* Update aws.go for issue #3833
Fix to add ap-south-2 region to support elb and nlb
* Update provider/aws/aws.go
Added missing quotes
Co-authored-by: Raffaele Di Fazio <raffo@github.com>
* Update provider/aws/aws.go
Added missing quotes
Co-authored-by: Raffaele Di Fazio <raffo@github.com>
---------
Co-authored-by: Raffaele Di Fazio <raffo@github.com>
A bug in the Linode provider can result in an unbounded explosion of TXT records being created.
For example, if external-dns attempts to create a CNAME in a zone that has a conflicting A record,
it will fail but will still create 2 new TXT records every single time.
Instead, we can just skip creating records that already exist since they should
only ever be in the list of updates.
When AAAA multi-target / dual stack support was
added via #2461 it broke ownership of domains across
different clusters with different ingress records types.
For example if 2 clusters manage the same zone,
1 cluster uses A records and the other uses CNAME
records, when each record type is treated as a separate
planning record, it will cause ownership to bounce back
and forth and records to be constantly created and
deleted.
This change updates the planner to keep track of multiple
current records for a domain. This allows for A and AAAA
records to exist for a domain while allowing record type
changes.
The planner will ignore desired records for a domain that
represent conflicting record types allowed by RFC 1034 3.6.2.
For example if the desired records for a domain contains
a CNAME record plus any other record type no changes for
that domain will be planned.
The planner now contains an owned record filter provided
by the registry. This allows the planner to accurately plan
create updates when there are record type changes between
the current and desired endpoints. Without this filter the
planner could add create changes for domains not owned
by the controller.
When AAAA multi-target / dual stack support was
added via #2461 it broke ownership of domains across
different clusters with different ingress records types.
For example if 2 clusters manage the same zone,
1 cluster uses A records and the other uses CNAME
records, when each record type is treated as a separate
planning record, it will cause ownership to bounce back
and forth and records to be constantly created and
deleted.
This change updates the planner to keep track of multiple
current records for a domain. This allows for A and AAAA
records to exist for a domain while allowing record type
changes.
The planner will ignore desired records for a domain that
represent conflicting record types allowed by RFC 1034 3.6.2.
For example if the desired records for a domain contains
a CNAME record plus any other record type no changes for
that domain will be planned.
The planner now contains an owned record filter provided
by the registry. This allows the planner to accurately plan
create updates when there are record type changes between
the current and desired endpoints. Without this filter the
planner could add create changes for domains not owned
by the controller.
PNDS provider is the only one which uses MatchParent functionality. The
MatchParent functionality breaks domain and regex domain filters. It
also makes PDNS provider behave differently than other providers while
having the same configuration. MatchParent can be replaced by using
multiple domain filters. After discussion with maintainers we concluded
that MatchParent should be removed.
All of the providers have TLS enabled by default so this change will
make PDNS provider behave as exected. Additionally, enabling TLS
by default is a good practice and previous bahaviour was a bit
misleading. It was possible to pass `--tls-ca` without
`--pdns-tls-enabled` and the PDNS provider would ignore the tls and
instantiate client with disabled tls. This change adds a flag to disable
the tls: `--pdns-skip-tls-verify`. Similar flag is used by pihole and
bluecat providers.
Additionaly this change makes providing custom TLS CA optional. It if is
not provided. A system certificates will be used. This makes PDNS behave
the same as other providers.
