From f18706f2cb446fb0222a14815e73db49faf353c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iago=20L=C3=B3pez=20Galeiras?= Date: Fri, 20 Mar 2020 17:56:36 +0100 Subject: [PATCH] components/external-dns: expose owner_id We were setting it to the AWS DNS Zone ID and that means that several clusters using the same DNS Zone will interact badly with each other. This exposes it to the user so they can choose a reasonable ID. --- ci/aws/aws-cluster.lokocfg.envsubst | 1 + ci/packet/packet-cluster.lokocfg.envsubst | 1 + .../components/external-dns.md | 23 ++++++++++--------- pkg/components/external-dns/component.go | 3 ++- pkg/components/external-dns/component_test.go | 4 ++++ 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/ci/aws/aws-cluster.lokocfg.envsubst b/ci/aws/aws-cluster.lokocfg.envsubst index 88672c53c..ae2247971 100644 --- a/ci/aws/aws-cluster.lokocfg.envsubst +++ b/ci/aws/aws-cluster.lokocfg.envsubst @@ -41,6 +41,7 @@ component "cert-manager" { component "external-dns" { policy = "sync" + owner_id = "$CLUSTER_ID" aws { zone_id = "$AWS_DNS_ZONE_ID" aws_access_key_id = "$AWS_ACCESS_KEY_ID" diff --git a/ci/packet/packet-cluster.lokocfg.envsubst b/ci/packet/packet-cluster.lokocfg.envsubst index 0ec049417..ec213cfb6 100644 --- a/ci/packet/packet-cluster.lokocfg.envsubst +++ b/ci/packet/packet-cluster.lokocfg.envsubst @@ -48,6 +48,7 @@ component "cert-manager" { component "external-dns"{ policy = "sync" + owner_id = "$CLUSTER_ID" aws { zone_id = "$AWS_DNS_ZONE_ID" aws_access_key_id = "$AWS_ACCESS_KEY_ID" diff --git a/docs/configuration-reference/components/external-dns.md b/docs/configuration-reference/components/external-dns.md index 2a240d31e..ee50c667e 100644 --- a/docs/configuration-reference/components/external-dns.md +++ b/docs/configuration-reference/components/external-dns.md @@ -59,17 +59,18 @@ Table of all the arguments accepted by the component. Example: -| Argument | Description | Default | Required | -|-----------------------------|-------------------------------------------------------------------------------------------------------------------|:--------------:|:--------:| -| `sources` | Kubernetes resources type to be observed for new DNS entries by ExternalDNS. | ["service"] | false | -| `namespace` | Namespace to install ExternalDNS. | "external-dns" | false | -| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only). | "upsert-only" | false | -| `metrics` | Enable metrics collection by Prometheus. Needs [Prometheus Operator component](prometheus-operator.md) installed. | false | false | -| `aws` | Configuration block for AWS Route53 DNS provider. | - | true | -| `aws.zone_type` | Filter for zones of this type (options: public, private). | "public" | false | -| `aws.zone_id` | ID of the DNS zone. | - | true | -| `aws.aws_access_key_id` | AWS access key ID for AWS credentials. Use environment variable AWS_ACCESS_KEY_ID instead. | - | false | -| `aws.aws_secret_access_key` | AWS secret access key for AWS credentials. Use environment variable AWS_SECRET_ACCESS_KEY instead. | - | false | +| Argument | Description | Default | Required | +|-----------------------------|-----------------------------------------------------------------------------------------------------------------------------------|:--------------:|:--------:| +| `sources` | Kubernetes resources type to be observed for new DNS entries by ExternalDNS. | ["service"] | false | +| `namespace` | Namespace to install ExternalDNS. | "external-dns" | false | +| `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only). | "upsert-only" | false | +| `metrics` | Enable metrics collection by Prometheus. Needs [Prometheus Operator component](prometheus-operator.md) installed. | false | false | +| `owner_id` | A name that identifies this instace of ExternalDNS. Set it to a unique value that doesn't change for the lifetime of the cluster. | - | true | +| `aws` | Configuration block for AWS Route53 DNS provider. | - | true | +| `aws.zone_type` | Filter for zones of this type (options: public, private). | "public" | false | +| `aws.zone_id` | ID of the DNS zone. | - | true | +| `aws.aws_access_key_id` | AWS access key ID for AWS credentials. Use environment variable AWS_ACCESS_KEY_ID instead. | - | false | +| `aws.aws_secret_access_key` | AWS secret access key for AWS credentials. Use environment variable AWS_SECRET_ACCESS_KEY instead. | - | false | ## Applying diff --git a/pkg/components/external-dns/component.go b/pkg/components/external-dns/component.go index 6b9a8de0c..0b710ab15 100644 --- a/pkg/components/external-dns/component.go +++ b/pkg/components/external-dns/component.go @@ -43,7 +43,7 @@ aws: secretKey: "{{ .AwsConfig.SecretAccessKey }}" accessKey: "{{ .AwsConfig.AccessKeyID }}" zoneType: {{ .AwsConfig.ZoneType }} -txtOwnerId: {{ .AwsConfig.ZoneID }} +txtOwnerId: {{ .OwnerID }} {{- end }} policy: {{ .Policy }} replicas: 3 @@ -68,6 +68,7 @@ type component struct { Metrics bool `hcl:"metrics,optional"` Policy string `hcl:"policy,optional"` AwsConfig AwsConfig `hcl:"aws,block"` + OwnerID string `hcl:"owner_id"` } func newComponent() *component { diff --git a/pkg/components/external-dns/component_test.go b/pkg/components/external-dns/component_test.go index db67c31d3..4fe183b14 100644 --- a/pkg/components/external-dns/component_test.go +++ b/pkg/components/external-dns/component_test.go @@ -68,6 +68,7 @@ func TestAwsConfigWithoutProvidingCredentials(t *testing.T) { sources = ["service"] metrics = false policy = "upsert-only" + owner_id = "test-owner" aws { zone_id = "TESTZONEID" zone_type = "public" @@ -97,6 +98,7 @@ func TestAwsConfigBySettingEnvVariables(t *testing.T) { sources = ["service"] metrics = false policy = "upsert-only" + owner_id = "test-owner" aws { zone_id = "TESTZONEID" zone_type = "public" @@ -133,6 +135,7 @@ func TestAwsConfigBySettingEmptyEnvVariables(t *testing.T) { sources = ["service"] metrics = false policy = "upsert-only" + owner_id = "test-owner" aws { zone_id = "TESTZONEID" zone_type = "public" @@ -168,6 +171,7 @@ func TestAwsConfigBySettingConfigFields(t *testing.T) { sources = ["service"] metrics = false policy = "upsert-only" + owner_id = "test-owner" aws { zone_id = "TESTZONEID" zone_type = "public"