Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add annotation and label filters to Ambassador Host Source #2633

Conversation

KyleMartin901
Copy link
Contributor

@KyleMartin901 KyleMartin901 commented Mar 9, 2022

This change makes the Ambassador Host source respect the External-DNS annotation-filter and label-filter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation.

Annotation Fillter

I added the filterByAnnotations function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter.

I added Endpoint tests to validate that the filterByAnnotations function works as expected. Again these tests were based of the Endpoint tests that other sources use. To keep the tests simpler I only allow for a single load balancer to be used.

Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-private
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-private
  template:
    metadata:
      labels:
        app: external-dns-private
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type=private # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (private)
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-public
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-public
  template:
    metadata:
      labels:
        app: external-dns-public
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type= # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (public)
---
apiVersion: getambassador.io/v3alpha1
  kind: Host
  metadata:
    name: your-hostname
    annotations:
      external-dns.ambassador-service: emissary-ingress/emissary
      kubernetes.io/ingress.class: public
  spec:
		acmeProvider:
      authority: none
		hostname: your-hostname.example.com

Fixes #2632

Label Filter

Currently, the --label-filter flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects that match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object.

When the flag is not specified the default value is labels.Everything() which is an empty string, the same as before.
Annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used in conjunction with the other sources that don't yet support label filtering.

It is possible to use label based filtering with annotation based filtering so you can initially filter by label and then filter the returned hosts by annotation. This is not recommended

Fixes #2761

Checklist

  • Unit tests updated
  • End user documentation updated

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Mar 9, 2022

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Mar 9, 2022
@k8s-ci-robot
Copy link
Contributor

Welcome @KyleMartin901!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 9, 2022
@k8s-ci-robot k8s-ci-robot requested review from Raffo and seanmalloy March 9, 2022 11:48
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Mar 9, 2022
@KyleMartin901 KyleMartin901 force-pushed the add-annotation-fillter-to-ambassador-host-source branch from 8c6851c to a427434 Compare May 16, 2022 01:47
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 16, 2022
@KyleMartin901 KyleMartin901 changed the title Add annotation filter to Ambassador Host Source Add annotation and label filters to Ambassador Host Source May 16, 2022
@KyleMartin901
Copy link
Contributor Author

I have also added the label filter to the Ambassador host source as per suggestion by @alebedev87 in #2043 (comment)

Copy link
Contributor

@alebedev87 alebedev87 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM, just some cosmetic comments.

// Filter Ambassador Hosts
ambassadorHosts, err = sc.filterByAnnotations(ambassadorHosts)
if err != nil {
return nil, errors.Wrap(err, "failed to filter Ambassador Hosts")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return nil, errors.Wrap(err, "failed to filter Ambassador Hosts")
return nil, errors.Wrap(err, "failed to filter Ambassador Hosts by annotation")

Comment on lines 68 to 130
title: "no host",
targetNamespace: "",
labelSelector: labels.Everything(),
Copy link
Contributor

@alebedev87 alebedev87 Jun 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
title: "no host",
targetNamespace: "",
labelSelector: labels.Everything(),
title: "no host",
labelSelector: labels.Everything(),

Just to safe 1 line from each test case which doesn't need the target namespace.

BTW I didn't see any test case using the targetNamespace, specifying it is supposed to filter hosts too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry forgot to add the test case in. I was going to test to make sure the Ambassador host was only added if it is within the External DNS targeted namespace like the following sources do

Copy link
Contributor Author

@KyleMartin901 KyleMartin901 Jun 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added the Target Namespace test now 51e3633

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the test case for the namespace!

The other tests cases can remove targetNamespace field as it's set to the empty string by default - will save 1 line for each line.

expectError: true,
},
{
title: "valid matching annotation filter label",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this test case? The one with the filter expression has already tested the parsing into the labelSelector.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Up to you again copied the test from Contour, Ingress, Istio Gateway and the service tests. Happy to remove it if you would like.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since it doesn't bring any added value, I'd prefer to remove it - smaller is simpler for the further maintenance.

{
title: "valid matching label filter expression",
targetNamespace: "",
// annotationFilter: "kubernetes.io/ingress.class in (external-ingress)",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be removed if not used.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cleaned this up 1629661 sorry forgot to go through and make sure was all clean

hostname: "fake1.org",
annotations: map[string]string{
"external-dns.ambassador-service": "emissary-ingress/emissary",
"kubernetes.io/ingress.class": "external-ingress",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This annotation can be removed as we don't use any annotation filter, just to keep the test to absolute minimum.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks I have removed the kubernetes.io/ingress.class annotations from the label tests where they weren't being used. I still need to keep the external-dns.ambassador-service annotation as that is how External DNS knows to assign the DNS record to the correct Ambassador Host service/endpoint.

expected: []*endpoint.Endpoint{},
},
{
title: "valid matching label filter expression for single host",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test case seems to be a "superset" of valid matching label filter expression one, so why not keeping only this one?

Copy link
Contributor Author

@KyleMartin901 KyleMartin901 Jun 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have now removed valid matching label filter expression as you are correct I am already matching valid label within the valid matching label filter expression for single host test.

Sorry I was trying to match tests like what was done within the annotations without really thinking about it.

ti := ti
t.Run(ti.title, func(t *testing.T) {
// Create a slice of Ambassador Hosts
ambassadorHosts := make([]*ambassador.Host, 0)
Copy link
Contributor

@alebedev87 alebedev87 Jun 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a big deal at all but I've seen all the possible ways of creating a slice of ambassador hosts in this PR:

var ambassadorHosts []*ambassador.Host
---
filteredList := []*ambassador.Host{}
---
ambassadorHosts := make([]*ambassador.Host, 0)

:)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about that copy and paste issues. Thanks for picking that up for me totally missed it

Copy link
Contributor Author

@KyleMartin901 KyleMartin901 Jun 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have cleaned this up in 2482ef5 decided to use the short declaration operator

@KyleMartin901 KyleMartin901 force-pushed the add-annotation-fillter-to-ambassador-host-source branch from f10f6eb to 25aff9e Compare June 2, 2022 06:32
KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
Correcting the inconsistancy in the way an empty slice of Ambassador Hosts were declared so it is clean and clearer.

Thanks to @alebedev87 for catching this kubernetes-sigs#2633 (comment)
@k8s-ci-robot k8s-ci-robot added the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Jun 7, 2022
@KyleMartin901
Copy link
Contributor Author

KyleMartin901 commented Jun 7, 2022

@alebedev87 thanks for picking up those issues.

I wasn't sure on the process of adding in the changes if it is preferred for the changes to be added in as new commits or squashed so the PR still only had the two commits for adding annotation filter and label filter. I have just added them as seperate commits so it is easy to squash if that's what is preferred. Let me know if you would prefer me to squash them or happy as is.

KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
Removing the `valid matching label filter expression` test in favour of just using `valid matching label filter expression for single host` as it is testing the same thing that a Ambassador Host with a valid label is matched.

Disscussed with @alebedev87 in kubernetes-sigs#2633 (comment)
KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
Removing the annoations that are not required for the label tests to keep the test to an absolute minimum based on conversations with @alebedev87 kubernetes-sigs#2633 (comment)
KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
Correcting the inconsistancy in the way an empty slice of Ambassador Hosts were declared so it is clean and clearer.

Thanks to alebedev87 for catching this in kubernetes-sigs#2633 (comment)
KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
Removing the `valid matching label filter expression` test in favour of just using `valid matching label filter expression for single host` as it is testing the same thing that a Ambassador Host with a valid label is matched.

Disscussed with alebedev87 in kubernetes-sigs#2633 (comment)
KyleMartin901 added a commit to KyleMartin901/external-dns that referenced this pull request Jun 7, 2022
Removing the annoations that are not required for the label tests to keep the test to an absolute minimum based on conversations with alebedev87 kubernetes-sigs#2633 (comment)
@KyleMartin901 KyleMartin901 force-pushed the add-annotation-fillter-to-ambassador-host-source branch from f166698 to ed61d9b Compare June 7, 2022 03:15
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Jun 7, 2022
@alebedev87
Copy link
Contributor

@KyleMartin901: I'm not aware of any strict rules about the commits. However I don't think that the commits made to address the review remarks really need to be upstream.

@KyleMartin901 KyleMartin901 force-pushed the add-annotation-fillter-to-ambassador-host-source branch from f702e14 to eda671a Compare June 19, 2022 14:49
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 11, 2024
@szuecs
Copy link
Contributor

szuecs commented Apr 27, 2024

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: szuecs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Apr 27, 2024
@mloiseleur
Copy link
Contributor

@KyleMartin901 This PR has been approved. It means that it just needs a rebase, to pass tests and it will be merged.

@KyleMartin901
Copy link
Contributor Author

Thanks @mloiseleur i will attempt to get this done this week. Looks like someone got tests merged in before mine so going to refactor to match what has already been merged

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 29, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle rotten
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Aug 28, 2024
@KyleMartin901 KyleMartin901 force-pushed the add-annotation-fillter-to-ambassador-host-source branch from 671157c to 219b450 Compare August 28, 2024 14:03
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Aug 28, 2024
This change makes the Ambassador Host source respect the External-DNS annotationFilter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation.

I added the `filterByAnnotations` function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter.

Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter.

```
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-private
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-private
  template:
    metadata:
      labels:
        app: external-dns-private
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type=private # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (private)
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-public
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-public
  template:
    metadata:
      labels:
        app: external-dns-public
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type= # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (public)
---
apiVersion: getambassador.io/v3alpha1
  kind: Host
  metadata:
    name: your-hostname
    annotations:
      external-dns.ambassador-service: emissary-ingress/emissary
      kubernetes.io/ingress.class: public
  spec:
		acmeProvider:
      authority: none
		hostname: your-hostname.example.com
```

Fixes kubernetes-sigs#2632
Currently the `--label-filter` flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects which match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object.

When the flag is not specified the default value is `labels.Everything()` which is an empty string, the same as before. An annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used inconjunction with the other sources that don't yet support label filltering.

It is possible to use label based filltering with annotation based filltering so you can initially filter by label then filter the returned hosts by annotation. This is not recomended
Add that the Ambassador Host source now supports both annotation and label filltering.
@KyleMartin901 KyleMartin901 force-pushed the add-annotation-fillter-to-ambassador-host-source branch from 219b450 to c5137b0 Compare August 28, 2024 14:08
@mloiseleur
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 28, 2024
@mloiseleur
Copy link
Contributor

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Aug 28, 2024
@k8s-ci-robot k8s-ci-robot merged commit 3817894 into kubernetes-sigs:master Aug 28, 2024
12 checks passed
truecharts-admin referenced this pull request in truecharts/public Sep 5, 2024
…rnal-dns to v0.15.0@338dd8c by renovate (#25969)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[registry.k8s.io/external-dns/external-dns](https://redirect.github.com/kubernetes-sigs/external-dns)
| minor | `v0.14.2` -> `v0.15.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>kubernetes-sigs/external-dns
(registry.k8s.io/external-dns/external-dns)</summary>

###
[`v0.15.0`](https://redirect.github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0)

[Compare
Source](https://redirect.github.com/kubernetes-sigs/external-dns/compare/v0.14.2...v0.15.0)

#### Important notes

This release drops a few unmaintained providers. See
[https://github.com/kubernetes-sigs/external-dns/pull/4719](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4719)
as mentioned in
[https://github.com/kubernetes-sigs/external-dns/issues/4347](https://redirect.github.com/kubernetes-sigs/external-dns/issues/4347).
If you need to use any of the previous providers, please use a previous
release of external DNS or follow the instructions to implement a
webhook provider that supports those providers.

#### What's Changed

- build(deps): bump actions/checkout from 4.1.5 to 4.1.6 in the
dev-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4477](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4477)
- Update kustomize version for v0.14.2 by
[@&#8203;Raffo](https://redirect.github.com/Raffo) in
[https://github.com/kubernetes-sigs/external-dns/pull/4480](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4480)
- build(deps): bump the dev-dependencies group with 8 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4478](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4478)
- update docs to v0.14.2 by
[@&#8203;Raffo](https://redirect.github.com/Raffo) in
[https://github.com/kubernetes-sigs/external-dns/pull/4481](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4481)
- build(deps): bump GrantBirki/json-yaml-validate from 2.7.1 to 3.0.0 in
the dev-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4489](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4489)
- fix: re-add api-approved.kubernetes.io annotation by
[@&#8203;morremeyer](https://redirect.github.com/morremeyer) in
[https://github.com/kubernetes-sigs/external-dns/pull/4488](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4488)
- feat(webhooks): pass webhook-\* annotations to webhook providers by
[@&#8203;Raffo](https://redirect.github.com/Raffo) in
[https://github.com/kubernetes-sigs/external-dns/pull/4458](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4458)
- fix(traefik): Nil pointer exception if legacy traefik is disabled by
[@&#8203;kbudde](https://redirect.github.com/kbudde) in
[https://github.com/kubernetes-sigs/external-dns/pull/4502](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4502)
- add unifi webhook to readme by
[@&#8203;onedr0p](https://redirect.github.com/onedr0p) in
[https://github.com/kubernetes-sigs/external-dns/pull/4504](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4504)
- Drop experimental notice in webhook flags by
[@&#8203;Raffo](https://redirect.github.com/Raffo) in
[https://github.com/kubernetes-sigs/external-dns/pull/4507](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4507)
- feat(coredns): etcd authentication by
[@&#8203;matthieugouel](https://redirect.github.com/matthieugouel) in
[https://github.com/kubernetes-sigs/external-dns/pull/4503](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4503)
- Bump the dev-dependencies group across 1 directory with 13 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4514](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4514)
- Add Infoblox webhook provider by
[@&#8203;k0da](https://redirect.github.com/k0da) in
[https://github.com/kubernetes-sigs/external-dns/pull/4513](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4513)
- 🌱 docs(footer): Add trademark disclaimer by
[@&#8203;mariasalcedo](https://redirect.github.com/mariasalcedo) in
[https://github.com/kubernetes-sigs/external-dns/pull/4529](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4529)
- chore!: Remove infoblox in-tree provider by
[@&#8203;mloiseleur](https://redirect.github.com/mloiseleur) in
[https://github.com/kubernetes-sigs/external-dns/pull/4516](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4516)
- Update to Go 1.22.4 by
[@&#8203;Raffo](https://redirect.github.com/Raffo) in
[https://github.com/kubernetes-sigs/external-dns/pull/4534](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4534)
- Bump the dev-dependencies group across 1 directory with 19 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4536](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4536)
- Add documentation about etcd HTTPS for CoreDNS provider by
[@&#8203;AlessandroZanatta](https://redirect.github.com/AlessandroZanatta)
in
[https://github.com/kubernetes-sigs/external-dns/pull/4538](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4538)
- chore(chart): Released chart for v0.14.2 by
[@&#8203;stevehipwell](https://redirect.github.com/stevehipwell) in
[https://github.com/kubernetes-sigs/external-dns/pull/4541](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4541)
- Bump the dev-dependencies group with 4 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4540](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4540)
- feat(aws): use AWS profiles using .credentials file by
[@&#8203;roehrijn](https://redirect.github.com/roehrijn) in
[https://github.com/kubernetes-sigs/external-dns/pull/3973](https://redirect.github.com/kubernetes-sigs/external-dns/pull/3973)
- fix(cloudflare): trimSpace on token read from file by
[@&#8203;simonostendorf](https://redirect.github.com/simonostendorf) in
[https://github.com/kubernetes-sigs/external-dns/pull/4515](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4515)
- docs: upgrade mkdocs and fix broken links by
[@&#8203;mloiseleur](https://redirect.github.com/mloiseleur) in
[https://github.com/kubernetes-sigs/external-dns/pull/4378](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4378)
- chore(deps): bump github.com/vektah/gqlparser/v2 from 2.5.1 to 2.5.14
by [@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4546](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4546)
- chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
from 1.5.2 to 1.6.0 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4544](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4544)
- chore(deps): bump the dev-dependencies group across 1 directory with
19 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4562](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4562)
- chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 in the
dev-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4547](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4547)
- feat(rfc2136): add PTR optional support by
[@&#8203;angeloxx](https://redirect.github.com/angeloxx) in
[https://github.com/kubernetes-sigs/external-dns/pull/4283](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4283)
- Update cloudflare.md by
[@&#8203;tobiabocchi](https://redirect.github.com/tobiabocchi) in
[https://github.com/kubernetes-sigs/external-dns/pull/4583](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4583)
- feat!: update GRPCRoute client from v1alpha2 to stable v1 by
[@&#8203;thameezb](https://redirect.github.com/thameezb) in
[https://github.com/kubernetes-sigs/external-dns/pull/4567](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4567)
- docs(annotations): note how to set multiple hostnames by
[@&#8203;hopkinsth](https://redirect.github.com/hopkinsth) in
[https://github.com/kubernetes-sigs/external-dns/pull/4602](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4602)
- chore(deps): bump the dev-dependencies group across 1 directory with 2
updates by [@&#8203;dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/kubernetes-sigs/external-dns/pull/4604](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4604)
- Gateway API: Revert Gateway and HTTPRoute objects from v1 to v1beta1
by [@&#8203;abursavich](https://redirect.github.com/abursavich) in
[https://github.com/kubernetes-sigs/external-dns/pull/4610](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4610)
- chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4600](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4600)
- chore(deps): bump the dev-dependencies group across 1 directory with
37 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4655](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4655)
- docs: fix broken link by
[@&#8203;ilmax](https://redirect.github.com/ilmax) in
[https://github.com/kubernetes-sigs/external-dns/pull/4662](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4662)
- azure-private-dns: Fix LoadBalancer example by
[@&#8203;orgads](https://redirect.github.com/orgads) in
[https://github.com/kubernetes-sigs/external-dns/pull/4663](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4663)
- AWS: Change documentation to use Helm values by
[@&#8203;pier-oliviert](https://redirect.github.com/pier-oliviert) in
[https://github.com/kubernetes-sigs/external-dns/pull/4577](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4577)
- chore(deps): bump the dev-dependencies group across 1 directory with
10 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4668](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4668)
- Improve MinEventInterval compliance with docs by
[@&#8203;tjamet](https://redirect.github.com/tjamet) in
[https://github.com/kubernetes-sigs/external-dns/pull/3400](https://redirect.github.com/kubernetes-sigs/external-dns/pull/3400)
- Add provider cache by
[@&#8203;tjamet](https://redirect.github.com/tjamet) in
[https://github.com/kubernetes-sigs/external-dns/pull/4597](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4597)
- chore: update maintainers by
[@&#8203;mloiseleur](https://redirect.github.com/mloiseleur) in
[https://github.com/kubernetes-sigs/external-dns/pull/4679](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4679)
- fix(helm): make use of resource values for webhook by
[@&#8203;crutonjohn](https://redirect.github.com/crutonjohn) in
[https://github.com/kubernetes-sigs/external-dns/pull/4560](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4560)
- Fix AWS Cloud Map docs: annotation key/value pairs must be strings by
[@&#8203;mjlshen](https://redirect.github.com/mjlshen) in
[https://github.com/kubernetes-sigs/external-dns/pull/4683](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4683)
- Webhook provider helm chart fixes by
[@&#8203;kimsondrup](https://redirect.github.com/kimsondrup) in
[https://github.com/kubernetes-sigs/external-dns/pull/4643](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4643)
- chore(deps): bump the dev-dependencies group across 1 directory with
16 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4684](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4684)
- chore(deps): bump GrantBirki/json-yaml-validate from 3.0.0 to 3.1.0 in
the dev-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4685](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4685)
- Add tutorial to DynamoDB registry docs by
[@&#8203;mjlshen](https://redirect.github.com/mjlshen) in
[https://github.com/kubernetes-sigs/external-dns/pull/4686](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4686)
- chore(deps): bump GrantBirki/json-yaml-validate from 3.1.0 to 3.2.0 in
the dev-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4700](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4700)
- chore(deps): bump GrantBirki/json-yaml-validate from 3.2.0 to 3.2.1 in
the dev-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4702](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4702)
- chore: upgrade ExternalDNS to go 1.23 by
[@&#8203;mloiseleur](https://redirect.github.com/mloiseleur) in
[https://github.com/kubernetes-sigs/external-dns/pull/4698](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4698)
- feat: add annotation and label filters to Ambassador Host Source by
[@&#8203;KyleMartin901](https://redirect.github.com/KyleMartin901) in
[https://github.com/kubernetes-sigs/external-dns/pull/2633](https://redirect.github.com/kubernetes-sigs/external-dns/pull/2633)
- Add RouterOS provider to README.md by
[@&#8203;benfiola](https://redirect.github.com/benfiola) in
[https://github.com/kubernetes-sigs/external-dns/pull/4714](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4714)
- feat: support dual stack for gateway api by
[@&#8203;thameezb](https://redirect.github.com/thameezb) in
[https://github.com/kubernetes-sigs/external-dns/pull/4469](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4469)
- chore(deps): bump actions/setup-python from 5.1.1 to 5.2.0 in the
dev-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/kubernetes-sigs/external-dns/pull/4712](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4712)
- chore: remove unmaintained providers by
[@&#8203;mloiseleur](https://redirect.github.com/mloiseleur) in
[https://github.com/kubernetes-sigs/external-dns/pull/4719](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4719)

#### Images

    docker pull registry.k8s.io/external-dns/external-dns:v0.15.0

#### New Contributors

- [@&#8203;kbudde](https://redirect.github.com/kbudde) made their first
contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4502](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4502)
- [@&#8203;matthieugouel](https://redirect.github.com/matthieugouel)
made their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4503](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4503)
- [@&#8203;mariasalcedo](https://redirect.github.com/mariasalcedo) made
their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4529](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4529)
-
[@&#8203;AlessandroZanatta](https://redirect.github.com/AlessandroZanatta)
made their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4538](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4538)
- [@&#8203;roehrijn](https://redirect.github.com/roehrijn) made their
first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/3973](https://redirect.github.com/kubernetes-sigs/external-dns/pull/3973)
- [@&#8203;simonostendorf](https://redirect.github.com/simonostendorf)
made their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4515](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4515)
- [@&#8203;angeloxx](https://redirect.github.com/angeloxx) made their
first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4283](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4283)
- [@&#8203;tobiabocchi](https://redirect.github.com/tobiabocchi) made
their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4583](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4583)
- [@&#8203;thameezb](https://redirect.github.com/thameezb) made their
first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4567](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4567)
- [@&#8203;hopkinsth](https://redirect.github.com/hopkinsth) made their
first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4602](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4602)
- [@&#8203;ilmax](https://redirect.github.com/ilmax) made their first
contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4662](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4662)
- [@&#8203;orgads](https://redirect.github.com/orgads) made their first
contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4663](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4663)
- [@&#8203;pier-oliviert](https://redirect.github.com/pier-oliviert)
made their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4577](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4577)
- [@&#8203;crutonjohn](https://redirect.github.com/crutonjohn) made
their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4560](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4560)
- [@&#8203;mjlshen](https://redirect.github.com/mjlshen) made their
first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4683](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4683)
- [@&#8203;kimsondrup](https://redirect.github.com/kimsondrup) made
their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4643](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4643)
- [@&#8203;KyleMartin901](https://redirect.github.com/KyleMartin901)
made their first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/2633](https://redirect.github.com/kubernetes-sigs/external-dns/pull/2633)
- [@&#8203;benfiola](https://redirect.github.com/benfiola) made their
first contribution in
[https://github.com/kubernetes-sigs/external-dns/pull/4714](https://redirect.github.com/kubernetes-sigs/external-dns/pull/4714)

**Full Changelog**:
kubernetes-sigs/external-dns@v0.14.2...v0.15.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC42Ny41IiwidXBkYXRlZEluVmVyIjoiMzguNjcuNSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJ1cGRhdGUvZG9ja2VyL2dlbmVyYWwvbm9uLW1ham9yIl19-->
simonoff pushed a commit to amoniacou/external-dns that referenced this pull request Sep 6, 2024
…ernetes-sigs#2633)

* Add annotation filter to Ambassador Host Source

This change makes the Ambassador Host source respect the External-DNS annotationFilter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation.

I added the `filterByAnnotations` function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter.

Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter.

```
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-private
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-private
  template:
    metadata:
      labels:
        app: external-dns-private
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type=private # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (private)
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-public
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-public
  template:
    metadata:
      labels:
        app: external-dns-public
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type= # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (public)
---
apiVersion: getambassador.io/v3alpha1
  kind: Host
  metadata:
    name: your-hostname
    annotations:
      external-dns.ambassador-service: emissary-ingress/emissary
      kubernetes.io/ingress.class: public
  spec:
		acmeProvider:
      authority: none
		hostname: your-hostname.example.com
```

Fixes kubernetes-sigs#2632

* Add Label filltering for Ambassador Host source

Currently the `--label-filter` flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects which match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object.

When the flag is not specified the default value is `labels.Everything()` which is an empty string, the same as before. An annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used inconjunction with the other sources that don't yet support label filltering.

It is possible to use label based filltering with annotation based filltering so you can initially filter by label then filter the returned hosts by annotation. This is not recomended

* Update Ambassador Host source docs

Add that the Ambassador Host source now supports both annotation and label filltering.
ivankatliarchuk added a commit to gofogo/k8s-sigs-external-dns-fork that referenced this pull request Sep 14, 2024
* master: (78 commits)
  Update README.md with Efficient IP Provider
  feat(chart): Updated image to v0.15.0
  fix(chart): Don't use unauthenticated webhook port for health probe
  Remove unused session logic after move to aws-sdk-go-v2
  Refactor AWS provider to aws-sdk-go-v2
  Refactor AWS Cloud Map provider to aws-sdk-go-v2
  Refactor DynamoDB registry to aws-sdk-go-v2
  Update docs/release.md
  update the docs to v0.15.0
  bump kustomize version to v0.15.0
  add deprecation notice on coredns tutorial
  docs: refactor title and organisation
  review with Raffo
  chore: remove unmaintained providers
  chore(deps): bump actions/setup-python in the dev-dependencies group
  Add RouterOS provider to README.md
  feat: add annotation and label filters to Ambassador Host Source (kubernetes-sigs#2633)
  chore(deps): bump GrantBirki/json-yaml-validate
  fix linter
  fix ordering
  ...
MohamadTahir pushed a commit to ditkrg/external-dns that referenced this pull request Dec 9, 2024
…ernetes-sigs#2633)

* Add annotation filter to Ambassador Host Source

This change makes the Ambassador Host source respect the External-DNS annotationFilter allowing for an Ambassador Host resource to specify what External-DNS deployment to use when there are multiple External-DNS deployments within the same cluster. Before this change if you had two External-DNS deployments within the cluster and used the Ambassador Host source the first External-DNS to process the resource will create the record and not the one that was specified in the filter annotation.

I added the `filterByAnnotations` function so that it matched the same way the other sources have implemented annotation filtering. I didn't add the controller check only because I wanted to keep this change to implementing the annotationFilter.

Example: Create two External-DNS deployments 1 public and 1 private and set the Ambassador Host to use the public External-DNS using the annotation filter.

```
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-private
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-private
  template:
    metadata:
      labels:
        app: external-dns-private
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type=private # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (private)
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-public
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns-public
  template:
    metadata:
      labels:
        app: external-dns-public
      annotations:
        iam.amazonaws.com/role: {ARN} # AWS ARN role
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:latest
        args:
        - --source=ambassador-host
        - --domain-filter=example.net # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type= # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id= {Hosted Zone ID} # Insert Route53 Hosted Zone ID here
        - --annotation-filter=kubernetes.io/ingress.class in (public)
---
apiVersion: getambassador.io/v3alpha1
  kind: Host
  metadata:
    name: your-hostname
    annotations:
      external-dns.ambassador-service: emissary-ingress/emissary
      kubernetes.io/ingress.class: public
  spec:
		acmeProvider:
      authority: none
		hostname: your-hostname.example.com
```

Fixes kubernetes-sigs#2632

* Add Label filltering for Ambassador Host source

Currently the `--label-filter` flag can only be used to filter CRDs, Ingress, Service and Openshift Route objects which match the label selector passed through that flag. This change extends the functionality to the Ambassador Host type object.

When the flag is not specified the default value is `labels.Everything()` which is an empty string, the same as before. An annotation based filter is inefficient because the filtering has to be done in the controller instead of the API server like with label filtering. The Annotation based filtering has been left in for legacy reasons so the Ambassador Host source can be used inconjunction with the other sources that don't yet support label filltering.

It is possible to use label based filltering with annotation based filltering so you can initially filter by label then filter the returned hosts by annotation. This is not recomended

* Update Ambassador Host source docs

Add that the Ambassador Host source now supports both annotation and label filltering.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Ambassador Host Source doesn't use the label filter Ambassador Host Source doesn't use the annotation filter
8 participants