diff --git a/main.go b/main.go index 81f0b64bc4..3e2f81a1fe 100644 --- a/main.go +++ b/main.go @@ -103,6 +103,7 @@ func main() { FQDNTemplate: cfg.FQDNTemplate, CombineFQDNAndAnnotation: cfg.CombineFQDNAndAnnotation, IgnoreHostnameAnnotation: cfg.IgnoreHostnameAnnotation, + IgnoreIngressTLSSpec: cfg.IgnoreIngressTLSSpec, Compatibility: cfg.Compatibility, PublishInternal: cfg.PublishInternal, PublishHostIP: cfg.PublishHostIP, diff --git a/pkg/apis/externaldns/types.go b/pkg/apis/externaldns/types.go index 742736f8c6..037d9bfbd6 100644 --- a/pkg/apis/externaldns/types.go +++ b/pkg/apis/externaldns/types.go @@ -50,6 +50,7 @@ type Config struct { FQDNTemplate string CombineFQDNAndAnnotation bool IgnoreHostnameAnnotation bool + IgnoreIngressTLSSpec bool Compatibility string PublishInternal bool PublishHostIP bool @@ -159,6 +160,7 @@ var defaultConfig = &Config{ FQDNTemplate: "", CombineFQDNAndAnnotation: false, IgnoreHostnameAnnotation: false, + IgnoreIngressTLSSpec: false, Compatibility: "", PublishInternal: false, PublishHostIP: false, @@ -311,6 +313,7 @@ func (cfg *Config) ParseFlags(args []string) error { app.Flag("fqdn-template", "A templated string that's used to generate DNS names from sources that don't define a hostname themselves, or to add a hostname suffix when paired with the fake source (optional). Accepts comma separated list for multiple global FQDN.").Default(defaultConfig.FQDNTemplate).StringVar(&cfg.FQDNTemplate) app.Flag("combine-fqdn-annotation", "Combine FQDN template and Annotations instead of overwriting").BoolVar(&cfg.CombineFQDNAndAnnotation) app.Flag("ignore-hostname-annotation", "Ignore hostname annotation when generating DNS names, valid only when using fqdn-template is set (optional, default: false)").BoolVar(&cfg.IgnoreHostnameAnnotation) + app.Flag("ignore-ingress-tls-spec", "Ignore tls spec section in ingresses resources, applicable only for ingress sources (optional, default: false)").BoolVar(&cfg.IgnoreIngressTLSSpec) app.Flag("compatibility", "Process annotation semantics from legacy implementations (optional, options: mate, molecule)").Default(defaultConfig.Compatibility).EnumVar(&cfg.Compatibility, "", "mate", "molecule") app.Flag("publish-internal-services", "Allow external-dns to publish DNS records for ClusterIP services (optional)").BoolVar(&cfg.PublishInternal) app.Flag("publish-host-ip", "Allow external-dns to publish host-ip for headless services (optional)").BoolVar(&cfg.PublishHostIP) diff --git a/pkg/apis/externaldns/types_test.go b/pkg/apis/externaldns/types_test.go index 0ac6296a23..02fd16ffd8 100644 --- a/pkg/apis/externaldns/types_test.go +++ b/pkg/apis/externaldns/types_test.go @@ -113,6 +113,7 @@ var ( Sources: []string{"service", "ingress", "connector"}, Namespace: "namespace", IgnoreHostnameAnnotation: true, + IgnoreIngressTLSSpec: true, FQDNTemplate: "{{.Name}}.service.example.com", Compatibility: "mate", Provider: "google", @@ -218,6 +219,7 @@ func TestParseFlags(t *testing.T) { "--namespace=namespace", "--fqdn-template={{.Name}}.service.example.com", "--ignore-hostname-annotation", + "--ignore-ingress-tls-spec", "--compatibility=mate", "--provider=google", "--google-project=project", @@ -310,6 +312,7 @@ func TestParseFlags(t *testing.T) { "EXTERNAL_DNS_NAMESPACE": "namespace", "EXTERNAL_DNS_FQDN_TEMPLATE": "{{.Name}}.service.example.com", "EXTERNAL_DNS_IGNORE_HOSTNAME_ANNOTATION": "1", + "EXTERNAL_DNS_IGNORE_INGRESS_TLS_SPEC": "1", "EXTERNAL_DNS_COMPATIBILITY": "mate", "EXTERNAL_DNS_PROVIDER": "google", "EXTERNAL_DNS_GOOGLE_PROJECT": "project", diff --git a/source/ingress.go b/source/ingress.go index 89775f90a6..0ad7f94b9c 100644 --- a/source/ingress.go +++ b/source/ingress.go @@ -56,10 +56,11 @@ type ingressSource struct { combineFQDNAnnotation bool ignoreHostnameAnnotation bool ingressInformer extinformers.IngressInformer + ignoreIngressTLSSpec bool } // NewIngressSource creates a new ingressSource with the given config. -func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool) (Source, error) { +func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool, ignoreIngressTLSSpec bool) (Source, error) { var ( tmpl *template.Template err error @@ -105,6 +106,7 @@ func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilt combineFQDNAnnotation: combineFqdnAnnotation, ignoreHostnameAnnotation: ignoreHostnameAnnotation, ingressInformer: ingressInformer, + ignoreIngressTLSSpec: ignoreIngressTLSSpec, } return sc, nil } @@ -132,7 +134,7 @@ func (sc *ingressSource) Endpoints(ctx context.Context) ([]*endpoint.Endpoint, e continue } - ingEndpoints := endpointsFromIngress(ing, sc.ignoreHostnameAnnotation) + ingEndpoints := endpointsFromIngress(ing, sc.ignoreHostnameAnnotation, sc.ignoreIngressTLSSpec) // apply template if host is missing on ingress if (sc.combineFQDNAnnotation || len(ingEndpoints) == 0) && sc.fqdnTemplate != nil { @@ -240,7 +242,7 @@ func (sc *ingressSource) setDualstackLabel(ingress *v1beta1.Ingress, endpoints [ } // endpointsFromIngress extracts the endpoints from ingress object -func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) []*endpoint.Endpoint { +func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool, ignoreIngressTLSSpec bool) []*endpoint.Endpoint { var endpoints []*endpoint.Endpoint ttl, err := getTTLFromAnnotations(ing.Annotations) @@ -263,12 +265,15 @@ func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) [ endpoints = append(endpoints, endpointsForHostname(rule.Host, targets, ttl, providerSpecific, setIdentifier)...) } - for _, tls := range ing.Spec.TLS { - for _, host := range tls.Hosts { - if host == "" { - continue + // Skip endpoints if we do not want entries from tls spec section + if !ignoreIngressTLSSpec { + for _, tls := range ing.Spec.TLS { + for _, host := range tls.Hosts { + if host == "" { + continue + } + endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier)...) } - endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier)...) } } diff --git a/source/ingress_test.go b/source/ingress_test.go index f30060250a..6348126036 100644 --- a/source/ingress_test.go +++ b/source/ingress_test.go @@ -52,6 +52,7 @@ func (suite *IngressSuite) SetupTest() { "{{.Name}}", false, false, + false, ) suite.NoError(err, "should initialize ingress source") @@ -134,6 +135,7 @@ func TestNewIngressSource(t *testing.T) { ti.fqdnTemplate, ti.combineFQDNAndAnnotation, false, + false, ) if ti.expectError { assert.Error(t, err) @@ -221,7 +223,7 @@ func testEndpointsFromIngress(t *testing.T) { } { t.Run(ti.title, func(t *testing.T) { realIngress := ti.ingress.Ingress() - validateEndpoints(t, endpointsFromIngress(realIngress, false), ti.expected) + validateEndpoints(t, endpointsFromIngress(realIngress, false, false), ti.expected) }) } } @@ -238,6 +240,7 @@ func testIngressEndpoints(t *testing.T) { fqdnTemplate string combineFQDNAndAnnotation bool ignoreHostnameAnnotation bool + ignoreIngressTLSSpec bool }{ { title: "no ingress", @@ -993,6 +996,39 @@ func testIngressEndpoints(t *testing.T) { }, }, }, + { + title: "ignore tls section", + targetNamespace: "", + ignoreIngressTLSSpec: true, + ingressItems: []fakeIngress{ + { + name: "fake1", + namespace: namespace, + tlsdnsnames: [][]string{{"example.org"}}, + ips: []string{"1.2.3.4"}, + }, + }, + expected: []*endpoint.Endpoint{}, + }, + { + title: "reading tls section", + targetNamespace: "", + ignoreIngressTLSSpec: false, + ingressItems: []fakeIngress{ + { + name: "fake1", + namespace: namespace, + tlsdnsnames: [][]string{{"example.org"}}, + ips: []string{"1.2.3.4"}, + }, + }, + expected: []*endpoint.Endpoint{ + { + DNSName: "example.org", + Targets: endpoint.Targets{"1.2.3.4"}, + }, + }, + }, } { t.Run(ti.title, func(t *testing.T) { ingresses := make([]*v1beta1.Ingress, 0) @@ -1008,6 +1044,7 @@ func testIngressEndpoints(t *testing.T) { ti.fqdnTemplate, ti.combineFQDNAndAnnotation, ti.ignoreHostnameAnnotation, + ti.ignoreIngressTLSSpec, ) for _, ingress := range ingresses { _, err := fakeClient.ExtensionsV1beta1().Ingresses(ingress.Namespace).Create(context.Background(), ingress, metav1.CreateOptions{}) diff --git a/source/store.go b/source/store.go index c6cd064a23..a06571f827 100644 --- a/source/store.go +++ b/source/store.go @@ -45,6 +45,7 @@ type Config struct { FQDNTemplate string CombineFQDNAndAnnotation bool IgnoreHostnameAnnotation bool + IgnoreIngressTLSSpec bool Compatibility string PublishInternal bool PublishHostIP bool @@ -184,7 +185,7 @@ func BuildWithConfig(source string, p ClientGenerator, cfg *Config) (Source, err if err != nil { return nil, err } - return NewIngressSource(client, cfg.Namespace, cfg.AnnotationFilter, cfg.FQDNTemplate, cfg.CombineFQDNAndAnnotation, cfg.IgnoreHostnameAnnotation) + return NewIngressSource(client, cfg.Namespace, cfg.AnnotationFilter, cfg.FQDNTemplate, cfg.CombineFQDNAndAnnotation, cfg.IgnoreHostnameAnnotation, cfg.IgnoreIngressTLSSpec) case "istio-gateway": kubernetesClient, err := p.KubeClient() if err != nil {