider (#210)
* implement the Records method for the Azure DNS provider
* refactor Azure API interface for future tests (#210)
* make Azure provider use an interface for future unit tests
* add unit tests for the Azure provider (#210)
* test retrieving Azure DNS records.
* test updating and deleting Azure DNS records.
* test dry run for the Azure provider (i.e. noop).
* adjust docs before the v0.3.0 release
* minor fixes
* docs: add missing dot
* docs: add missing dot
* docs: drop line
* docs: drop another line
* adjust documentation
* update main readme
* checkbox for releases, add --txt-owner-id flag in description
* docs: minor weird character fixes [ci skip]
* feat(aws): support hostnames as endpoint targets
* docs: describe how to run ExternalDNS on AWS
* docs: update changelog with CNAME feature
* docs: update changelog to include AWS documentation
* fix(aws): test that updating records removes the old value
* feat(google): add CNAME support to Google provider
* fix(source): sanitize source and target hostnames
* docs: update changelog to include latest changes
* docs(aws): mention that ExternalDNS takes full ownership of a hosted zone
* fix(aws): switch route53 tests to use endpoint pointers
* docs: add TODO to remove record filtering once ownership is in place
* docs: elaborate the docs, add a faq section
* docs: fix a messed up command
* docs: update docs to reference v0.1 release
* docs(faq): fix stray whitespace
* docs: restructure docs for a leaner README
* docs: move first run section back to main readme
* docs: fix references to packages
* docs: fix reference to gke tutorial
* docs: fix missing source flag in examples
* docs: fix missing provider flag in examples
* docs: mention ingress support in main readme
