mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-06 09:36:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,080 Commits 195 Branches 119 Tags 150 MiB
c4db4af310
Commit Graph

148 Commits

Author SHA1 Message Date
David Grizzanti
c4db4af310 Propose a few doc changes to make the use of namespace more clear 2019-10-08 09:54:59 -04:00
Kubernetes Prow Robot
8db7e77d78
Merge pull request #1149 from dkeightley/master 
Add RBAC manifest, update wording around IAM policy
 2019-09-24 04:49:27 -07:00
Kubernetes Prow Robot
40ede2557c
Merge pull request #1189 from Evesy/cf_token 
Support Cloudflare API Token Auth
 2019-09-17 04:12:23 -07:00
Brian Hong
c97781a49d
Fix AWS IAM Roles for Service Accounts permission 
Amazon EKS supports IAM Roles for Service Accounts. It mounts tokens
files to `/var/run/secrets/eks.amazonaws.com/serviceaccount/token`.
Unfortunately, external-dns runs as 'nobody' so it cannot access this
file. External DNS is then unable to make any AWS API calls to work:

```
time="2019-09-11T07:31:53Z" level=error msg="WebIdentityErr: unable to read file at /var/run/secrets/eks.amazonaws.com/serviceaccount/token\ncaused by: open /var/run/secrets/eks.amazonaws.com/serviceaccount/token: permission denied"
```

See: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html

Below are the file permissions mounted on External DNS pod:

```
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/
total 0
drwxrwxrwt    3 root     root           100 Sep 11 06:40 .
drwxr-xr-x    3 root     root            28 Sep 11 06:40 ..
drwxr-xr-x    2 root     root            60 Sep 11 06:40 ..2019_09_11_06_40_49.865776187
lrwxrwxrwx    1 root     root            31 Sep 11 06:40 ..data -> ..2019_09_11_06_40_49.865776187
lrwxrwxrwx    1 root     root            12 Sep 11 06:40 token -> ..data/token
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
-rw-------    1 root     root          1028 Sep 11 06:40 /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
```

This commit fixes this problem by specifying securityContext to make
mounted volumes with 65534 (nobody) group ownership.
 2019-09-16 17:01:07 +09:00
Mike Eves
49e0c8b0e7 Support Cloudflare API Token Auth 2019-09-12 22:00:29 +01:00
Braxton Schafer
905800f9e5
Update rfc2136 tutorial for use with Microsoft DNS 
Clean up the tutorial and update it to clarify usage with non-BIND DNS servers.
 2019-09-05 13:28:09 -05:00
dkeightley
b12f3ef049 Add RBAC manifest, update wording around IAM policy 2019-08-15 11:47:03 +10:00
Kubernetes Prow Robot
eb54263256
Merge pull request #1084 from jonasrmichel/feature/contour-ingressroute 
Add source implementation for Heptio Contour IngressRoute
 2019-07-30 08:54:51 -07:00
Marc Sensenich
cf1827cf36 Add DNSimple Tutorial Document 2019-07-29 17:44:55 -04:00
Jason-ZW
f685704fcc Add rancher dns(RDNS) provider 2019-07-19 19:40:00 +08:00
Jonas Michel
43dce0b9d9 Add documentation for Contour IngressRoute source 2019-07-04 20:06:25 -05:00
Kubernetes Prow Robot
454eb59622
Merge pull request #1079 from twilfong/master 
add dualstack support for AWS provider with ALB ingress controllers
 2019-07-04 07:22:36 -07:00
Dave Grizzanti
3b4e207edf Docs and small fix to find suitable zone 2019-07-01 16:53:50 -04:00
twilfong
efebfa2d7c add tutorial for using alb-ingress-controller with ExternalDNS 2019-06-27 17:13:08 -07:00
Dave Grizzanti
5b28d7f7f3 Add VinylDNS as a provider 2019-06-27 11:07:21 -04:00
Nick Jüttner
c4dce019dd
Merge branch 'master' into external-services 2019-06-04 15:08:18 +02:00
Anton Mironov
7a593386c9 Add docs for ExternalName services 2019-05-29 15:49:20 +03:00
Jérôme Lecorvaisier
a98637aa02
docs(cloudflare): set ttl annotation for cloudflare proxied entries to 1 2019-05-20 22:38:58 -04:00
Reinier Schoof
3323229ae0 Merge branch 'master' of github.com:kubernetes-incubator/external-dns into transipSupport 2019-05-07 13:23:47 +02:00
Reinier Schoof
eca0025558 tweaked transip provider tutorial 2019-05-07 12:01:01 +02:00
Paweł Prażak
db47517076
Update aws.md 
Fixes `Failed to watch *v1.Node: unknown (get nodes)`
 2019-05-02 09:51:54 +02:00
Reinier Schoof
a2b07c1383 added TransIP provider 2019-04-28 14:42:07 +02:00
mburtless
b7c10bb80f Add tutorial for NS1 and link in README 2019-04-23 11:27:25 -04:00
Kubernetes Prow Robot
887b5f7614
Merge pull request #977 from xianlubird/docs/add-sts 
Fix alibaba cloud config file missing by enable sts token
 2019-04-16 00:41:04 -07:00
xianlubird
4ea79d1144 Update the docs link 2019-04-16 09:58:20 +08:00
Gordan Grasarevic
7485ef6f68 Remove disable-addon argument from gke + nginx tutorial 2019-04-14 16:36:46 +01:00
xianlubird
261765fb71 Add Chinese docs link 2019-04-14 19:33:02 +08:00
xianlubird
24c0d0eef3 Enable sts token 2019-04-14 19:24:57 +08:00
Joseph
8f0b1c9c52 fix wrong arg 'alibaba-cloud-zone' -> 'alibaba-cloud-zone-type' 2019-04-14 11:45:49 +08:00
Kubernetes Prow Robot
02faeb914d
Merge pull request #952 from hobti01/patch-1 
Remove superfluous trailing period from hostname
 2019-04-10 02:22:14 -07:00
igork
a70fff1560
describe how to check if your cluster has a RBAC 2019-04-02 13:24:12 +02:00
Tim Hobbs
252dc2b0f5
Remove superfluous trailing period from hostname 
Tutorial specifies version >0.4 which also removed the requirement for a trailing period.  New users could misunderstand the trailing dot as a significant syntax.  Removing the dot simplifies the configuration of the annotation.
 2019-03-29 11:37:59 +01:00
Christian Glombek
0076e4156c Add support for multiple Istio Ingress Gateways 
The --istio-ingress-gateway flag may now be specified multiple times.
 2019-03-18 22:13:44 +01:00
Kubernetes Prow Robot
f292f8e75c
Merge pull request #874 from nic-at/master 
Add RcodeZero Anycast DNS provider
 2019-03-18 09:42:24 -07:00
Kubernetes Prow Robot
d27c8d2d12
Merge pull request #911 from st1t/add-description 
Added description for multiple dns name
 2019-03-14 03:12:28 -07:00
Dirk Gómez
60a2083921 Clarify that hosted zone identifier is to be used 2019-02-22 20:52:50 +01:00
Shota Ito
1eaf02d108
Added description for multiple dns name 
This PR is a comment about "Multiple DNS names per Service" setting.
 2019-02-22 19:01:43 +09:00
Dimitrij Klesev
76b9b4c472
Trigger travis 2019-02-19 11:49:41 +01:00
Dimitrij Klesev
e7f90743e2
Apply doc review changes 2019-02-19 11:20:15 +01:00
Dimitrij Klesev
79bf8c807e
Add RcodeZero Anycast DNS provider 2019-02-19 11:20:15 +01:00
Kubernetes Prow Robot
00450a8d44
Merge pull request #868 from alexnederlof/patch-1 
Improve documentation regarding Alias
 2019-01-28 02:57:18 -08:00
Kubernetes Prow Robot
49afe00cd1
Merge pull request #650 from eswets/cloudflare-proxied-annotation 
Allow setting Cloudflare proxying on a per-ingress basis
 2019-01-28 02:16:48 -08:00
Alex Nederlof
ffee2018ba
Improve documentation regarding Alias 
I got stuck here and opened #865 because I thought it was a bug. I hope this will help others set it up correctly the first time.
 2019-01-26 09:35:13 +01:00
Nick Jüttner
6d39526069
Merge branch 'master' into cloudflare-proxied-annotation 2019-01-24 11:16:54 +01:00
Kubernetes Prow Robot
d15df89cc1
Merge pull request #849 from ifosch/patch-1 
Make awscli commands use JSON output
 2019-01-24 02:15:34 -08:00
Kubernetes Prow Robot
b5cd62d6ee
Merge pull request #829 from conplementAG/master 
docs(azure): better security granuality concerning external dns service principal
 2019-01-17 01:06:04 -08:00
Ignasi Fosch
0258cf6f89
Make awscli commands use JSON output 
This way the use of `jq`, and the output in this document would make sense.
 2019-01-14 17:42:49 +01:00
Sheng Lao
6927af4067 Add apiVersion to ingress.yaml, and Delete the duplicated line in dnstools 2019-01-12 00:06:43 +08:00
Kubernetes Prow Robot
a948fe659f
Merge pull request #824 from PascalKu/patch-1 
Update cloudflare.md
 2019-01-10 12:00:46 -08:00
Kubernetes Prow Robot
871cb4c5f3
Merge pull request #818 from acrogenesis/patch-1 
Fix commands to cleanup Cloudflare
 2019-01-07 09:26:02 -08:00