kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make external-dns a drop-in for dns-controller 

Support TXT records
This commit is contained in:
Ole Markus With 2021-04-02 13:55:42 +02:00
parent 446aea1d62
commit 38f805c5ef
65 changed files with 142 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
dnsprovider/pkg/dnsprovider/rrstype/rrstype.go
View File

@ -24,5 +24,6 @@ const (
A = RrsType("A")
AAAA = RrsType("AAAA")
CNAME = RrsType("CNAME")
TXT = RrsType("TXT")
// TODO: Add other types as required
)

2
pkg/model/iam/iam_builder.go
View File

@ -1058,7 +1058,7 @@ func AddDNSControllerPermissions(b *PolicyBuilder, p *Policy) {
wildcard := stringorslice.Slice([]string{"*"})
p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{"route53:ListHostedZones"}),
Action: stringorslice.Slice([]string{"route53:ListHostedZones", "route53:ListTagsForResource"}),
Resource: wildcard,
})
}

4
pkg/resources/aws/aws.go
View File

@ -1775,7 +1775,9 @@ func ListRoute53Records(cloud fi.Cloud, clusterName string) ([]*resources.Resour
}
err := c.Route53().ListResourceRecordSetsPages(request, func(p *route53.ListResourceRecordSetsOutput, lastPage bool) bool {
for _, rrs := range p.ResourceRecordSets {
if aws.StringValue(rrs.Type) != "A" && aws.StringValue(rrs.Type) != "AAAA" {
if aws.StringValue(rrs.Type) != "A" &&
aws.StringValue(rrs.Type) != "AAAA" &&
aws.StringValue(rrs.Type) != "TXT" {
continue
}

3
tests/integration/update_cluster/apiservernodes/cloudformation.json
View File

@ -1302,7 +1302,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy
View File

@ -22,7 +22,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/complex/cloudformation.json
View File

@ -1666,7 +1666,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/containerd-custom/cloudformation.json
View File

@ -1038,7 +1038,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/containerd/cloudformation.json
View File

@ -1038,7 +1038,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/docker-custom/cloudformation.json
View File

@ -1038,7 +1038,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/externallb/cloudformation.json
View File

@ -1054,7 +1054,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy
View File

@ -22,7 +22,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal-etcd/cloudformation.json
View File

@ -1038,7 +1038,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal-gp3/cloudformation.json
View File

@ -1034,7 +1034,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal-ipv6/cloudformation.json
View File

@ -1215,7 +1215,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal/cloudformation.json
View File

@ -1038,7 +1038,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/mixed_instances/cloudformation.json
View File

@ -1757,7 +1757,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/mixed_instances_spot/cloudformation.json
View File

@ -1758,7 +1758,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/nth_sqs_resources/cloudformation.json
View File

@ -1148,7 +1148,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/private-shared-ip/cloudformation.json
View File

@ -1554,7 +1554,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatecalico/cloudformation.json
View File

@ -1710,7 +1710,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatecilium/cloudformation.json
View File

@ -1696,7 +1696,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatecilium2/cloudformation.json
View File

@ -1696,7 +1696,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privateciliumadvanced/cloudformation.json
View File

@ -1739,7 +1739,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy
View File

@ -96,7 +96,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy
View File

@ -22,7 +22,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

3
tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -86,7 +86,8 @@
},
{
"Action": [
"route53:ListHostedZones"
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [

10
upup/models/cloudup/resources/addons/external-dns.addons.k8s.io/k8s-1.12.yaml.template
View File

@ -26,17 +26,25 @@ spec:
tolerations:
- key: "node-role.kubernetes.io/master"
effect: NoSchedule
- key: "node.kubernetes.io/not-ready"
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/master: ""
dnsPolicy: Default # Don't use cluster DNS (we are likely running before kube-dns)
hostNetwork: true
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.7.6
image: k8s.gcr.io/external-dns/external-dns:v0.9.0
imagePullPolicy: Always
args:
{{ range $arg := ExternalDnsArgv }}
- "{{ $arg }}"
{{ end }}
env:
- name: KUBERNETES_SERVICE_HOST
value: "127.0.0.1"
- name: KUBERNETES_SERVICE_PORT
value: "443"
resources:
requests:
cpu: 50m

4
upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go
View File

@ -422,6 +422,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann
})
}
if !featureflag.EnableExternalDNS.Enabled() {
// @check the dns-controller has not been disabled
externalDNS := b.Cluster.Spec.ExternalDNS
if externalDNS == nil || !externalDNS.Disable {
@ -446,8 +447,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann
serviceAccountRoles = append(serviceAccountRoles, &dnscontroller.ServiceAccount{})
}
}
if featureflag.EnableExternalDNS.Enabled() {
}else {
{
key := "external-dns.addons.k8s.io"

3
upup/pkg/fi/cloudup/dns.go
View File

@ -210,6 +210,9 @@ func precreateDNS(ctx context.Context, cluster *kops.Cluster, cloud fi.Cloud) er
changeset.Add(rrs.New(dnsHostname, []string{PlaceholderIP}, PlaceholderTTLDigitialOcean, rrstype.A))
} else {
changeset.Add(rrs.New(dnsHostname, []string{PlaceholderIP}, PlaceholderTTL, rrstype.A))
if featureflag.EnableExternalDNS.Enabled() {
changeset.Add(rrs.New(dnsHostname, []string{fmt.Sprintf("\"heritage=external-dns,external-dns/owner=%s\"", cluster.GetClusterName())}, PlaceholderTTL, rrstype.TXT))
}
}
created = append(created, dnsHostname)

7
upup/pkg/fi/cloudup/template_functions.go
View File

@ -583,7 +583,14 @@ func (tf *TemplateFunctions) ExternalDNSArgv() ([]string, error) {
return nil, fmt.Errorf("unhandled cloudprovider %q", cluster.Spec.CloudProvider)
}
argv = append(argv, "--events")
argv = append(argv, "--source=ingress")
argv = append(argv, "--source=pod")
argv = append(argv, "--source=service")
argv = append(argv, "--compatibility=kops-dns-controller")
argv = append(argv, "--registry=txt")
argv = append(argv, "--txt-owner-id=kops-"+tf.ClusterName())
argv = append(argv, "--zone-id-filter="+tf.Cluster.Spec.DNSZone)
return argv, nil
}