Merge branch 'master' of github.com:hjoshi123/external-dns into feat/…

…aws-multiple-zones-roles

.github/workflows/docs.yaml

@@ -19,7 +19,7 @@ jobs:
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: "3.12"
           cache: "pip"

.github/workflows/lint-test-chart.yaml

@@ -59,7 +59,7 @@ jobs:
           version: latest
 
       - name: Install Python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           token: ${{ github.token }}
           python-version: "3.x"
@@ -70,13 +70,13 @@ jobs:
       - name: Check for changes
         id: changes
         run: |
-          changed=$(ct list-changed)
+          changed=$(ct list-changed --target-branch=master)
           if [[ -n "$changed" ]]; then
             echo "changed=true" >> "${GITHUB_OUTPUT}"
           fi
 
       - name: Run chart-testing lint
-        run: ct lint --check-version-increment=false
+        run: ct lint --target-branch=master --check-version-increment=false
 
       - name: Create Kind cluster
         if: steps.changes.outputs.changed == 'true'
@@ -86,4 +86,4 @@ jobs:
 
       - name: Run chart-testing install
         if: steps.changes.outputs.changed == 'true'
-        run: ct install
+        run: ct install --target-branch=master

.github/workflows/release-chart.yaml

@@ -53,7 +53,6 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           version: latest
 
       - name: Run chart-releaser

api/webhook.yaml

@@ -44,7 +44,7 @@ paths:
                   - example.com
         '500':
           description: |
-            Negociation failed.
+            Negotiation failed.
 
   /records:
     get:

charts/external-dns/CHANGELOG.md

@@ -18,24 +18,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [UNRELEASED]
 
+## [v1.15.1] - 2023-09-10
+
 ### Added
 
-- Ability to configure `imagePullSecrets` via helm `global` value ([#4667](https://github.com/kubernetes-sigs/external-dns/pull/4667)) _@jkroepke_
-- Added options to configure `labelFilter` and `managedRecordTypes` via dedicated helm values ([#4849](https://github.com/kubernetes-sigs/external-dns/pull/4849)) _@abaguas_
+- Added ability to configure `imagePullSecrets` via helm `global` value. ([#4667](https://github.com/kubernetes-sigs/external-dns/pull/4667)) _@jkroepke_
+- Added options to configure `labelFilter` and `managedRecordTypes` via dedicated helm values. ([#4849](https://github.com/kubernetes-sigs/external-dns/pull/4849)) _@abaguas_
 
-### Fixed
+### Changed
 
-- Fixed automatic addition of pod selector labels to `affinity` and `topologySpreadConstraints` if not defined. _@pvickery-ParamountCommerce_
+- Allow templating `serviceaccount.annotations` keys and values, by rendering them using the `tpl` built-in function. ([#4958](https://github.com/kubernetes-sigs/external-dns/pull/4958)) _@fcrespofastly_
+- Updated _ExternalDNS_ OCI image version to [v0.15.1](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.1). ([#5028](https://github.com/kubernetes-sigs/external-dns/pull/5028)) _@stevehipwell_
 
-### Changed
+### Fixed
 
-- Allow templating `serviceaccount.annotations` keys and values, by rendering them using the `tpl` built-in function. [#4958](https://github.com/kubernetes-sigs/external-dns/pull/4958) _@fcrespofastly_
+- Fixed automatic addition of pod selector labels to `affinity` and `topologySpreadConstraints` if not defined. ([#4666](https://github.com/kubernetes-sigs/external-dns/pull/4666)) _@pvickery-ParamountCommerce_
+- Fixed missing Ingress permissions when using Istio sources. ([#4845](https://github.com/kubernetes-sigs/external-dns/pull/4845)) _@joekhoobyar_
 
-## [v1.15.0] - 2023-09-10
+## [v1.15.0] - 2024-09-11
 
 ### Changed
 
-- Updated _ExternalDNS_ OCI image version to [v0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0). ([#xxxx](https://github.com/kubernetes-sigs/external-dns/pull/xxxx)) _@stevehipwell_
+- Updated _ExternalDNS_ OCI image version to [v0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0). ([#4735](https://github.com/kubernetes-sigs/external-dns/pull/4735)) _@stevehipwell_
 
 ### Fixed
 
@@ -44,7 +48,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed to add correct webhook metric port to `Service` and `ServiceMonitor`. ([#4643](https://github.com/kubernetes-sigs/external-dns/pull/4643)) _@kimsondrup_
 - Fixed to no longer require the unauthenticated webhook provider port to be exposed for health probes. ([#4691](https://github.com/kubernetes-sigs/external-dns/pull/4691)) _@kimsondrup_ & _@hatrx_
 
-## [v1.14.5] - 2023-06-10
+## [v1.14.5] - 2024-06-10
 
 ### Added
 
@@ -61,7 +65,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Fixed the `ServiceMonitor` job name to correctly use the instance label. ([#4541](https://github.com/kubernetes-sigs/external-dns/pull/4541)) _@stevehipwell_
 
-## [v1.14.4] - 2023-04-03
+## [v1.14.4] - 2024-04-05
 
 ### Added
 
@@ -72,7 +76,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Updated _ExternalDNS_ OCI image version to [v0.14.1](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.14.1). ([#4357](https://github.com/kubernetes-sigs/external-dns/pull/4357)) _@stevehipwell_
 
-## [v1.14.3] - 2023-01-26
+## [v1.14.3] - 2024-01-26
 
 ### Fixed
 
@@ -86,7 +90,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Restore template support in `.Values.provider` and `.Values.provider.name`
 
-## [v1.14.1] - 2024-01-11
+## [v1.14.1] - 2024-01-12
 
 ### Fixed
 
@@ -110,7 +114,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - The `secretConfiguration` value has been deprecated in favour of creating secrets external to the Helm chart and configuring their use via the `extraVolumes` & `extraVolumeMounts` values. ([#4161](https://github.com/kubernetes-sigs/external-dns/pull/4161)) [@stevehipwell](https://github.com/stevehipwell)
 
-## [v1.13.1] - 2023-09-07
+## [v1.13.1] - 2023-09-08
 
 ### Added
 
@@ -213,6 +217,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 RELEASE LINKS
 -->
 [UNRELEASED]: https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
+[v1.15.1]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.15.1
 [v1.15.0]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.15.0
 [v1.14.5]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.5
 [v1.14.4]: https://github.com/kubernetes-sigs/external-dns/releases/tag/external-dns-helm-chart-1.14.4

charts/external-dns/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: external-dns
 description: ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
 type: application
-version: 1.15.0
-appVersion: 0.15.0
+version: 1.15.1
+appVersion: 0.15.1
 keywords:
   - kubernetes
   - externaldns
@@ -20,13 +20,15 @@ maintainers:
     email: [email protected]
 annotations:
   artifacthub.io/changes: |
+    - kind: added
+      description: "Added ability to configure `imagePullSecrets` via helm `global` value."
+    - kind: added
+      description: "Added options to configure `labelFilter` and `managedRecordTypes` via dedicated helm values."
     - kind: changed
-      description: "Updated _ExternalDNS_ OCI image version to [v0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0)."
-    - kind: fixed
-      description: "Fixed `provider.webhook.resources` behavior to correctly leverage resource limits."
-    - kind: fixed
-      description: "Fixed `provider.webhook.imagePullPolicy` behavior to correctly leverage pull policy."
+      description: "Allow templating `serviceaccount.annotations` keys and values, by rendering them using the `tpl` built-in function."
+    - kind: changed
+      description: "Updated _ExternalDNS_ OCI image version to [v0.15.1](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.1)."
     - kind: fixed
-      description: "Fixed to add correct webhook metric port to `Service` and `ServiceMonitor`."
+      description: "Fixed automatic addition of pod selector labels to `affinity` and `topologySpreadConstraints` if not defined."
     - kind: fixed
-      description: "Fixed to no longer require the unauthenticated webhook provider port to be exposed for health probes."
+      description: "Fixed missing Ingress permissions when using Istio sources."

charts/external-dns/README.md

@@ -1,6 +1,6 @@
 # external-dns
 
-![Version: 1.15.0](https://img.shields.io/badge/Version-1.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)
+![Version: 1.15.1](https://img.shields.io/badge/Version-1.15.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.15.1](https://img.shields.io/badge/AppVersion-0.15.1-informational?style=flat-square)
 
 ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
 
@@ -27,7 +27,7 @@ helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
 After you've installed the repo you can install the chart.
 
 ```shell
-helm upgrade --install external-dns external-dns/external-dns --version 1.15.0
+helm upgrade --install external-dns external-dns/external-dns --version 1.15.1
 ```
 
 ## Providers

charts/external-dns/templates/clusterrole.yaml

@@ -21,7 +21,7 @@ rules:
     resources: ["services","endpoints"]
     verbs: ["get","watch","list"]
 {{- end }}
-{{- if or (has "ingress" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }}
+{{- if or (has "ingress" .Values.sources) (has "istio-gateway" .Values.sources) (has "istio-virtualservice" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }}
   - apiGroups: ["extensions","networking.k8s.io"]
     resources: ["ingresses"]
     verbs: ["get","watch","list"]

docs/annotations/annotations.md

@@ -64,6 +64,8 @@ Specifies the domain for the resource's DNS records.
 Multiple hostnames can be specified through a comma-separated list, e.g.
 `svc.mydomain1.com,svc.mydomain2.com`.
 
+For `Pods`, uses the `Pod`'s `Status.PodIP`, unless they are `hostNetwork: true` in which case the NodeExternalIP is used for IPv4 and NodeInternalIP for IPv6.
+
 ## external-dns.alpha.kubernetes.io/ingress-hostname-source
 
 Specifies where to get the domain for an `Ingress` resource.
@@ -80,7 +82,7 @@ Specifies the domain for the resource's DNS records that are for use from intern
 
 For `Services` of type `LoadBalancer`, uses the `Service`'s `ClusterIP`.
 
-For `Pods`, uses the `Pod`'s `Status.PodIP`.
+For `Pods`, uses the `Pod`'s `Status.PodIP`, unless they are `hostNetwork: true` in which case the NodeExternalIP is used for IPv4 and NodeInternalIP for IPv6.
 
 ## external-dns.alpha.kubernetes.io/target
 

docs/deprecation.md

@@ -0,0 +1,84 @@
+# External DNS Deprecation Policy
+
+This document defines the Deprecation Policy for External DNS.
+
+Kubernetes is a dynamic system driven by APIs, which evolve with each new release. A crucial aspect of any API-driven system is having a well-defined deprecation policy. This policy informs users about APIs that are slated for removal or modification. Kubernetes follows this principle and periodically refines or upgrades its APIs or capabilities. Consequently, older features are marked as deprecated and eventually phased out. To avoid breaking existing users, we should follow a simple deprecation policy for behaviors that a slated to be removed.
+
+The features and capabilities either to evolve or need to be removed.
+
+## Deprecation Policy
+
+We follow the [Kubernetes Deprecation Policy](https://kubernetes.io/docs/reference/using-api/deprecation-policy/) and [API Versioning Scheme](https://kubernetes.io/docs/reference/using-api/#api-versioning): alpha, beta, GA. It is therefore important to be aware of deprecation announcements and know when API versions will be removed, to help minimize the effect.
+
+### Scope
+
+* CRDs and API Objects and fields: `.Spec`, `.Status` and `.Status.Conditions[]`
+* Annotations objects or it's values
+* Controller Configuration: CLI flags & environment variables
+* Metrics as defined in the [Kubernetes docs](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-a-metric)
+* Revert a specific behavior without an alternative (flag,crd or annotation)
+
+### Non-Scope
+
+Everything not listed in scope is not subject to this deprecation policy and it is subject to breaking changes, updates at any point in time, and deprecation - as long as it follows the Deprecation Process listed below.
+
+This includes, but isn't limited to:
+
+- Any feature/specific behavior not in Scope.
+- Source code imports
+- Source code refactorings
+- Helm Charts
+- Release process
+- Docker Images (including multi-arch builds)
+- Image Signature (including provenance, providers, keys)
+
+## Including features and behaviors to the Deprecation Policy
+
+Any `maintainer` or `contributor` may propose including a feature, component, or behavior out of scope to be in scope of the deprecation policy.
+
+The proposal must clearly outline the rationale for inclusion, the impact on users, stability, long term maintenance plan, and day-to-day activities, if such.
+
+The proposal must be formalized by submitting a `docs/proposal/EDP-XXX.md` document in a Pull Request. Pull request must be labeled with `kind/proposal`. 
+
+The proposal template location is [here](docs/proposal/design-template.md). The template is quite complete, one can remove any unnecessary or irrelevant section on a specific proposal.
+
+## Deprecation Process
+
+### Nomination of Deprecation
+
+Any maintainer may propose deprecating a feature, component, or behavior (both in and out of scope). In Scope changes must abide to the Deprecation Policy above.
+
+The proposal must clearly outline the rationale for deprecation, the impact on users, and any alternatives, if such.
+
+The proposal must be formalized by submiting a `design` document as a Pull Request.
+
+### Showcase to Maintainers
+
+The proposing maintainer must present the proposed deprecation to the maintainer group. This can be done synchronously during a community meeting or asynchronously, through a GitHub Pull Request.
+
+### Voting
+
+A majority vote of maintainers is required to approve the deprecation.
+Votes may be conducted asynchronously, with a reasonable deadline for responses (e.g., one week). Lazy Consensus applies if the reasonable deadline is extended, with a minimal of at least one other maintainer approving the changes.
+
+### Implementation
+
+Upon approval, the proposing maintainer is responsible for implementing the changes required to mark the feature as deprecated. This includes:
+
+* Updating the codebase with deprecation warnings where applicable.
+  - log.Warn("The XXX is on the path of ***DEPRECATION***. We recommend that you use YYY (link to docs)")
+* Documenting the deprecation in release notes and relevant documentation.
+* Updating APIs, metrics, or behaviors per the Kubernetes Deprecation Policy if in scope.
+* If the feature is entirely deprecated, archival of any associated repositories (external provider as example).
+
+### Deprecation Notice in Release
+
+Deprecation must be introduced in the next release. The release must follow semantic versioning:
+
+* If the project is in the 0.x stage, a `minor` version `bump` is required.
+* For projects 1.x and beyond, a major version bump is required. For the features completely removed.
+  - If it's a flag change/flip, the `minor` version `bump` is acceptable
+
+### Full Deprecation and Removal
+
+The removal must follow standard Kubernetes deprecation timelines if the feature is in scope.