From c1e0991153af44c28c4054fb3d4469312dea0f7d Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian.hacman@sematext.com>
Date: Thu, 10 Sep 2020 16:20:22 +0300
Subject: [PATCH] Skip the iamPolicy.DNSZone task when using gossip

---
 pkg/model/iam.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/pkg/model/iam.go b/pkg/model/iam.go
index b228fa3098..000585eb66 100644
--- a/pkg/model/iam.go
+++ b/pkg/model/iam.go
@@ -22,6 +22,7 @@ import (
 
 	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/dns"
 	"k8s.io/kops/pkg/model/iam"
 	"k8s.io/kops/pkg/util/stringorslice"
 	"k8s.io/kops/upup/pkg/fi"
@@ -164,11 +165,13 @@ func (b *IAMModelBuilder) buildIAMRolePolicy(role iam.Subject, iamName string, i
 		},
 	}
 
-	// This is slightly tricky; we need to know the hosted zone id,
-	// but we might be creating the hosted zone dynamically.
-	// We create a stub-reference which will be combined by the execution engine.
-	iamPolicy.DNSZone = &awstasks.DNSZone{
-		Name: fi.String(b.NameForDNSZone()),
+	if !dns.IsGossipHostname(b.Cluster.ObjectMeta.Name) {
+		// This is slightly tricky; we need to know the hosted zone id,
+		// but we might be creating the hosted zone dynamically.
+		// We create a stub-reference which will be combined by the execution engine.
+		iamPolicy.DNSZone = &awstasks.DNSZone{
+			Name: fi.String(b.NameForDNSZone()),
+		}
 	}
 
 	t := &awstasks.IAMRolePolicy{