mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-06 09:36:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,254 Commits 195 Branches 119 Tags 150 MiB
f642c598aa
Commit Graph

351 Commits

Author SHA1 Message Date
Thibault Jamet
6c5faafbfe
Dynamically register cache provider metrics 2024-08-14 10:21:00 +02:00
Thibault Jamet
29191e2362
Skip apply empty changes in the cache provider 
Change-Id: Icaf1ffe34e75c320d4efbb428f831deb8784cd11
 2024-08-14 10:20:58 +02:00
Thibault Jamet
089744c6ff
Add cache at provider level 
**Description**

In the current implementation, DNS providers are called to list all
records on every loop. This is expensive in terms of number of requests
to the provider and may result in being rate limited, as reported in 1293
and 3397.

In our case, we have approximately 20,000 records in our AWS Hosted Zone.
The ListResourceRecordSets API call allows a maximum of 300 items per call.
That requires 67 API calls per external-dns deployment during every sync period

With this, we introduce an optional generic caching mechanism at the provider
level, that re-uses the latest known list of records for a given time.

This prevents from expensive Provider calls to list all records for each
object modification that does not change the actual record (annotations,
statuses, ingress routing, ...)

This introduces 2 trade-offs:

1. Any changes or corruption directly on the provider side will be
longer to detect and to resolve, up to the cache time

2. Any conflicting records in the DNS provider (such as a different
external-dns instance) injected during the cache validity will cause
the first iteration of the next reconcile loop to fail, and hence add a
delay until the next retry

**Checklist**

- [X] Unit tests updated
- [X] End user documentation updated

Change-Id: I0bdcfa994ac1b76acedb05d458a97c080284c5aa
 2024-08-14 10:20:56 +02:00
Kubernetes Prow Robot
8245b89891
Merge pull request #4283 from angeloxx/feature/rfc-2136-ptr 
feat(rfc2136): add PTR optional support
 2024-06-20 00:44:17 -07:00
Kubernetes Prow Robot
0ba14d8873
Merge pull request #3973 from c445/roehrijn/aws-profiles 
feat(aws): use AWS profiles using .credentials file
 2024-06-10 13:59:23 -07:00
Michel Loiseleur
84da6be1dd chore: Remove infoblox in-tree provider 2024-05-29 16:01:45 +02:00
Khue Doan
b16d1b3a4b Merge branch 'master' into az-private-dns-zone-name-filter 2024-04-26 00:31:11 +07:00
Jeremy-Boyle
fe0af65a14 Removed the env, and moved to config file changes for ADD endpoints, need to update docs next 2024-04-16 09:58:31 -07:00
Khue Doan
425dea47f3 feat(azure): add zone name filter for Azure Private DNS 2024-03-28 19:56:27 +07:00
angeloxx
cd2088dff3 Merged from master and tested. 2024-03-19 13:27:17 +01:00
Jan Roehrich
2059367ef4
fixing szuecs's findings 2024-03-05 23:06:21 +01:00
Jan Roehrich
7fb25f44ce
Allow usage of (multiple) AWS profiles using .credentials file 2024-03-05 23:06:16 +01:00
Kubernetes Prow Robot
8d3eb3a3ff
Merge pull request #3974 from iteratee/rfc2136-dns-over-tls 
RFC2136: Add support for DNS-over-TLS
 2024-02-29 10:00:41 -08:00
Kyle Butt
a3c9908d5e
RFC2136: Add support for DNS-over-TLS 
*  Reuse the existing TLS options.
 *  Add two new flags, one to enable DNS-over-TLS, and the second to
    disable cert checks for DNS-over-TLS.
 *  Factor out the connection code so that it can be shared between the
    zone transfer and the updates. If TLS was requested, it will be used
    for both.
 *  RFC9013 requires TLS 1.3 or later, and an ALPN negotiation of "dot".
 2024-02-26 11:23:34 -07:00
angeloxx
b083e34dfb Rename option with --rfc2136-create-ptr, similar to infoblox option 2024-02-25 18:50:35 +01:00
angeloxx
940899b758 Add command line parameter and update helm 2024-02-25 18:40:12 +01:00
Kubernetes Prow Robot
52460ba89c
Merge pull request #4186 from pascalgn/azure-subscription-id-override 
feat: enable Azure subscription ID override
 2024-02-15 06:00:13 -08:00
Pascal
be7cac2a56 feat: enable Azure subscription ID override 2024-02-09 12:17:44 +01:00
Megum1n
4ed7b2888d
Fix struct indentation 2024-02-07 16:29:51 +01:00
Megum1n
7d3d355175
Merge branch 'master' into aws-provider-validate-value-size 2024-02-07 16:27:36 +01:00
thiagoluiznunes
ca4f3ae12b fix(aws-provider): add aws-zone-match-parent flag value to aws config 2024-02-06 18:36:06 -03:00
Kubernetes Prow Robot
97a8fa3195
Merge pull request #4076 from k8r-io/fix-hangs-on-traefik-listeners 
Fix timeout for traefik-proxy source
 2023-12-27 17:22:52 +01:00
Megum1n
c391f5588a
Validate AWS record values size during batch set generation 2023-12-19 10:21:47 +01:00
Manuel Rüger
28c3153826 webhook: Move httpapi into own package 
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
 2023-11-30 21:59:00 +01:00
Kristopher Kirkland
9015377c12 Add flags to disable each of the Traefik API groups 2023-11-29 12:14:59 -06:00
Anders Swanson
dbaca73de2 oracle provider: dns zone cache 
Signed-off-by: Anders Swanson <anders.swanson@oracle.com>
 2023-11-14 12:59:45 -08:00
Anders Swanson
4eb71536e1 OCI Provider private zone and workload identity support 2023-10-17 10:55:11 -07:00
John Gardiner Myers
627f9b1a00 Remove the --run-aws-provider-as-webhook flag 2023-09-27 23:21:33 -07:00
John Gardiner Myers
859892fc72
Add --webhook-server flag for running as a webhook server (#3957) 
* Add --webhook-server flag for running as a webhook server

* Address review comment
 2023-09-27 07:40:09 -07:00
Raffaele Di Fazio
8251b6dd85
Webhook provider (#3063) 
* initial plugin implementation

* rename to webhook

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* json encoder changes

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* addressing review comments

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* changes according to ionos review

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* fix to accomodate changes in master

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* fixes to accomodate master changes

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* remove all propertyvaluesequals leftovers

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* readd negotiation to pass the domain filter around

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* fix domain filter passing

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* webhook fixes

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* fix tests

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* fix docs

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* docs fixes

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* code review comments on json unmarshal

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* handle error in adjustendpoints

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* fix a bunch of wrong require

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* tests and docs

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

* fix typo

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>

---------

Signed-off-by: Raffaele Di Fazio <difazio.raffaele@gmail.com>
 2023-09-25 01:14:58 -07:00
Kubernetes Prow Robot
e0405a2e60
Merge pull request #3748 from johngmyers/exclude-managed 
Add --exclude-record-types flag
 2023-09-18 22:37:49 -07:00
Kubernetes Prow Robot
d54fa589c2
Merge pull request #3480 from Megum1n/gloo-multiple-namespaces 
Add support for multiple gloo namespaces in one External DNS instance
 2023-09-15 22:10:13 -07:00
John Gardiner Myers
94713c20c6 Add --exclude-record-types flag 2023-09-15 18:45:09 -07:00
Kubernetes Prow Robot
0483ffde22
Merge pull request #3839 from matusf/fix/pdns-tls-on 
Make TLS enabled by default for PowerDNS provider
 2023-09-05 11:24:51 -07:00
Michel Loiseleur
f04e72e15c review 2023-08-30 09:07:44 +02:00
Michel Loiseleur
955f755508 fix: discard unwanted logs 2023-08-25 12:27:57 +02:00
Predrag Janosevic
7ddc9daba7
exoscale provider: migrate to exoscale API v2 (#2917) 
* exoscale provider: migrate to exoscale API v2

* exoscale: fix comment typo

* exoscale: remove debug line from test

* exoscale: replace endpoint config with environment

* exoscale: update Config

* Update pkg/apis/externaldns/types.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

* exoscale: document api zone & environment flags

* exoscale: update tutorial

* Sync deps with master

---------

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2023-08-14 07:57:21 -07:00
Matúš Ferech
721c4e2110
Make TLS enabled by default for PowerDNS provider 
All of the providers have TLS enabled by default so this change will
make PDNS provider behave as exected. Additionally, enabling TLS
by default is a good practice and previous bahaviour was a bit
misleading. It was possible to pass `--tls-ca` without
`--pdns-tls-enabled` and the PDNS provider would ignore the tls and
instantiate client with disabled tls. This change adds a flag to disable
the tls: `--pdns-skip-tls-verify`. Similar flag is used by pihole and
bluecat providers.

Additionaly this change makes providing custom TLS CA optional. It if is
not provided. A system certificates will be used. This makes PDNS behave
the same as other providers.
 2023-08-14 11:06:43 +02:00
John Gardiner Myers
ef8b223b8e Migrate metadata from TXT to DynamoDB registries 2023-08-11 12:16:36 -07:00
Megum1n
70a43a4231
Merge branch 'master' into gloo-multiple-namespaces 2023-07-08 22:49:13 +02:00
John Gardiner Myers
4a40346d42 Remove flags and documentation for removed contour-ingressroute source 2023-07-04 16:37:37 -07:00
Megum1n
41d3de5364
Merge branch 'master' into gloo-multiple-namespaces 2023-06-24 02:11:35 +02:00
John Gardiner Myers
1a4c7b5f3c Support DynamoDB tables in other regions 2023-06-18 16:50:02 -07:00
John Gardiner Myers
5aae0af68a Add DynamoDB registry implementation 2023-06-18 16:49:58 -07:00
John Gardiner Myers
794a10dfbe Use common code for creating AWS sessions 2023-06-18 16:47:37 -07:00
Kubernetes Prow Robot
f56e2f6198
Merge pull request #1828 from vsychov/txt-encryption 
Try #3: Support encrypted DNS txt records
 2023-05-09 10:47:57 -07:00
Megum1n
028656d649
Change variable type and description 2023-05-08 12:08:00 +02:00
Arnaud Lefray
56773c0430
chore: merge with master 2023-05-04 15:23:10 +02:00
Viacheslav Sychov
2554f9f879 #1828: Support encrypted DNS txt records 
Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com>
 2023-04-28 20:29:54 +02:00
Charles Xu
5e6f1a8b16 rename option to 'resolveServiceLoadBalancerHostname' 2023-04-23 16:25:13 -07:00