mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-07 18:16:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,281 Commits 195 Branches 119 Tags 152 MiB
c91eae9d2f
Commit Graph

197 Commits

Author SHA1 Message Date
Brian Hong
c97781a49d
Fix AWS IAM Roles for Service Accounts permission 
Amazon EKS supports IAM Roles for Service Accounts. It mounts tokens
files to `/var/run/secrets/eks.amazonaws.com/serviceaccount/token`.
Unfortunately, external-dns runs as 'nobody' so it cannot access this
file. External DNS is then unable to make any AWS API calls to work:

```
time="2019-09-11T07:31:53Z" level=error msg="WebIdentityErr: unable to read file at /var/run/secrets/eks.amazonaws.com/serviceaccount/token\ncaused by: open /var/run/secrets/eks.amazonaws.com/serviceaccount/token: permission denied"
```

See: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html

Below are the file permissions mounted on External DNS pod:

```
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/
total 0
drwxrwxrwt    3 root     root           100 Sep 11 06:40 .
drwxr-xr-x    3 root     root            28 Sep 11 06:40 ..
drwxr-xr-x    2 root     root            60 Sep 11 06:40 ..2019_09_11_06_40_49.865776187
lrwxrwxrwx    1 root     root            31 Sep 11 06:40 ..data -> ..2019_09_11_06_40_49.865776187
lrwxrwxrwx    1 root     root            12 Sep 11 06:40 token -> ..data/token
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
-rw-------    1 root     root          1028 Sep 11 06:40 /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
```

This commit fixes this problem by specifying securityContext to make
mounted volumes with 65534 (nobody) group ownership.
 2019-09-16 17:01:07 +09:00
Mike Eves
49e0c8b0e7 Support Cloudflare API Token Auth 2019-09-12 22:00:29 +01:00
Alfred Krohmer
a1738f9828 Add documentation for routing policies 2019-09-10 20:47:36 +02:00
Braxton Schafer
905800f9e5
Update rfc2136 tutorial for use with Microsoft DNS 
Clean up the tutorial and update it to clarify usage with non-BIND DNS servers.
 2019-09-05 13:28:09 -05:00
Adrian Pascu
78c48af7e4
Fix confusing arrow direction 2019-08-23 16:45:14 +03:00
dkeightley
b12f3ef049 Add RBAC manifest, update wording around IAM policy 2019-08-15 11:47:03 +10:00
Kubernetes Prow Robot
eb54263256
Merge pull request #1084 from jonasrmichel/feature/contour-ingressroute 
Add source implementation for Heptio Contour IngressRoute
 2019-07-30 08:54:51 -07:00
Marc Sensenich
cf1827cf36 Add DNSimple Tutorial Document 2019-07-29 17:44:55 -04:00
Jason-ZW
f685704fcc Add rancher dns(RDNS) provider 2019-07-19 19:40:00 +08:00
Jonas Michel
43dce0b9d9 Add documentation for Contour IngressRoute source 2019-07-04 20:06:25 -05:00
Kubernetes Prow Robot
454eb59622
Merge pull request #1079 from twilfong/master 
add dualstack support for AWS provider with ALB ingress controllers
 2019-07-04 07:22:36 -07:00
Dave Grizzanti
3b4e207edf Docs and small fix to find suitable zone 2019-07-01 16:53:50 -04:00
twilfong
efebfa2d7c add tutorial for using alb-ingress-controller with ExternalDNS 2019-06-27 17:13:08 -07:00
Dave Grizzanti
5b28d7f7f3 Add VinylDNS as a provider 2019-06-27 11:07:21 -04:00
Nick Jüttner
c4dce019dd
Merge branch 'master' into external-services 2019-06-04 15:08:18 +02:00
Anton Mironov
7a593386c9 Add docs for ExternalName services 2019-05-29 15:49:20 +03:00
Jérôme Lecorvaisier
a98637aa02
docs(cloudflare): set ttl annotation for cloudflare proxied entries to 1 2019-05-20 22:38:58 -04:00
Reinier Schoof
3323229ae0 Merge branch 'master' of github.com:kubernetes-incubator/external-dns into transipSupport 2019-05-07 13:23:47 +02:00
Reinier Schoof
eca0025558 tweaked transip provider tutorial 2019-05-07 12:01:01 +02:00
Paweł Prażak
db47517076
Update aws.md 
Fixes `Failed to watch *v1.Node: unknown (get nodes)`
 2019-05-02 09:51:54 +02:00
Reinier Schoof
a2b07c1383 added TransIP provider 2019-04-28 14:42:07 +02:00
mburtless
b7c10bb80f Add tutorial for NS1 and link in README 2019-04-23 11:27:25 -04:00
Kubernetes Prow Robot
887b5f7614
Merge pull request #977 from xianlubird/docs/add-sts 
Fix alibaba cloud config file missing by enable sts token
 2019-04-16 00:41:04 -07:00
xianlubird
4ea79d1144 Update the docs link 2019-04-16 09:58:20 +08:00
Gordan Grasarevic
7485ef6f68 Remove disable-addon argument from gke + nginx tutorial 2019-04-14 16:36:46 +01:00
xianlubird
261765fb71 Add Chinese docs link 2019-04-14 19:33:02 +08:00
xianlubird
24c0d0eef3 Enable sts token 2019-04-14 19:24:57 +08:00
Joseph
8f0b1c9c52 fix wrong arg 'alibaba-cloud-zone' -> 'alibaba-cloud-zone-type' 2019-04-14 11:45:49 +08:00
Kubernetes Prow Robot
02faeb914d
Merge pull request #952 from hobti01/patch-1 
Remove superfluous trailing period from hostname
 2019-04-10 02:22:14 -07:00
igork
a70fff1560
describe how to check if your cluster has a RBAC 2019-04-02 13:24:12 +02:00
Tim Hobbs
252dc2b0f5
Remove superfluous trailing period from hostname 
Tutorial specifies version >0.4 which also removed the requirement for a trailing period.  New users could misunderstand the trailing dot as a significant syntax.  Removing the dot simplifies the configuration of the annotation.
 2019-03-29 11:37:59 +01:00
Christian Glombek
0076e4156c Add support for multiple Istio Ingress Gateways 
The --istio-ingress-gateway flag may now be specified multiple times.
 2019-03-18 22:13:44 +01:00
Kubernetes Prow Robot
f292f8e75c
Merge pull request #874 from nic-at/master 
Add RcodeZero Anycast DNS provider
 2019-03-18 09:42:24 -07:00
Kubernetes Prow Robot
d27c8d2d12
Merge pull request #911 from st1t/add-description 
Added description for multiple dns name
 2019-03-14 03:12:28 -07:00
Dirk Gómez
60a2083921 Clarify that hosted zone identifier is to be used 2019-02-22 20:52:50 +01:00
Shota Ito
1eaf02d108
Added description for multiple dns name 
This PR is a comment about "Multiple DNS names per Service" setting.
 2019-02-22 19:01:43 +09:00
Dimitrij Klesev
76b9b4c472
Trigger travis 2019-02-19 11:49:41 +01:00
Dimitrij Klesev
e7f90743e2
Apply doc review changes 2019-02-19 11:20:15 +01:00
Dimitrij Klesev
79bf8c807e
Add RcodeZero Anycast DNS provider 2019-02-19 11:20:15 +01:00
Kubernetes Prow Robot
00450a8d44
Merge pull request #868 from alexnederlof/patch-1 
Improve documentation regarding Alias
 2019-01-28 02:57:18 -08:00
Kubernetes Prow Robot
49afe00cd1
Merge pull request #650 from eswets/cloudflare-proxied-annotation 
Allow setting Cloudflare proxying on a per-ingress basis
 2019-01-28 02:16:48 -08:00
Alex Nederlof
ffee2018ba
Improve documentation regarding Alias 
I got stuck here and opened #865 because I thought it was a bug. I hope this will help others set it up correctly the first time.
 2019-01-26 09:35:13 +01:00
Nick Jüttner
6d39526069
Merge branch 'master' into cloudflare-proxied-annotation 2019-01-24 11:16:54 +01:00
Kubernetes Prow Robot
d15df89cc1
Merge pull request #849 from ifosch/patch-1 
Make awscli commands use JSON output
 2019-01-24 02:15:34 -08:00
Kubernetes Prow Robot
b5cd62d6ee
Merge pull request #829 from conplementAG/master 
docs(azure): better security granuality concerning external dns service principal
 2019-01-17 01:06:04 -08:00
Ignasi Fosch
0258cf6f89
Make awscli commands use JSON output 
This way the use of `jq`, and the output in this document would make sense.
 2019-01-14 17:42:49 +01:00
Sheng Lao
6927af4067 Add apiVersion to ingress.yaml, and Delete the duplicated line in dnstools 2019-01-12 00:06:43 +08:00
Kubernetes Prow Robot
a948fe659f
Merge pull request #824 from PascalKu/patch-1 
Update cloudflare.md
 2019-01-10 12:00:46 -08:00
Kubernetes Prow Robot
871cb4c5f3
Merge pull request #818 from acrogenesis/patch-1 
Fix commands to cleanup Cloudflare
 2019-01-07 09:26:02 -08:00
Denis Biondic
d0de07c084 docs(azure): better security granuality concerning external dns service principal 2018-12-24 16:44:06 +01:00
Pascal Kutscha
5aee5ad345
Update cloudflare.md 2018-12-22 21:27:48 +01:00
Wade Lee
cea58909f0
Update coredns.md 
Make the DNS service IP consistent with `my-coredns-coredns` in example
 2018-12-20 16:31:55 +08:00
Adrian Rangel
374bb9235a
fix commands to cleanup 2018-12-19 02:08:20 -06:00
THEBAULT Julien
7747db2351 Update coredns tutorial with RBAC manifest (see #791) 2018-12-10 10:05:02 +01:00
Matteo Dell'Aquila
36b443f853 fix json syntax error - typing error (#765) 
there was an unexpected comma in json used as custom configuration file
 2018-12-04 16:02:32 +01:00
Davis Phillips
f25f90db0e adding config for bind for tsig (#790) 
* adding config for bind for tsig

* add indentation as requested
 2018-11-30 20:57:06 +01:00
k8s-ci-robot
75b3ac37ba
Merge pull request #788 from pelithne/master 
Updating Azure tutorial
 2018-11-28 02:09:04 -08:00
xunpan
31e50b792c add tutorial for coredns (#791) 
There is no coredns tutorial for externalDNS. This pull request makes
coredns based on minikube for working with externalDNS.
 2018-11-28 10:59:24 +01:00
Author pelithne
5bbaf7f3fc Updating Azure tutorial 2018-11-24 18:19:55 +01:00
Erik Swets
e0e7a9defd Allow setting Cloudflare proxying by annotation 2018-11-16 12:52:47 +01:00
Nick Jüttner
ae2b782b58
Merge pull request #742 from mytaxi/feature/add-alias-annotation 
Feature/add alias annotation
 2018-11-14 14:22:58 +01:00
Nick Jüttner
c63bf03097
Merge pull request #737 from ottoyiu/pdns-domainfilter 
PowerDNS: Add DomainFilter support
 2018-11-14 13:50:19 +01:00
Bily Zhang
10134b26a9 Remove dupplicated words:have,aliyun (#768) 
Signed-off-by: mooncake <xcoder@tenxcloud.com>
 2018-11-12 08:36:08 +01:00
vaegt
4b985ab04a
Add docs for alias annotation 2018-11-09 13:07:55 +01:00
Patrick Galbraith
2c602631dd Oracle doc fix (add "key:" to secret) (#750) 
* fix domain filter match logic to not match similar domain names

* MAINTAINER is deprecated - using LABEL instead

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

* Fix to documentation for Oracle to include `key:`
 2018-11-06 20:58:18 +01:00
Pascal
f11987ca09 Update Azure documentation 2018-10-23 20:47:44 +02:00
Otto Yiu
04ca5ec22f pdns: Add DomainFilter support 2018-10-22 13:54:11 -07:00
Vladislav Troinich
f15d8f454a Add small Readme for RFC2136 provider 2018-10-16 15:24:45 +03:00
Martin Linkhorst
8163db497d
docs: document how to use a different security context 2018-10-02 18:36:58 +02:00
Jonas Michel
b9b6842195 Add Source implementation for Istio Gateway (#694) 
* add Istio Gateway Source

* add documentation for Istio Gateway Source

* make both istio namespace and ingress gateway service configurable

* prefix gateway types, constructors, and flags with 'istio-'

* fix: add missing sources to source flag docs
 2018-09-06 16:39:32 +02:00
xianlubird
ae9c135d75 Add zone info to deployment 2018-09-03 16:20:26 +08:00
xianlubird
3e771e5b72 Change README.md from 0.4 to 0.5.6 2018-08-31 10:06:25 +08:00
xianlubird
e488e2bb0f Add aliyun sts token support 2018-08-30 18:48:31 +08:00
Li Yi
1db16f35af Initial support for Alibaba Cloud 2018-08-28 17:30:36 +08:00
Nick Jüttner
ce525ce507 Updating changelog for new release v0.5.5 2018-08-17 13:28:28 +02:00
cliedeman
65f8b914b1 Linode Provider Implementation 2018-08-14 16:26:14 +02:00
Arttii
874502ebf8 adding a flag to optionally publish hostIP instead of podIP for headless services (#597) 
* Added HostPort feature docs

* Fixed some typos

* Fixing hostIP,podIP change

Fixing hostIP,podIP change

Merge artifacts in docs

Naming typo

removing unnecessary files

fix(source): fix misleading log message

Naming typo

removing unnecessary files

* fix(source): fix misleading log message
 2018-07-26 18:16:32 +02:00
Christopher Schmidt
0fd3a7afb1 added list nodes 2018-07-13 12:52:16 +02:00
Nick Jüttner
717ee8440c
Merge branch 'master' into external-dns-exoscale 2018-07-12 12:21:12 +02:00
Nick Jüttner
f38c347636
Merge branch 'master' into external-dns-exoscale 2018-07-12 11:30:05 +02:00
Andrew Pryde
3c9a944fec Code review comments 2018-07-11 15:44:40 +01:00
Andrew Pryde
88da61e742 Implement Oracle Cloud Infrastructure DNS provider 2018-07-11 15:42:00 +01:00
Christopher Schmidt
df03cb8107 added version tag 2018-07-11 07:09:34 +02:00
Christopher Schmidt
56e4fe82db added an Exoscale tutorial 2018-07-10 15:25:48 +02:00
Derek Perkins
9d345272d9
fix typo in cloudflare.md 2018-07-02 20:43:52 -06:00
Nick Jüttner
5994e55708 Bump version to v0.5.4 (#618) 2018-06-28 15:30:56 +02:00
Nick Jüttner
501023cd67 Add node list allow to all RBAC tutorials 2018-06-15 17:23:00 +02:00
Nick Jüttner
2e4238014f Update RBAC for external-dns to list nodes 
Introducing support for NodePort services might break cluster which
using RBAC

* allow external-dns to list nodes

Signed-off-by: Nick Jüttner <nick@zalando.de>
 2018-06-15 17:03:24 +02:00
Nick Jüttner
8683d25b19 Bump version to v0.5.3 
* Add recent changes to the changelog
* Update version in docs

Signed-off-by: Nick Jüttner <nick@zalando.de>
 2018-06-15 11:52:29 +02:00
Jason L. van Brackel
49f36ea479 Update azure.md to fix protocol value (#593) 
'tcp' is not a supported value whereas 'TCP' is.
 2018-06-14 10:56:06 +02:00
Jaromir Vanek
e7cbc5239c bump version to v0.5.2 (#586) 2018-06-06 09:57:41 +02:00
Roman Sokolkov
b2a5ed229d
Add Azure MSI support 2018-05-31 14:57:58 +02:00
Nick Jüttner
baa1da6fa0
Merge pull request #483 from vanekjar/AWS-SD-final 
Add AWS Service Discovery provider
 2018-05-30 10:31:34 +02:00
Nick Jüttner
74de102a13 Remove the logic of preventing failing TTL's which are less than 120 
Signed-off-by: Nick Jüttner <nick@juni.io>
 2018-05-28 09:54:32 +02:00
Jaromir Vanek
cd94888800 Implementation of AWS ServiceDiscovery provider 2018-05-25 07:45:47 -07:00
Raffaele Di Fazio
a104993630 Update docs to latest changes (#563) 
* Minor changes to docs and faq

* Other minor changes

* better docs

* Addressed comments
 2018-05-22 18:23:08 +02:00
Martin Linkhorst
960151a5ac
chore: bump version to v0.5.1 (#560) 2018-05-16 13:53:53 +02:00
Henning Jacobs
e664bde484 AWS IAM Instance Profile (#557) 2018-05-15 16:42:57 +02:00
Dan Bond
25af706af3 docs/tutorials: add pods resources to external-dns ClusterRole 2018-04-24 16:07:51 +01:00
Martin Linkhorst
b94288fcb9
chore: bump version to v0.5.0 2018-04-23 16:50:13 +02:00