Update link to current workshop (#4170)

* Update link to current workshop

The old link shows that the workshop has been updated and points you to a different one

* fix(pdns): provider implicitly changes CNAME to ALIAS

Fixes: #3970

* feat: add debug message to CNAME to ALIAS conversion

Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>

* fix(chart): Fix webhook install failure (#4173)

* fix(chart): Fix webhook install failure

* chore(chart): Update chart metadata

* fix: provide possibility to have a soft error mode to only log error and not fatal

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>

* fix: provide possibility to have a soft error mode to only log error and not fatal

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>

* doc: add godoc

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>

* [helm] Allow tpl in provider again (#4180)

* [helm] Allow tpl in provider again

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* bump version and changelog

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* re-run helm-docs

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

---------

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* Fix args for webhook deployment (#4202)

* Fix args for webhook deployment

The upfront bullet point resulted in `- ""` and could brake the webhook container.

* Add changeloog

* add RBAC fix to namespaces - get, watch, list to each gateway-*route (#4205)

* add RBAC fix to namespaces - get, watch, list to each gateway-*route

* fix conflicts

* resolve conflicts

* Apply suggestions from code review

Co-authored-by: Steve Hipwell <steve.hipwell@gmail.com>

---------

Co-authored-by: Steve Hipwell <steve.hipwell@gmail.com>

* chore: Released chart v1.14.3

Signed-off-by: Steve Hipwell <steve.hipwell@gmail.com>

* build(deps): bump the dev-dependencies group with 24 updates

Bumps the dev-dependencies group with 24 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.4.0` | `1.5.1` |
| [github.com/F5Networks/k8s-bigip-ctlr/v2](https://github.com/F5Networks/k8s-bigip-ctlr) | `2.15.0` | `2.15.1` |
| [github.com/IBM/go-sdk-core/v5](https://github.com/IBM/go-sdk-core) | `5.15.0` | `5.15.1` |
| [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) | `1.62.652` | `1.62.673` |
| [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.49.15` | `1.50.9` |
| [github.com/civo/civogo](https://github.com/civo/civogo) | `0.3.56` | `0.3.58` |
| [github.com/cloudflare/cloudflare-go](https://github.com/cloudflare/cloudflare-go) | `0.85.0` | `0.87.0` |
| [github.com/digitalocean/godo](https://github.com/digitalocean/godo) | `1.107.0` | `1.108.0` |
| [github.com/infobloxopen/infoblox-go-client/v2](https://github.com/infobloxopen/infoblox-go-client) | `2.4.0` | `2.5.0` |
| [github.com/linode/linodego](https://github.com/linode/linodego) | `1.26.0` | `1.28.0` |
| [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.57` | `1.1.58` |
| [github.com/oracle/oci-go-sdk/v65](https://github.com/oracle/oci-go-sdk) | `65.55.0` | `65.57.0` |
| [github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common](https://github.com/tencentcloud/tencentcloud-sdk-go) | `1.0.834` | `1.0.856` |
| [github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod](https://github.com/tencentcloud/tencentcloud-sdk-go) | `1.0.834` | `1.0.856` |
| [github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns](https://github.com/tencentcloud/tencentcloud-sdk-go) | `1.0.834` | `1.0.856` |
| [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd) | `3.5.11` | `3.5.12` |
| [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) | `3.5.11` | `3.5.12` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.15.0` | `0.16.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.155.0` | `0.161.0` |
| [istio.io/api](https://github.com/istio/api) | `1.20.1` | `1.20.2` |
| [istio.io/client-go](https://github.com/istio/client-go) | `1.20.1` | `1.20.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.29.0` | `0.29.1` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.29.0` | `0.29.1` |
| [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.110.1` | `2.120.1` |


Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.4.0 to 1.5.1
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.4.0...sdk/internal/v1.5.1)

Updates `github.com/F5Networks/k8s-bigip-ctlr/v2` from 2.15.0 to 2.15.1
- [Release notes](https://github.com/F5Networks/k8s-bigip-ctlr/releases)
- [Changelog](https://github.com/F5Networks/k8s-bigip-ctlr/blob/v2.15.1/docs/RELEASE-NOTES.rst)
- [Commits](F5Networks/k8s-bigip-ctlr@v2.15.0...v2.15.1)

Updates `github.com/IBM/go-sdk-core/v5` from 5.15.0 to 5.15.1
- [Release notes](https://github.com/IBM/go-sdk-core/releases)
- [Changelog](https://github.com/IBM/go-sdk-core/blob/main/CHANGELOG.md)
- [Commits](IBM/go-sdk-core@v5.15.0...v5.15.1)

Updates `github.com/aliyun/alibaba-cloud-sdk-go` from 1.62.652 to 1.62.673
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](aliyun/alibaba-cloud-sdk-go@v1.62.652...v1.62.673)

Updates `github.com/aws/aws-sdk-go` from 1.49.15 to 1.50.9
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.49.15...v1.50.9)

Updates `github.com/civo/civogo` from 0.3.56 to 0.3.58
- [Release notes](https://github.com/civo/civogo/releases)
- [Changelog](https://github.com/civo/civogo/blob/master/changelog.yml)
- [Commits](civo/civogo@v0.3.56...v0.3.58)

Updates `github.com/cloudflare/cloudflare-go` from 0.85.0 to 0.87.0
- [Release notes](https://github.com/cloudflare/cloudflare-go/releases)
- [Changelog](https://github.com/cloudflare/cloudflare-go/blob/master/CHANGELOG.md)
- [Commits](cloudflare/cloudflare-go@v0.85.0...v0.87.0)

Updates `github.com/digitalocean/godo` from 1.107.0 to 1.108.0
- [Release notes](https://github.com/digitalocean/godo/releases)
- [Changelog](https://github.com/digitalocean/godo/blob/main/CHANGELOG.md)
- [Commits](digitalocean/godo@v1.107.0...v1.108.0)

Updates `github.com/infobloxopen/infoblox-go-client/v2` from 2.4.0 to 2.5.0
- [Release notes](https://github.com/infobloxopen/infoblox-go-client/releases)
- [Changelog](https://github.com/infobloxopen/infoblox-go-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/infobloxopen/infoblox-go-client/commits)

Updates `github.com/linode/linodego` from 1.26.0 to 1.28.0
- [Release notes](https://github.com/linode/linodego/releases)
- [Commits](linode/linodego@v1.26.0...v1.28.0)

Updates `github.com/miekg/dns` from 1.1.57 to 1.1.58
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](miekg/dns@v1.1.57...v1.1.58)

Updates `github.com/oracle/oci-go-sdk/v65` from 65.55.0 to 65.57.0
- [Release notes](https://github.com/oracle/oci-go-sdk/releases)
- [Changelog](https://github.com/oracle/oci-go-sdk/blob/master/CHANGELOG.md)
- [Commits](oracle/oci-go-sdk@v65.55.0...v65.57.0)

Updates `github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common` from 1.0.834 to 1.0.856
- [Commits](TencentCloud/tencentcloud-sdk-go@v1.0.834...v1.0.856)

Updates `github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod` from 1.0.834 to 1.0.856
- [Commits](TencentCloud/tencentcloud-sdk-go@v1.0.834...v1.0.856)

Updates `github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns` from 1.0.834 to 1.0.856
- [Commits](TencentCloud/tencentcloud-sdk-go@v1.0.834...v1.0.856)

Updates `go.etcd.io/etcd/api/v3` from 3.5.11 to 3.5.12
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.11...v3.5.12)

Updates `go.etcd.io/etcd/client/v3` from 3.5.11 to 3.5.12
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.11...v3.5.12)

Updates `golang.org/x/oauth2` from 0.15.0 to 0.16.0
- [Commits](golang/oauth2@v0.15.0...v0.16.0)

Updates `google.golang.org/api` from 0.155.0 to 0.161.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.155.0...v0.161.0)

Updates `istio.io/api` from 1.20.1 to 1.20.2
- [Commits](istio/api@1.20.1...1.20.2)

Updates `istio.io/client-go` from 1.20.1 to 1.20.2
- [Commits](istio/client-go@1.20.1...1.20.2)

Updates `k8s.io/api` from 0.29.0 to 0.29.1
- [Commits](kubernetes/api@v0.29.0...v0.29.1)

Updates `k8s.io/client-go` from 0.29.0 to 0.29.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.29.0...v0.29.1)

Updates `k8s.io/klog/v2` from 2.110.1 to 2.120.1
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](kubernetes/klog@v2.110.1...v2.120.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/F5Networks/k8s-bigip-ctlr/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/IBM/go-sdk-core/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/civo/civogo
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/cloudflare/cloudflare-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/digitalocean/godo
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/infobloxopen/infoblox-go-client/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/linode/linodego
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/oracle/oci-go-sdk/v65
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: go.etcd.io/etcd/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: istio.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: istio.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix "workload identity" spelling

* feat(aws-provider): create flag to support sub-domains match parent

The current implementation of external-dns from sig-external-dns does
not support domain filtering (--domain-filter) for sub-domains on Route53,
such as test.sub-domain.domain.com. The function MatchParent was recently
removed from the base code, but it is still necessary for this purpose.
An example of a use case for this support is having a cluster per hosted
zone with a hundred ingress related to that zone with different variants of
sub-domains. With the matchParent function and zone-match-parent flag,
external-dns will now support an extended automatic match for sub-domains.

* test(types): adding missing test to aws-zone-match-parent flag

* docs(aws-provider): add aws-zone-match-parent use

* docs(aws): refactor explanation of aws-zone-match-parent

* fix(aws-provider): add aws-zone-match-parent flag value to aws config

---------

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
Signed-off-by: Steve Hipwell <steve.hipwell@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Thomas Maroschik <tmaroschik@dfau.de>
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
Co-authored-by: Gabe Cook <gabe565@gmail.com>
Co-authored-by: Sandor Szücs <sandor.szuecs@zalando.de>
Co-authored-by: Jan-Otto Kröpke <mail@jkroepke.de>
Co-authored-by: Tobias Bradtke <webwurst@gmail.com>
Co-authored-by: orenlevi111 <121795464+orenlevi111@users.noreply.github.com>
Co-authored-by: Steve Hipwell <steve.hipwell@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Greg Dubicki <566632+gdubicki@users.noreply.github.com>
Co-authored-by: thiagoluiznunes <thiagoluiz.dev@gmail.com>

docs/tutorials/aws.md

@@ -63,7 +63,7 @@ export KUBECONFIG="$HOME/.kube/${EKS_CLUSTER_NAME}-${EKS_CLUSTER_REGION}.yaml"
 eksctl create cluster --name $EKS_CLUSTER_NAME --region $EKS_CLUSTER_REGION
 ```
 
-Feel free to use other provisioning tools or an existing cluster.  If [Terraform](https://www.terraform.io/) is used, [vpc](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/) and [eks](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/) modules are recommended for standing up an EKS cluster.  Amazon has a workshop called [Amazon EKS Terraform Workshop](https://tf-eks-workshop.workshop.aws/) that may be useful for this process.
+Feel free to use other provisioning tools or an existing cluster.  If [Terraform](https://www.terraform.io/) is used, [vpc](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/) and [eks](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/) modules are recommended for standing up an EKS cluster.  Amazon has a workshop called [Amazon EKS Terraform Workshop](https://catalog.us-east-1.prod.workshops.aws/workshops/afee4679-89af-408b-8108-44f5b1065cc7/) that may be useful for this process.
 
 ## Permissions to modify DNS zone
 
@@ -79,7 +79,7 @@ Additionally, throughout this tutorial, the example domain of `example.com` is u
 
 ### Node IAM Role
 
-In this method, you can attach a policy to the Node IAM Role.  This will allow nodes in the Kubernetes cluster to access Route53 zones, which allows ExternalDNS to update DNS records.  Given that this allows all containers to access Route53, not just ExternalDNS, running on the node with these privileges, this method is not recommended, and is only suitable for limited limited test environments.
+In this method, you can attach a policy to the Node IAM Role.  This will allow nodes in the Kubernetes cluster to access Route53 zones, which allows ExternalDNS to update DNS records.  Given that this allows all containers to access Route53, not just ExternalDNS, running on the node with these privileges, this method is not recommended, and is only suitable for limited test environments.
 
 If you are using eksctl to provision a new cluster, you add the policy at creation time with: