-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add annotation and label filters to Ambassador Host Source #2633
feat: add annotation and label filters to Ambassador Host Source #2633
Conversation
Welcome @KyleMartin901! |
8c6851c
to
a427434
Compare
I have also added the label filter to the Ambassador host source as per suggestion by @alebedev87 in #2043 (comment) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM, just some cosmetic comments.
source/ambassador_host.go
Outdated
// Filter Ambassador Hosts | ||
ambassadorHosts, err = sc.filterByAnnotations(ambassadorHosts) | ||
if err != nil { | ||
return nil, errors.Wrap(err, "failed to filter Ambassador Hosts") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return nil, errors.Wrap(err, "failed to filter Ambassador Hosts") | |
return nil, errors.Wrap(err, "failed to filter Ambassador Hosts by annotation") |
source/ambassador_host_test.go
Outdated
title: "no host", | ||
targetNamespace: "", | ||
labelSelector: labels.Everything(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
title: "no host", | |
targetNamespace: "", | |
labelSelector: labels.Everything(), | |
title: "no host", | |
labelSelector: labels.Everything(), |
Just to safe 1 line from each test case which doesn't need the target namespace.
BTW I didn't see any test case using the targetNamespace, specifying it is supposed to filter hosts too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry forgot to add the test case in. I was going to test to make sure the Ambassador host was only added if it is within the External DNS targeted namespace like the following sources do
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added the Target Namespace test now 51e3633
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the test case for the namespace!
The other tests cases can remove targetNamespace
field as it's set to the empty string by default - will save 1 line for each line.
source/ambassador_host_test.go
Outdated
expectError: true, | ||
}, | ||
{ | ||
title: "valid matching annotation filter label", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this test case? The one with the filter expression has already tested the parsing into the labelSelector.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Up to you again copied the test from Contour, Ingress, Istio Gateway and the service tests. Happy to remove it if you would like.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since it doesn't bring any added value, I'd prefer to remove it - smaller is simpler for the further maintenance.
source/ambassador_host_test.go
Outdated
{ | ||
title: "valid matching label filter expression", | ||
targetNamespace: "", | ||
// annotationFilter: "kubernetes.io/ingress.class in (external-ingress)", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can be removed if not used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cleaned this up 1629661 sorry forgot to go through and make sure was all clean
source/ambassador_host_test.go
Outdated
hostname: "fake1.org", | ||
annotations: map[string]string{ | ||
"external-dns.ambassador-service": "emissary-ingress/emissary", | ||
"kubernetes.io/ingress.class": "external-ingress", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This annotation can be removed as we don't use any annotation filter, just to keep the test to absolute minimum.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks I have removed the kubernetes.io/ingress.class
annotations from the label tests where they weren't being used. I still need to keep the external-dns.ambassador-service
annotation as that is how External DNS knows to assign the DNS record to the correct Ambassador Host service/endpoint.
source/ambassador_host_test.go
Outdated
expected: []*endpoint.Endpoint{}, | ||
}, | ||
{ | ||
title: "valid matching label filter expression for single host", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test case seems to be a "superset" of valid matching label filter expression
one, so why not keeping only this one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have now removed valid matching label filter expression
as you are correct I am already matching valid label within the valid matching label filter expression for single host
test.
Sorry I was trying to match tests like what was done within the annotations without really thinking about it.
source/ambassador_host_test.go
Outdated
ti := ti | ||
t.Run(ti.title, func(t *testing.T) { | ||
// Create a slice of Ambassador Hosts | ||
ambassadorHosts := make([]*ambassador.Host, 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a big deal at all but I've seen all the possible ways of creating a slice of ambassador hosts in this PR:
var ambassadorHosts []*ambassador.Host
---
filteredList := []*ambassador.Host{}
---
ambassadorHosts := make([]*ambassador.Host, 0)
:)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry about that copy and paste issues. Thanks for picking that up for me totally missed it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have cleaned this up in 2482ef5 decided to use the short declaration operator
f10f6eb
to
25aff9e
Compare
…notation As suggested by @alebedev87 kubernetes-sigs#2633 (comment) Co-authored-by: Andrey Lebedev <alebedev87@gmail.com>
Correcting the inconsistancy in the way an empty slice of Ambassador Hosts were declared so it is clean and clearer. Thanks to @alebedev87 for catching this kubernetes-sigs#2633 (comment)
@alebedev87 thanks for picking up those issues. I wasn't sure on the process of adding in the changes if it is preferred for the changes to be added in as new commits or squashed so the PR still only had the two commits for adding annotation filter and label filter. I have just added them as seperate commits so it is easy to squash if that's what is preferred. Let me know if you would prefer me to squash them or happy as is. |
Removing the `valid matching label filter expression` test in favour of just using `valid matching label filter expression for single host` as it is testing the same thing that a Ambassador Host with a valid label is matched. Disscussed with @alebedev87 in kubernetes-sigs#2633 (comment)
Removing the annoations that are not required for the label tests to keep the test to an absolute minimum based on conversations with @alebedev87 kubernetes-sigs#2633 (comment)
…notation As suggested by alebedev87 in kubernetes-sigs#2633 (comment) Co-authored-by: Andrey Lebedev <alebedev87@gmail.com>
Correcting the inconsistancy in the way an empty slice of Ambassador Hosts were declared so it is clean and clearer. Thanks to alebedev87 for catching this in kubernetes-sigs#2633 (comment)
Removing the `valid matching label filter expression` test in favour of just using `valid matching label filter expression for single host` as it is testing the same thing that a Ambassador Host with a valid label is matched. Disscussed with alebedev87 in kubernetes-sigs#2633 (comment)
Removing the annoations that are not required for the label tests to keep the test to an absolute minimum based on conversations with alebedev87 kubernetes-sigs#2633 (comment)
f166698
to
ed61d9b
Compare
@KyleMartin901: I'm not aware of any strict rules about the commits. However I don't think that the commits made to address the review remarks really need to be upstream. |
f702e14
to
eda671a
Compare
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: szuecs The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@KyleMartin901 This PR has been approved. It means that it just needs a rebase, to pass tests and it will be merged. |
Thanks @mloiseleur i will attempt to get this done this week. Looks like someone got tests merged in before mine so going to refactor to match what has already been merged |
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
671157c
to
219b450
Compare
This change makes the Ambassador Host source respect the External-DNS annotationFilter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation. I added the `filterByAnnotations` function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter. Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter. ``` --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns-private spec: strategy: type: Recreate selector: matchLabels: app: external-dns-private template: metadata: labels: app: external-dns-private annotations: iam.amazonaws.com/role: {ARN} # AWS ARN role spec: serviceAccountName: external-dns containers: - name: external-dns image: k8s.gcr.io/external-dns/external-dns:latest args: - --source=ambassador-host - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - --provider=aws - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --aws-zone-type=private # only look at public hosted zones (valid values are public, private or no value for both) - --registry=txt - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here - --annotation-filter=kubernetes.io/ingress.class in (private) --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns-public spec: strategy: type: Recreate selector: matchLabels: app: external-dns-public template: metadata: labels: app: external-dns-public annotations: iam.amazonaws.com/role: {ARN} # AWS ARN role spec: serviceAccountName: external-dns containers: - name: external-dns image: k8s.gcr.io/external-dns/external-dns:latest args: - --source=ambassador-host - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - --provider=aws - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --aws-zone-type= # only look at public hosted zones (valid values are public, private or no value for both) - --registry=txt - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here - --annotation-filter=kubernetes.io/ingress.class in (public) --- apiVersion: getambassador.io/v3alpha1 kind: Host metadata: name: your-hostname annotations: external-dns.ambassador-service: emissary-ingress/emissary kubernetes.io/ingress.class: public spec: acmeProvider: authority: none hostname: your-hostname.example.com ``` Fixes kubernetes-sigs#2632
Currently the `--label-filter` flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects which match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object. When the flag is not specified the default value is `labels.Everything()` which is an empty string, the same as before. An annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used inconjunction with the other sources that don't yet support label filltering. It is possible to use label based filltering with annotation based filltering so you can initially filter by label then filter the returned hosts by annotation. This is not recomended
Add that the Ambassador Host source now supports both annotation and label filltering.
219b450
to
c5137b0
Compare
/lgtm |
/remove-lifecycle rotten |
…rnal-dns to v0.15.0@338dd8c by renovate (#25969) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [registry.k8s.io/external-dns/external-dns](https://github.com/kubernetes-sigs/external-dns) | minor | `v0.14.2` -> `v0.15.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>kubernetes-sigs/external-dns (registry.k8s.io/external-dns/external-dns)</summary> ### [`v0.15.0`](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0) [Compare Source](https://github.com/kubernetes-sigs/external-dns/compare/v0.14.2...v0.15.0) #### Important notes This release drops a few unmaintained providers. See [https://github.com/kubernetes-sigs/external-dns/pull/4719](https://github.com/kubernetes-sigs/external-dns/pull/4719) as mentioned in [https://github.com/kubernetes-sigs/external-dns/issues/4347](https://github.com/kubernetes-sigs/external-dns/issues/4347). If you need to use any of the previous providers, please use a previous release of external DNS or follow the instructions to implement a webhook provider that supports those providers. #### What's Changed - build(deps): bump actions/checkout from 4.1.5 to 4.1.6 in the dev-dependencies group by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4477](https://github.com/kubernetes-sigs/external-dns/pull/4477) - Update kustomize version for v0.14.2 by [@​Raffo](https://github.com/Raffo) in [https://github.com/kubernetes-sigs/external-dns/pull/4480](https://github.com/kubernetes-sigs/external-dns/pull/4480) - build(deps): bump the dev-dependencies group with 8 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4478](https://github.com/kubernetes-sigs/external-dns/pull/4478) - update docs to v0.14.2 by [@​Raffo](https://github.com/Raffo) in [https://github.com/kubernetes-sigs/external-dns/pull/4481](https://github.com/kubernetes-sigs/external-dns/pull/4481) - build(deps): bump GrantBirki/json-yaml-validate from 2.7.1 to 3.0.0 in the dev-dependencies group by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4489](https://github.com/kubernetes-sigs/external-dns/pull/4489) - fix: re-add api-approved.kubernetes.io annotation by [@​morremeyer](https://github.com/morremeyer) in [https://github.com/kubernetes-sigs/external-dns/pull/4488](https://github.com/kubernetes-sigs/external-dns/pull/4488) - feat(webhooks): pass webhook-\* annotations to webhook providers by [@​Raffo](https://github.com/Raffo) in [https://github.com/kubernetes-sigs/external-dns/pull/4458](https://github.com/kubernetes-sigs/external-dns/pull/4458) - fix(traefik): Nil pointer exception if legacy traefik is disabled by [@​kbudde](https://github.com/kbudde) in [https://github.com/kubernetes-sigs/external-dns/pull/4502](https://github.com/kubernetes-sigs/external-dns/pull/4502) - add unifi webhook to readme by [@​onedr0p](https://github.com/onedr0p) in [https://github.com/kubernetes-sigs/external-dns/pull/4504](https://github.com/kubernetes-sigs/external-dns/pull/4504) - Drop experimental notice in webhook flags by [@​Raffo](https://github.com/Raffo) in [https://github.com/kubernetes-sigs/external-dns/pull/4507](https://github.com/kubernetes-sigs/external-dns/pull/4507) - feat(coredns): etcd authentication by [@​matthieugouel](https://github.com/matthieugouel) in [https://github.com/kubernetes-sigs/external-dns/pull/4503](https://github.com/kubernetes-sigs/external-dns/pull/4503) - Bump the dev-dependencies group across 1 directory with 13 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4514](https://github.com/kubernetes-sigs/external-dns/pull/4514) - Add Infoblox webhook provider by [@​k0da](https://github.com/k0da) in [https://github.com/kubernetes-sigs/external-dns/pull/4513](https://github.com/kubernetes-sigs/external-dns/pull/4513) - 🌱 docs(footer): Add trademark disclaimer by [@​mariasalcedo](https://github.com/mariasalcedo) in [https://github.com/kubernetes-sigs/external-dns/pull/4529](https://github.com/kubernetes-sigs/external-dns/pull/4529) - chore!: Remove infoblox in-tree provider by [@​mloiseleur](https://github.com/mloiseleur) in [https://github.com/kubernetes-sigs/external-dns/pull/4516](https://github.com/kubernetes-sigs/external-dns/pull/4516) - Update to Go 1.22.4 by [@​Raffo](https://github.com/Raffo) in [https://github.com/kubernetes-sigs/external-dns/pull/4534](https://github.com/kubernetes-sigs/external-dns/pull/4534) - Bump the dev-dependencies group across 1 directory with 19 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4536](https://github.com/kubernetes-sigs/external-dns/pull/4536) - Add documentation about etcd HTTPS for CoreDNS provider by [@​AlessandroZanatta](https://github.com/AlessandroZanatta) in [https://github.com/kubernetes-sigs/external-dns/pull/4538](https://github.com/kubernetes-sigs/external-dns/pull/4538) - chore(chart): Released chart for v0.14.2 by [@​stevehipwell](https://github.com/stevehipwell) in [https://github.com/kubernetes-sigs/external-dns/pull/4541](https://github.com/kubernetes-sigs/external-dns/pull/4541) - Bump the dev-dependencies group with 4 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4540](https://github.com/kubernetes-sigs/external-dns/pull/4540) - feat(aws): use AWS profiles using .credentials file by [@​roehrijn](https://github.com/roehrijn) in [https://github.com/kubernetes-sigs/external-dns/pull/3973](https://github.com/kubernetes-sigs/external-dns/pull/3973) - fix(cloudflare): trimSpace on token read from file by [@​simonostendorf](https://github.com/simonostendorf) in [https://github.com/kubernetes-sigs/external-dns/pull/4515](https://github.com/kubernetes-sigs/external-dns/pull/4515) - docs: upgrade mkdocs and fix broken links by [@​mloiseleur](https://github.com/mloiseleur) in [https://github.com/kubernetes-sigs/external-dns/pull/4378](https://github.com/kubernetes-sigs/external-dns/pull/4378) - chore(deps): bump github.com/vektah/gqlparser/v2 from 2.5.1 to 2.5.14 by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4546](https://github.com/kubernetes-sigs/external-dns/pull/4546) - chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4544](https://github.com/kubernetes-sigs/external-dns/pull/4544) - chore(deps): bump the dev-dependencies group across 1 directory with 19 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4562](https://github.com/kubernetes-sigs/external-dns/pull/4562) - chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 in the dev-dependencies group by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4547](https://github.com/kubernetes-sigs/external-dns/pull/4547) - feat(rfc2136): add PTR optional support by [@​angeloxx](https://github.com/angeloxx) in [https://github.com/kubernetes-sigs/external-dns/pull/4283](https://github.com/kubernetes-sigs/external-dns/pull/4283) - Update cloudflare.md by [@​tobiabocchi](https://github.com/tobiabocchi) in [https://github.com/kubernetes-sigs/external-dns/pull/4583](https://github.com/kubernetes-sigs/external-dns/pull/4583) - feat!: update GRPCRoute client from v1alpha2 to stable v1 by [@​thameezb](https://github.com/thameezb) in [https://github.com/kubernetes-sigs/external-dns/pull/4567](https://github.com/kubernetes-sigs/external-dns/pull/4567) - docs(annotations): note how to set multiple hostnames by [@​hopkinsth](https://github.com/hopkinsth) in [https://github.com/kubernetes-sigs/external-dns/pull/4602](https://github.com/kubernetes-sigs/external-dns/pull/4602) - chore(deps): bump the dev-dependencies group across 1 directory with 2 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4604](https://github.com/kubernetes-sigs/external-dns/pull/4604) - Gateway API: Revert Gateway and HTTPRoute objects from v1 to v1beta1 by [@​abursavich](https://github.com/abursavich) in [https://github.com/kubernetes-sigs/external-dns/pull/4610](https://github.com/kubernetes-sigs/external-dns/pull/4610) - chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4600](https://github.com/kubernetes-sigs/external-dns/pull/4600) - chore(deps): bump the dev-dependencies group across 1 directory with 37 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4655](https://github.com/kubernetes-sigs/external-dns/pull/4655) - docs: fix broken link by [@​ilmax](https://github.com/ilmax) in [https://github.com/kubernetes-sigs/external-dns/pull/4662](https://github.com/kubernetes-sigs/external-dns/pull/4662) - azure-private-dns: Fix LoadBalancer example by [@​orgads](https://github.com/orgads) in [https://github.com/kubernetes-sigs/external-dns/pull/4663](https://github.com/kubernetes-sigs/external-dns/pull/4663) - AWS: Change documentation to use Helm values by [@​pier-oliviert](https://github.com/pier-oliviert) in [https://github.com/kubernetes-sigs/external-dns/pull/4577](https://github.com/kubernetes-sigs/external-dns/pull/4577) - chore(deps): bump the dev-dependencies group across 1 directory with 10 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4668](https://github.com/kubernetes-sigs/external-dns/pull/4668) - Improve MinEventInterval compliance with docs by [@​tjamet](https://github.com/tjamet) in [https://github.com/kubernetes-sigs/external-dns/pull/3400](https://github.com/kubernetes-sigs/external-dns/pull/3400) - Add provider cache by [@​tjamet](https://github.com/tjamet) in [https://github.com/kubernetes-sigs/external-dns/pull/4597](https://github.com/kubernetes-sigs/external-dns/pull/4597) - chore: update maintainers by [@​mloiseleur](https://github.com/mloiseleur) in [https://github.com/kubernetes-sigs/external-dns/pull/4679](https://github.com/kubernetes-sigs/external-dns/pull/4679) - fix(helm): make use of resource values for webhook by [@​crutonjohn](https://github.com/crutonjohn) in [https://github.com/kubernetes-sigs/external-dns/pull/4560](https://github.com/kubernetes-sigs/external-dns/pull/4560) - Fix AWS Cloud Map docs: annotation key/value pairs must be strings by [@​mjlshen](https://github.com/mjlshen) in [https://github.com/kubernetes-sigs/external-dns/pull/4683](https://github.com/kubernetes-sigs/external-dns/pull/4683) - Webhook provider helm chart fixes by [@​kimsondrup](https://github.com/kimsondrup) in [https://github.com/kubernetes-sigs/external-dns/pull/4643](https://github.com/kubernetes-sigs/external-dns/pull/4643) - chore(deps): bump the dev-dependencies group across 1 directory with 16 updates by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4684](https://github.com/kubernetes-sigs/external-dns/pull/4684) - chore(deps): bump GrantBirki/json-yaml-validate from 3.0.0 to 3.1.0 in the dev-dependencies group by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4685](https://github.com/kubernetes-sigs/external-dns/pull/4685) - Add tutorial to DynamoDB registry docs by [@​mjlshen](https://github.com/mjlshen) in [https://github.com/kubernetes-sigs/external-dns/pull/4686](https://github.com/kubernetes-sigs/external-dns/pull/4686) - chore(deps): bump GrantBirki/json-yaml-validate from 3.1.0 to 3.2.0 in the dev-dependencies group by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4700](https://github.com/kubernetes-sigs/external-dns/pull/4700) - chore(deps): bump GrantBirki/json-yaml-validate from 3.2.0 to 3.2.1 in the dev-dependencies group by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4702](https://github.com/kubernetes-sigs/external-dns/pull/4702) - chore: upgrade ExternalDNS to go 1.23 by [@​mloiseleur](https://github.com/mloiseleur) in [https://github.com/kubernetes-sigs/external-dns/pull/4698](https://github.com/kubernetes-sigs/external-dns/pull/4698) - feat: add annotation and label filters to Ambassador Host Source by [@​KyleMartin901](https://github.com/KyleMartin901) in [https://github.com/kubernetes-sigs/external-dns/pull/2633](https://github.com/kubernetes-sigs/external-dns/pull/2633) - Add RouterOS provider to README.md by [@​benfiola](https://github.com/benfiola) in [https://github.com/kubernetes-sigs/external-dns/pull/4714](https://github.com/kubernetes-sigs/external-dns/pull/4714) - feat: support dual stack for gateway api by [@​thameezb](https://github.com/thameezb) in [https://github.com/kubernetes-sigs/external-dns/pull/4469](https://github.com/kubernetes-sigs/external-dns/pull/4469) - chore(deps): bump actions/setup-python from 5.1.1 to 5.2.0 in the dev-dependencies group by [@​dependabot](https://github.com/dependabot) in [https://github.com/kubernetes-sigs/external-dns/pull/4712](https://github.com/kubernetes-sigs/external-dns/pull/4712) - chore: remove unmaintained providers by [@​mloiseleur](https://github.com/mloiseleur) in [https://github.com/kubernetes-sigs/external-dns/pull/4719](https://github.com/kubernetes-sigs/external-dns/pull/4719) #### Images docker pull registry.k8s.io/external-dns/external-dns:v0.15.0 #### New Contributors - [@​kbudde](https://github.com/kbudde) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4502](https://github.com/kubernetes-sigs/external-dns/pull/4502) - [@​matthieugouel](https://github.com/matthieugouel) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4503](https://github.com/kubernetes-sigs/external-dns/pull/4503) - [@​mariasalcedo](https://github.com/mariasalcedo) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4529](https://github.com/kubernetes-sigs/external-dns/pull/4529) - [@​AlessandroZanatta](https://github.com/AlessandroZanatta) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4538](https://github.com/kubernetes-sigs/external-dns/pull/4538) - [@​roehrijn](https://github.com/roehrijn) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/3973](https://github.com/kubernetes-sigs/external-dns/pull/3973) - [@​simonostendorf](https://github.com/simonostendorf) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4515](https://github.com/kubernetes-sigs/external-dns/pull/4515) - [@​angeloxx](https://github.com/angeloxx) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4283](https://github.com/kubernetes-sigs/external-dns/pull/4283) - [@​tobiabocchi](https://github.com/tobiabocchi) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4583](https://github.com/kubernetes-sigs/external-dns/pull/4583) - [@​thameezb](https://github.com/thameezb) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4567](https://github.com/kubernetes-sigs/external-dns/pull/4567) - [@​hopkinsth](https://github.com/hopkinsth) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4602](https://github.com/kubernetes-sigs/external-dns/pull/4602) - [@​ilmax](https://github.com/ilmax) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4662](https://github.com/kubernetes-sigs/external-dns/pull/4662) - [@​orgads](https://github.com/orgads) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4663](https://github.com/kubernetes-sigs/external-dns/pull/4663) - [@​pier-oliviert](https://github.com/pier-oliviert) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4577](https://github.com/kubernetes-sigs/external-dns/pull/4577) - [@​crutonjohn](https://github.com/crutonjohn) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4560](https://github.com/kubernetes-sigs/external-dns/pull/4560) - [@​mjlshen](https://github.com/mjlshen) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4683](https://github.com/kubernetes-sigs/external-dns/pull/4683) - [@​kimsondrup](https://github.com/kimsondrup) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4643](https://github.com/kubernetes-sigs/external-dns/pull/4643) - [@​KyleMartin901](https://github.com/KyleMartin901) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/2633](https://github.com/kubernetes-sigs/external-dns/pull/2633) - [@​benfiola](https://github.com/benfiola) made their first contribution in [https://github.com/kubernetes-sigs/external-dns/pull/4714](https://github.com/kubernetes-sigs/external-dns/pull/4714) **Full Changelog**: kubernetes-sigs/external-dns@v0.14.2...v0.15.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC42Ny41IiwidXBkYXRlZEluVmVyIjoiMzguNjcuNSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJ1cGRhdGUvZG9ja2VyL2dlbmVyYWwvbm9uLW1ham9yIl19-->
…ernetes-sigs#2633) * Add annotation filter to Ambassador Host Source This change makes the Ambassador Host source respect the External-DNS annotationFilter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation. I added the `filterByAnnotations` function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter. Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter. ``` --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns-private spec: strategy: type: Recreate selector: matchLabels: app: external-dns-private template: metadata: labels: app: external-dns-private annotations: iam.amazonaws.com/role: {ARN} # AWS ARN role spec: serviceAccountName: external-dns containers: - name: external-dns image: k8s.gcr.io/external-dns/external-dns:latest args: - --source=ambassador-host - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - --provider=aws - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --aws-zone-type=private # only look at public hosted zones (valid values are public, private or no value for both) - --registry=txt - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here - --annotation-filter=kubernetes.io/ingress.class in (private) --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns-public spec: strategy: type: Recreate selector: matchLabels: app: external-dns-public template: metadata: labels: app: external-dns-public annotations: iam.amazonaws.com/role: {ARN} # AWS ARN role spec: serviceAccountName: external-dns containers: - name: external-dns image: k8s.gcr.io/external-dns/external-dns:latest args: - --source=ambassador-host - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - --provider=aws - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --aws-zone-type= # only look at public hosted zones (valid values are public, private or no value for both) - --registry=txt - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here - --annotation-filter=kubernetes.io/ingress.class in (public) --- apiVersion: getambassador.io/v3alpha1 kind: Host metadata: name: your-hostname annotations: external-dns.ambassador-service: emissary-ingress/emissary kubernetes.io/ingress.class: public spec: acmeProvider: authority: none hostname: your-hostname.example.com ``` Fixes kubernetes-sigs#2632 * Add Label filltering for Ambassador Host source Currently the `--label-filter` flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects which match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object. When the flag is not specified the default value is `labels.Everything()` which is an empty string, the same as before. An annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used inconjunction with the other sources that don't yet support label filltering. It is possible to use label based filltering with annotation based filltering so you can initially filter by label then filter the returned hosts by annotation. This is not recomended * Update Ambassador Host source docs Add that the Ambassador Host source now supports both annotation and label filltering.
* master: (78 commits) Update README.md with Efficient IP Provider feat(chart): Updated image to v0.15.0 fix(chart): Don't use unauthenticated webhook port for health probe Remove unused session logic after move to aws-sdk-go-v2 Refactor AWS provider to aws-sdk-go-v2 Refactor AWS Cloud Map provider to aws-sdk-go-v2 Refactor DynamoDB registry to aws-sdk-go-v2 Update docs/release.md update the docs to v0.15.0 bump kustomize version to v0.15.0 add deprecation notice on coredns tutorial docs: refactor title and organisation review with Raffo chore: remove unmaintained providers chore(deps): bump actions/setup-python in the dev-dependencies group Add RouterOS provider to README.md feat: add annotation and label filters to Ambassador Host Source (kubernetes-sigs#2633) chore(deps): bump GrantBirki/json-yaml-validate fix linter fix ordering ...
This change makes the Ambassador Host source respect the External-DNS annotation-filter and label-filter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation.
Annotation Fillter
I added the
filterByAnnotations
function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter.I added Endpoint tests to validate that the filterByAnnotations function works as expected. Again these tests were based of the Endpoint tests that other sources use. To keep the tests simpler I only allow for a single load balancer to be used.
Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter.
Fixes #2632
Label Filter
Currently, the
--label-filter
flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects that match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object.When the flag is not specified the default value is
labels.Everything()
which is an empty string, the same as before.Annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used in conjunction with the other sources that don't yet support label filtering.
It is possible to use label based filtering with annotation based filtering so you can initially filter by label and then filter the returned hosts by annotation. This is not recommended
Fixes #2761
Checklist