mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2026-05-04 14:21:33 +02:00
736a2d58ae
* feat(metrics): add source wrapper metrics for invalid and deduplicated endpoints Add GaugeVecMetric.Reset() to clear stale label combinations between cycles. Introduce invalidEndpoints and deduplicatedEndpoints gauge vectors in the source wrappers package, partitioned by record_type and source_type. The dedup source wrapper now tracks rejected (invalid) and de-duplicated endpoints per collection cycle. Update the metrics documentation and bump the known metrics count. Signed-off-by: Seena Fallah <seenafallah@gmail.com> * feat(source): add PTR source wrapper for automatic reverse DNS Implement ptrSource, a source wrapper that generates PTR endpoints from A/AAAA records. The wrapper supports: - Global default via WithCreatePTR (maps to --create-ptr flag) - Per-endpoint override via record-type provider-specific property - Grouping multiple hostnames sharing an IP into a single PTR endpoint - Skipping wildcard DNS names Add WithPTRSupported and WithCreatePTR options to the wrapper Config and wire the PTR wrapper into the WrapSources chain when PTR is in managed-record-types. Signed-off-by: Seena Fallah <seenafallah@gmail.com> * feat(config): add --create-ptr flag and deprecate --rfc2136-create-ptr Add the generic --create-ptr boolean flag to Config, enabling automatic PTR record creation for any provider. Add IsPTRSupported() helper that checks whether PTR is included in --managed-record-types. Add validation: --create-ptr (or legacy --rfc2136-create-ptr) now requires PTR in --managed-record-types, preventing misconfiguration. Mark --rfc2136-create-ptr as deprecated in the flag description. Signed-off-by: Seena Fallah <seenafallah@gmail.com> * refactor(rfc2136): remove inline PTR logic in favor of PTR source wrapper Remove the createPTR field, AddReverseRecord, RemoveReverseRecord, and GenerateReverseRecord methods from the rfc2136 provider. PTR record generation is now handled generically by the PTR source wrapper before records reach the provider. Update the PTR creation test to supply pre-generated PTR endpoints (simulating what the source wrapper produces) instead of relying on the provider to create them internally. Signed-off-by: Seena Fallah <seenafallah@gmail.com> * feat(controller): wire PTR source wrapper into buildSource Pass the top-level Config to buildSource so it can read IsPTRSupported() and the CreatePTR / RFC2136CreatePTR flags. When PTR is in managed-record-types, the PTR source wrapper is installed in the wrapper chain with the combined create-ptr default. Signed-off-by: Seena Fallah <seenafallah@gmail.com> * chore(pdns): remove stale comment and fix whitespace Remove an outdated comment about a single-target-per-tuple assumption that no longer applies. Signed-off-by: Seena Fallah <seenafallah@gmail.com> * docs: add PTR records documentation and update existing guides Add docs/advanced/ptr-records.md covering the --create-ptr flag, per-resource annotation overrides, prerequisites, and usage examples. Update: - annotations.md: document record-type annotation - flags.md: add --create-ptr, mark --rfc2136-create-ptr as deprecated - tutorials/rfc2136.md: point to generic --create-ptr flag - contributing/source-wrappers.md: add PTR wrapper to the chain - mkdocs.yml: add PTR Records navigation entry Signed-off-by: Seena Fallah <seenafallah@gmail.com> * feat(rfc2136)!: remove rfc2136-create-ptr in favor of create-ptr Signed-off-by: Seena Fallah <seenafallah@gmail.com> --------- Signed-off-by: Seena Fallah <seenafallah@gmail.com>
146 lines
4.3 KiB
Go
146 lines
4.3 KiB
Go
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package validation
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/labels"
|
|
|
|
"sigs.k8s.io/external-dns/pkg/apis/externaldns"
|
|
)
|
|
|
|
// ValidateConfig performs validation on the Config object
|
|
func ValidateConfig(cfg *externaldns.Config) error {
|
|
// TODO: Should probably return field.ErrorList
|
|
|
|
if err := preValidateConfig(cfg); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := validateConfigForProvider(cfg); err != nil {
|
|
return err
|
|
}
|
|
|
|
if cfg.IgnoreHostnameAnnotation && cfg.FQDNTemplate == "" {
|
|
return errors.New("FQDN Template must be set if ignoring annotations")
|
|
}
|
|
|
|
if len(cfg.TXTPrefix) > 0 && len(cfg.TXTSuffix) > 0 {
|
|
return errors.New("txt-prefix and txt-suffix are mutual exclusive")
|
|
}
|
|
|
|
_, err := labels.Parse(cfg.LabelFilter)
|
|
if err != nil {
|
|
return errors.New("--label-filter does not specify a valid label selector")
|
|
}
|
|
|
|
if _, err := metav1.ParseToLabelSelector(cfg.AnnotationFilter); err != nil {
|
|
return errors.New("--annotation-filter does not specify a valid label selector")
|
|
}
|
|
|
|
if cfg.AnnotationPrefix == "" {
|
|
return errors.New("--annotation-prefix cannot be empty")
|
|
}
|
|
if !strings.HasSuffix(cfg.AnnotationPrefix, "/") {
|
|
return errors.New("--annotation-prefix must end with '/'")
|
|
}
|
|
|
|
if cfg.KubeAPIQPS <= 0 {
|
|
return errors.New("--kube-api-qps must be greater than 0")
|
|
}
|
|
if cfg.KubeAPIBurst <= 0 {
|
|
return errors.New("--kube-api-burst must be greater than 0")
|
|
}
|
|
|
|
if cfg.CreatePTR && !cfg.IsPTRSupported() {
|
|
return errors.New("--create-ptr requires PTR in --managed-record-types")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func preValidateConfig(cfg *externaldns.Config) error {
|
|
if cfg.LogFormat != externaldns.LogFormatText && cfg.LogFormat != externaldns.LogFormatJSON {
|
|
return fmt.Errorf("unsupported log format: %s", cfg.LogFormat)
|
|
}
|
|
if len(cfg.Sources) == 0 {
|
|
return errors.New("no sources specified")
|
|
}
|
|
if cfg.Provider == "" {
|
|
return errors.New("no provider specified")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func validateConfigForProvider(cfg *externaldns.Config) error {
|
|
switch cfg.Provider {
|
|
case externaldns.ProviderAzure:
|
|
return validateConfigForAzure(cfg)
|
|
case externaldns.ProviderAkamai:
|
|
return validateConfigForAkamai(cfg)
|
|
case externaldns.ProviderRFC2136:
|
|
return validateConfigForRfc2136(cfg)
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func validateConfigForAzure(cfg *externaldns.Config) error {
|
|
if cfg.AzureConfigFile == "" {
|
|
return errors.New("no Azure config file specified")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func validateConfigForAkamai(cfg *externaldns.Config) error {
|
|
if cfg.AkamaiServiceConsumerDomain == "" && cfg.AkamaiEdgercPath != "" {
|
|
return errors.New("no Akamai ServiceConsumerDomain specified")
|
|
}
|
|
if cfg.AkamaiClientToken == "" && cfg.AkamaiEdgercPath != "" {
|
|
return errors.New("no Akamai client token specified")
|
|
}
|
|
if cfg.AkamaiClientSecret == "" && cfg.AkamaiEdgercPath != "" {
|
|
return errors.New("no Akamai client secret specified")
|
|
}
|
|
if cfg.AkamaiAccessToken == "" && cfg.AkamaiEdgercPath != "" {
|
|
return errors.New("no Akamai access token specified")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func validateConfigForRfc2136(cfg *externaldns.Config) error {
|
|
if cfg.RFC2136MinTTL < 0 {
|
|
return errors.New("TTL specified for rfc2136 is negative")
|
|
}
|
|
if cfg.RFC2136Insecure && cfg.RFC2136GSSTSIG {
|
|
return errors.New("--rfc2136-insecure and --rfc2136-gss-tsig are mutually exclusive arguments")
|
|
}
|
|
if cfg.RFC2136GSSTSIG {
|
|
if cfg.RFC2136KerberosPassword == "" || cfg.RFC2136KerberosUsername == "" || cfg.RFC2136KerberosRealm == "" {
|
|
return errors.New("--rfc2136-kerberos-realm, --rfc2136-kerberos-username, and --rfc2136-kerberos-password are required when specifying --rfc2136-gss-tsig option")
|
|
}
|
|
}
|
|
if cfg.RFC2136BatchChangeSize < 1 {
|
|
return errors.New("batch size specified for rfc2136 cannot be less than 1")
|
|
}
|
|
return nil
|
|
}
|