* fix(plan): always use managed records
* robust random port in test
* use defaultconfig for managed-record-types
* be explicit about static variable
* fix wait
* re-order flags related to sources + dynamic managedrecordtype help
* fix flag doc
* feat(source/node): Make exclusion of unschedulable Nodes configurable
This fixes a behavioral regression introduced in #4761, where
nodes that were previously added to DNS are removed when they are considered
unschedulable, for example due to automated maintenance tasks.
This change will introduce a new flag called `exclude-unschedulable`, which
defaults to `true` in order to keep in line with the current behavior.
However, it would also be reasonable to restore the initial behavior before
* Allow testing for expected log entries in testNodeSourceEndpoints
This commit adds the required logic to be able to test for
the existence (and absence) of certain log messages
in testNodeSourceEndpoints. As an example, this is implemented
for the tests around excludeUnschedulable.
A side effect of using LogsToBuffer is that tests can't run in
parallel due to the log buffer being shared across all
parallel test cases. As such, these specific tests are now executed
one after another.
* Ensure logging is only hooked for tests that require it
* Document new exclude-unschedulable flag for nodes source
improve test coverage
test the edge case when the custom hostname has changed during the record deletion
don't use custom hostnames if Cloudflare for SaaS fails to authenticate
Use new --cloudflare-custom-hostnames flag to enable cloudflare custom hostnames support
custom hostnames flags --cloudflare-custom-hostnames-min-tls-version and --cloudflare-custom-hostnames-certificate-authority support
markdown lint
Update cloudflare.md
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Fixed go tests, added checks to ensure multiple hosts, and RFC2136LoadBalancingStrategy is set and can be overritten
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Documentation to support Multiple Hosts and Load Balancing features
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
WIP, counter not working correctly
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Make pointers to the rfc2136 provider, fixed counter issue, log out last error.
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Fix error with failover not working correctly
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Repoint makefile us.gcr.io/k8s-artifacts-prod/external-dns
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Repoint makefile us.gcr.io/k8s-artifacts-prod/external-dns
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Fix changes that arent related directly to this PR
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
Changed comment message details for counter
Signed-off-by: Jeremy-Boyle <9406398+Jeremy-Boyle@users.noreply.github.com>
* feat: add option to use only new format TXT records
* add flag and docs
* refine documentation on how to use the flag
* add section regarding manual migration
* update documentation to be same as in types.go
* fix compile issue
* add tests for new flag
* update flags documentation correctly
* add new option to helm chart
* run helm-docs
* remove unessery newline
* add entry to unreleased chart items
* Revert "run helm-docs"
This reverts commit a1d64bd3e8.
* Revert "add new option to helm chart"
This reverts commit 299d087917.
* Revert "add entry to unreleased chart items"
This reverts commit 0bcd0e3612.
* fix test cases that have changed
Add two new options:
- --ignore-non-host-network-pods
- --pod-source-domain
Combined toghether, they can be used to register the IPs
of all pods with their associated PTR record.
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* Add annotation filter to Ambassador Host Source
This change makes the Ambassador Host source respect the External-DNS annotationFilter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation.
I added the `filterByAnnotations` function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter.
Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter.
```
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns-private
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns-private
template:
metadata:
labels:
app: external-dns-private
annotations:
iam.amazonaws.com/role: {ARN} # AWS ARN role
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:latest
args:
- --source=ambassador-host
- --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- --provider=aws
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type=private # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt
- --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
- --annotation-filter=kubernetes.io/ingress.class in (private)
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns-public
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns-public
template:
metadata:
labels:
app: external-dns-public
annotations:
iam.amazonaws.com/role: {ARN} # AWS ARN role
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:latest
args:
- --source=ambassador-host
- --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- --provider=aws
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type= # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt
- --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
- --annotation-filter=kubernetes.io/ingress.class in (public)
---
apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
name: your-hostname
annotations:
external-dns.ambassador-service: emissary-ingress/emissary
kubernetes.io/ingress.class: public
spec:
acmeProvider:
authority: none
hostname: your-hostname.example.com
```
Fixeskubernetes-sigs/external-dns#2632
* Add Label filltering for Ambassador Host source
Currently the `--label-filter` flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects which match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object.
When the flag is not specified the default value is `labels.Everything()` which is an empty string, the same as before. An annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used inconjunction with the other sources that don't yet support label filltering.
It is possible to use label based filltering with annotation based filltering so you can initially filter by label then filter the returned hosts by annotation. This is not recomended
* Update Ambassador Host source docs
Add that the Ambassador Host source now supports both annotation and label filltering.
**Description**
In the current implementation, DNS providers are called to list all
records on every loop. This is expensive in terms of number of requests
to the provider and may result in being rate limited, as reported in 1293
and 3397.
In our case, we have approximately 20,000 records in our AWS Hosted Zone.
The ListResourceRecordSets API call allows a maximum of 300 items per call.
That requires 67 API calls per external-dns deployment during every sync period
With this, we introduce an optional generic caching mechanism at the provider
level, that re-uses the latest known list of records for a given time.
This prevents from expensive Provider calls to list all records for each
object modification that does not change the actual record (annotations,
statuses, ingress routing, ...)
This introduces 2 trade-offs:
1. Any changes or corruption directly on the provider side will be
longer to detect and to resolve, up to the cache time
2. Any conflicting records in the DNS provider (such as a different
external-dns instance) injected during the cache validity will cause
the first iteration of the next reconcile loop to fail, and hence add a
delay until the next retry
**Checklist**
- [X] Unit tests updated
- [X] End user documentation updated
Change-Id: I0bdcfa994ac1b76acedb05d458a97c080284c5aa
