Merge pull request #21 from kubeslice/0.13.1-merge

v0.13.1 Merge

.golangci.yml

@@ -20,12 +20,10 @@ linters:
     - dogsled
     - gofmt
     - goimports
-    - golint
     - goprintffuncname
     - gosimple
     - govet
     - ineffassign
-    - interfacer
     - misspell
     - rowserrcheck
     - staticcheck
@@ -47,12 +45,10 @@ issues:
         - dogsled
         - gofmt
         - goimports
-        - golint
         - goprintffuncname
         - gosimple
         - govet
         - ineffassign
-        - interfacer
         - misspell
         - nolintlint
         - rowserrcheck

README.md

@@ -27,6 +27,14 @@ To see ExternalDNS in action, have a look at this [video](https://www.youtube.co
 
 ## The Latest Release
 
+---
+**WARNING**
+Releases v0.12.0 - v0.12.2 (current) have a *major* bug for InfoBlox providers. It will cause *all* DNS records not managed by external-dns to be deleted. This was identified in issue [#2931](https://github.com/kubernetes-sigs/external-dns/issues/2931) and fixed in PR [#2890](https://github.com/kubernetes-sigs/external-dns/pull/2890). *BUT* there is no external-dns release with this fix.
+
+Do *not* upgrade to these versions if you use external-dns
+
+---
+
 ExternalDNS allows you to keep selected zones (via `--domain-filter`) synchronized with Ingresses and Services of `type=LoadBalancer` and nodes in various cloud providers:
 * [Google Cloud DNS](https://cloud.google.com/dns/docs/)
 * [AWS Route 53](https://aws.amazon.com/route53/)
@@ -57,6 +65,9 @@ ExternalDNS allows you to keep selected zones (via `--domain-filter`) synchroniz
 * [Gandi](https://www.gandi.net)
 * [ANS Group SafeDNS](https://portal.ans.co.uk/safedns/)
 * [IBM Cloud DNS](https://www.ibm.com/cloud/dns)
+* [TencentCloud PrivateDNS](https://cloud.tencent.com/product/privatedns)
+* [TencentCloud DNSPod](https://cloud.tencent.com/product/cns)
+* [Plural](https://www.plural.sh/)
 
 From this release, ExternalDNS can become aware of the records it is managing (enabled via `--registry=txt`), therefore ExternalDNS can safely manage non-empty hosted zones. We strongly encourage you to use `v0.5` (or greater) with `--registry=txt` enabled and `--txt-owner-id` set to a unique value that doesn't change for the lifetime of your cluster. You might also want to run ExternalDNS in a dry run mode (`--dry-run` flag) to see the changes to be submitted to your DNS Provider API.
 
@@ -115,6 +126,8 @@ The following table clarifies the current status of the providers according to t
 | Gandi | Alpha | @packi |
 | SafeDNS | Alpha | @assureddt |
 | IBMCloud | Alpha | @hughhuangzh |
+| TencentCloud | Alpha | @Hyzhou |
+| Plural | Alpha | @michaeljguarino |
 
 ## Kubernetes version compatibility
 
@@ -183,6 +196,8 @@ The following tutorials are provided:
 * [SafeDNS](docs/tutorials/UKFast_SafeDNS.md)
 * [IBM Cloud](docs/tutorials/ibmcloud.md)
 * [Nodes as source](docs/tutorials/nodes.md)
+* [TencentCloud](docs/tutorials/tencentcloud.md)
+* [Plural](docs/tutorials/plural.md)
 
 ### Running Locally
 

docs/scripts/docs.go

@@ -31,7 +31,7 @@ func removeLinkPrefixInIndex() {
 	updatedContent := strings.ReplaceAll(string(content), "](./docs/", "](")
 	updatedContent = strings.ReplaceAll(updatedContent, "](docs/", "](")
 
-	f, err := os.OpenFile("./docs/index.md", os.O_RDWR, 0644)
+	f, err := os.OpenFile("./docs/index.md", os.O_RDWR, 0o644)
 	if err != nil {
 		log.Fatalf("Could not open index.md file to update content. Original error: %s", err)
 	}

docs/tutorials/aws.md

@@ -97,7 +97,7 @@ The role name of the role associated with the node(s) where ExternalDNS will run
 
 ##### Get role name with a single managed nodegroup
 
-From the comand line, if you have a single managed node group, the default with `eksctl create cluster`, you can find the role name with the following:
+From the command line, if you have a single managed node group, the default with `eksctl create cluster`, you can find the role name with the following:
 
 ```bash
 # get managed node group name (assuming there's only one node group)
@@ -112,7 +112,7 @@ ROLE_NAME=${NODE_ROLE_ARN##*/}
 
 ##### Get role name with other configurations
 
-If you have multiple node groups or any unmanaged node groups, the process gets more complex.  The first step is to get the instance host name of the destired node to where ExternalDNS will be deployed or is already deployed:
+If you have multiple node groups or any unmanaged node groups, the process gets more complex.  The first step is to get the instance host name of the desired node to where ExternalDNS will be deployed or is already deployed:
 
 ```bash
 # node instance name of one of the external dns pods currently running
@@ -124,7 +124,7 @@ INSTANCE_NAME=$(kubectl get pods --all-namespaces \
 INSTANCE_NAME=$(kubectl get nodes --output name | cut -d'/' -f2 | tail -1)
 ```
 
-With the instnace host name, you can then get the instance id:
+With the instance host name, you can then get the instance id:
 
 ```bash
 get_instance_id() {
@@ -157,7 +157,7 @@ findRoleName() {
       --role-name $ROLE --query InstanceProfiles[0].Arn --output text)
     # if there is an instance profile
     if [[ "$PROFILE_ARN" != "None" ]]; then
-      # get all the instances with this associated instance prfile
+      # get all the instances with this associated instance profile
       INSTANCES=$(aws ec2 describe-instances \
         --filters Name=iam-instance-profile.arn,Values=$PROFILE_ARN \
         --query Reservations[*].Instances[0].InstanceId --out text)
@@ -194,7 +194,7 @@ If ExternalDNS is not yet deployed, follow the steps under [Deploy ExternalDNS](
 
 In this method, the policy is attached to an IAM user, and the credentials secrets for the IAM user are then made available using a Kubernetes secret.
 
-This method is not the preferred method as the secrets in the credential file could be copied and used by an unauthorized threat actor.  However, if the Kubernetes cluster is not hosted on AWS, it may be the only method available.  Given this situation, it is important to limit the associated privileges to just minimal requried privileges, i.e. read-write access to Route53, and not used a credentials file that has extra privileges beyond what is required.
+This method is not the preferred method as the secrets in the credential file could be copied and used by an unauthorized threat actor.  However, if the Kubernetes cluster is not hosted on AWS, it may be the only method available.  Given this situation, it is important to limit the associated privileges to just minimal required privileges, i.e. read-write access to Route53, and not used a credentials file that has extra privileges beyond what is required.
 
 #### Create IAM user and attach the policy
 
@@ -565,7 +565,7 @@ Create the following sample application to test that ExternalDNS works.
 
 > If you want to give multiple names to service, you can set it to external-dns.alpha.kubernetes.io/hostname with a comma `,` separator.
 
-For this verification phase, you can can use default or another namespace for the nginx demo, for example:
+For this verification phase, you can use default or another namespace for the nginx demo, for example:
 
 ```bash
 NGINXDEMO_NS="nginx"
@@ -701,7 +701,7 @@ If you hooked up your DNS zone with its parent zone correctly you can use `curl`
 curl nginx.example.com.
 ```
 
-This shold show something like:
+This should show something like:
 
 ```html
 <!DOCTYPE html>
@@ -906,7 +906,7 @@ aws iam detach-role-policy --role-name $IRSA_ROLE --policy-arn $POLICY_ARN
 aws iam delete-role --role-name $IRSA_ROLE
 ```
 
-Delete any uneeded policies:
+Delete any unneeded policies:
 
 ```bash
 aws iam delete-policy --policy-arn $POLICY_ARN

docs/tutorials/gateway-api.md

@@ -5,9 +5,10 @@ It is meant to supplement the other provider-specific setup tutorials.
 
 ## Supported API Versions
 
-The currently supported version of Gateway API is v1alpha2. However, the maintainers of ExternalDNS
-make no backwards compatibility guarantees with alpha versions of the API. Future releases may only
-support beta or stable API versions.
+As the Gateway API is still in an experimental phase, ExternalDNS makes no backwards
+compatibilty guarantees regarding its support. However, it currently supports a mixture of
+v1alpha2 and v1beta1 APIs. Gateways and HTTPRoutes are supported using the v1beta1 API.
+TLSRoutes, TCPRoutes, and UDPRoutes are supported using the v1alpha2 API.
 
 ## Hostnames
 

docs/tutorials/gke.md

@@ -325,6 +325,7 @@ spec:
             - --source=ingress
             - --domain-filter=example.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
             - --provider=google
+            - --log-format=json # google cloud logs parses severity of the "text" log format incorrectly
     #        - --google-project=my-cloud-dns-project # Use this to specify a project different from the one external-dns is running inside
             - --google-zone-visibility=public # Use this to filter to only zones with this visibility. Set to either 'public' or 'private'. Omitting will match public and private zones
             - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization

docs/tutorials/plural.md

@@ -0,0 +1,197 @@
+# Setting up ExternalDNS for Services on Plural
+
+This tutorial describes how to setup ExternalDNS for usage within a Kubernetes cluster using Plural DNS.
+
+Make sure to use **>=0.12.3** version of ExternalDNS for this tutorial.
+
+## Creating Plural Credentials
+
+A secret containing the a Plural access token is needed for this provider. You can get a token for your user [here](https://app.plural.sh/profile/tokens).
+
+To create the secret you can run `kubectl create secret generic plural-env --from-literal=PLURAL_ACCESS_TOKEN=<replace-with-your-access-token>`.
+
+## Deploy ExternalDNS
+
+Connect your `kubectl` client to the cluster you want to test ExternalDNS with.
+Then apply one of the following manifests file to deploy ExternalDNS.
+
+### Manifest (for clusters without RBAC enabled)
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      containers:
+      - name: external-dns
+        image: k8s.gcr.io/external-dns/external-dns:v0.7.6
+        args:
+        - --source=service # ingress is also possible
+        - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above.
+        - --provider=plural
+        - --plural-cluster=example-plural-cluster
+        - --plural-provider=aws # gcp, azure, equinix and kind are also possible
+        env:
+        - name: PLURAL_ACCESS_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: PLURAL_ACCESS_TOKEN
+              name: plural-env
+        - name: PLURAL_ENDPOINT # (optional) use an alternative endpoint for Plural; defaults to https://app.plural.sh
+          value: https://app.plural.sh
+```
+
+### Manifest (for clusters with RBAC enabled)
+
+```yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+rules:
+- apiGroups: [""]
+  resources: ["services","endpoints","pods"]
+  verbs: ["get","watch","list"]
+- apiGroups: ["extensions","networking.k8s.io"]
+  resources: ["ingresses"] 
+  verbs: ["get","watch","list"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: default
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      containers:
+      - name: external-dns
+        image: k8s.gcr.io/external-dns/external-dns:v0.7.6
+        args:
+        - --source=service # ingress is also possible
+        - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above.
+        - --provider=plural
+        - --plural-cluster=example-plural-cluster
+        - --plural-provider=aws # gcp, azure, equinix and kind are also possible
+        env:
+        - name: PLURAL_ACCESS_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: PLURAL_ACCESS_TOKEN
+              name: plural-env
+        - name: PLURAL_ENDPOINT # (optional) use an alternative endpoint for Plural; defaults to https://app.plural.sh
+          value: https://app.plural.sh
+```
+
+## Deploying an Nginx Service
+
+Create a service file called 'nginx.yaml' with the following contents:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: nginx
+        name: nginx
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: example.com
+spec:
+  selector:
+    app: nginx
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+```
+
+Note the annotation on the service; use the same hostname as the Plural DNS zone created above. The annotation may also be a subdomain
+of the DNS zone (e.g. 'www.example.com').
+
+By setting the TTL annotation on the service, you have to pass a valid TTL, which must be 120 or above.
+This annotation is optional, if you won't set it, it will be 1 (automatic) which is 300.
+
+ExternalDNS uses this annotation to determine what services should be registered with DNS.  Removing the annotation
+will cause ExternalDNS to remove the corresponding DNS records.
+
+Create the deployment and service:
+
+```
+$ kubectl create -f nginx.yaml
+```
+
+Depending where you run your service it can take a little while for your cloud provider to create an external IP for the service.
+
+Once the service has an external IP assigned, ExternalDNS will notice the new service IP address and synchronize
+the Plural DNS records.
+
+## Verifying Plural DNS records
+
+Check your [Plural domain overview](https://app.plural.sh/account/domains) to view the domains associated with your Plural account. There you can view the records for each domain.
+
+The records should show the external IP address of the service as the A record for your domain.
+
+## Cleanup
+
+Now that we have verified that ExternalDNS will automatically manage Plural DNS records, we can delete the tutorial's example:
+
+```
+$ kubectl delete -f nginx.yaml
+$ kubectl delete -f externaldns.yaml