Skip to content

Commit

Permalink
upgrade externaldns to v0.13.5 (#261)
Browse files Browse the repository at this point in the history
  • Loading branch information
OliverMKing authored Jul 26, 2024
1 parent 2d973d5 commit 739dda1
Show file tree
Hide file tree
Showing 5 changed files with 104 additions and 7 deletions.
15 changes: 14 additions & 1 deletion pkg/manifests/external_dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ const (
replicas = 1 // this must stay at 1 unless external-dns adds support for multiple replicas https://github.com/kubernetes-sigs/external-dns/issues/2430
k8sNameKey = "app.kubernetes.io/name"
externalDnsResourceName = "external-dns"
txtWildcardReplacement = "approutingwildcard"
)

var (
Expand Down Expand Up @@ -250,12 +251,13 @@ func newExternalDNSDeployment(conf *config.Config, externalDnsConfig *ExternalDn
ServiceAccountName: externalDnsConfig.Provider.ResourceName(),
Containers: []corev1.Container{*withLivenessProbeMatchingReadiness(withTypicalReadinessProbe(7979, &corev1.Container{
Name: "controller",
Image: path.Join(conf.Registry, "/oss/kubernetes/external-dns:v0.11.0.2"),
Image: path.Join(conf.Registry, "/oss/kubernetes/external-dns:v0.13.5-5"),
Args: append([]string{
"--provider=" + externalDnsConfig.Provider.String(),
"--source=ingress",
"--interval=" + conf.DnsSyncInterval.String(),
"--txt-owner-id=" + conf.ClusterUid,
"--txt-wildcard-replacement=" + txtWildcardReplacement,
}, domainFilters...),
VolumeMounts: []corev1.VolumeMount{{
Name: "azure-config",
Expand All @@ -272,6 +274,17 @@ func newExternalDNSDeployment(conf *config.Config, externalDnsConfig *ExternalDn
corev1.ResourceMemory: resource.MustParse("250Mi"),
},
},
SecurityContext: &corev1.SecurityContext{
Privileged: util.ToPtr(false),
AllowPrivilegeEscalation: util.ToPtr(false),
ReadOnlyRootFilesystem: util.ToPtr(true),
RunAsNonRoot: util.ToPtr(true),
RunAsUser: util.Int64Ptr(65532),
RunAsGroup: util.Int64Ptr(65532),
Capabilities: &corev1.Capabilities{
Drop: []corev1.Capability{"ALL"},
},
},
}))},
Volumes: []corev1.Volume{{
Name: "azure-config",
Expand Down
32 changes: 30 additions & 2 deletions pkg/manifests/fixtures/external_dns/full.json
Original file line number Diff line number Diff line change
Expand Up @@ -159,12 +159,13 @@
"containers": [
{
"name": "controller",
"image": "/oss/kubernetes/external-dns:v0.11.0.2",
"image": "/oss/kubernetes/external-dns:v0.13.5-5",
"args": [
"--provider=azure",
"--source=ingress",
"--interval=3m0s",
"--txt-owner-id=test-cluster-uid",
"--txt-wildcard-replacement=approutingwildcard",
"--domain-filter=test-one.com",
"--domain-filter=test-two.com"
],
Expand Down Expand Up @@ -208,6 +209,19 @@
"periodSeconds": 5,
"successThreshold": 1,
"failureThreshold": 3
},
"securityContext": {
"capabilities": {
"drop": [
"ALL"
]
},
"privileged": false,
"runAsUser": 65532,
"runAsGroup": 65532,
"runAsNonRoot": true,
"readOnlyRootFilesystem": true,
"allowPrivilegeEscalation": false
}
}
],
Expand Down Expand Up @@ -422,12 +436,13 @@
"containers": [
{
"name": "controller",
"image": "/oss/kubernetes/external-dns:v0.11.0.2",
"image": "/oss/kubernetes/external-dns:v0.13.5-5",
"args": [
"--provider=azure-private-dns",
"--source=ingress",
"--interval=3m0s",
"--txt-owner-id=test-cluster-uid",
"--txt-wildcard-replacement=approutingwildcard",
"--domain-filter=test-three.com",
"--domain-filter=test-four.com"
],
Expand Down Expand Up @@ -471,6 +486,19 @@
"periodSeconds": 5,
"successThreshold": 1,
"failureThreshold": 3
},
"securityContext": {
"capabilities": {
"drop": [
"ALL"
]
},
"privileged": false,
"runAsUser": 65532,
"runAsGroup": 65532,
"runAsNonRoot": true,
"readOnlyRootFilesystem": true,
"allowPrivilegeEscalation": false
}
}
],
Expand Down
16 changes: 15 additions & 1 deletion pkg/manifests/fixtures/external_dns/no-ownership.json
Original file line number Diff line number Diff line change
Expand Up @@ -159,12 +159,13 @@
"containers": [
{
"name": "controller",
"image": "/oss/kubernetes/external-dns:v0.11.0.2",
"image": "/oss/kubernetes/external-dns:v0.13.5-5",
"args": [
"--provider=azure",
"--source=ingress",
"--interval=3m0s",
"--txt-owner-id=test-cluster-uid",
"--txt-wildcard-replacement=approutingwildcard",
"--domain-filter=test-one.com",
"--domain-filter=test-two.com"
],
Expand Down Expand Up @@ -208,6 +209,19 @@
"periodSeconds": 5,
"successThreshold": 1,
"failureThreshold": 3
},
"securityContext": {
"capabilities": {
"drop": [
"ALL"
]
},
"privileged": false,
"runAsUser": 65532,
"runAsGroup": 65532,
"runAsNonRoot": true,
"readOnlyRootFilesystem": true,
"allowPrivilegeEscalation": false
}
}
],
Expand Down
16 changes: 15 additions & 1 deletion pkg/manifests/fixtures/external_dns/private.json
Original file line number Diff line number Diff line change
Expand Up @@ -159,12 +159,13 @@
"containers": [
{
"name": "controller",
"image": "/oss/kubernetes/external-dns:v0.11.0.2",
"image": "/oss/kubernetes/external-dns:v0.13.5-5",
"args": [
"--provider=azure-private-dns",
"--source=ingress",
"--interval=3m0s",
"--txt-owner-id=test-cluster-uid",
"--txt-wildcard-replacement=approutingwildcard",
"--domain-filter=test-three.com",
"--domain-filter=test-four.com"
],
Expand Down Expand Up @@ -208,6 +209,19 @@
"periodSeconds": 5,
"successThreshold": 1,
"failureThreshold": 3
},
"securityContext": {
"capabilities": {
"drop": [
"ALL"
]
},
"privileged": false,
"runAsUser": 65532,
"runAsGroup": 65532,
"runAsNonRoot": true,
"readOnlyRootFilesystem": true,
"allowPrivilegeEscalation": false
}
}
],
Expand Down
32 changes: 30 additions & 2 deletions pkg/manifests/fixtures/external_dns/short-sync-interval.json
Original file line number Diff line number Diff line change
Expand Up @@ -159,12 +159,13 @@
"containers": [
{
"name": "controller",
"image": "/oss/kubernetes/external-dns:v0.11.0.2",
"image": "/oss/kubernetes/external-dns:v0.13.5-5",
"args": [
"--provider=azure",
"--source=ingress",
"--interval=10s",
"--txt-owner-id=test-cluster-uid",
"--txt-wildcard-replacement=approutingwildcard",
"--domain-filter=test-one.com",
"--domain-filter=test-two.com"
],
Expand Down Expand Up @@ -208,6 +209,19 @@
"periodSeconds": 5,
"successThreshold": 1,
"failureThreshold": 3
},
"securityContext": {
"capabilities": {
"drop": [
"ALL"
]
},
"privileged": false,
"runAsUser": 65532,
"runAsGroup": 65532,
"runAsNonRoot": true,
"readOnlyRootFilesystem": true,
"allowPrivilegeEscalation": false
}
}
],
Expand Down Expand Up @@ -422,12 +436,13 @@
"containers": [
{
"name": "controller",
"image": "/oss/kubernetes/external-dns:v0.11.0.2",
"image": "/oss/kubernetes/external-dns:v0.13.5-5",
"args": [
"--provider=azure-private-dns",
"--source=ingress",
"--interval=10s",
"--txt-owner-id=test-cluster-uid",
"--txt-wildcard-replacement=approutingwildcard",
"--domain-filter=test-three.com",
"--domain-filter=test-four.com"
],
Expand Down Expand Up @@ -471,6 +486,19 @@
"periodSeconds": 5,
"successThreshold": 1,
"failureThreshold": 3
},
"securityContext": {
"capabilities": {
"drop": [
"ALL"
]
},
"privileged": false,
"runAsUser": 65532,
"runAsGroup": 65532,
"runAsNonRoot": true,
"readOnlyRootFilesystem": true,
"allowPrivilegeEscalation": false
}
}
],
Expand Down

0 comments on commit 739dda1

Please sign in to comment.