Skip to content

Commit

Permalink
Add command line parameter and update helm
Browse files Browse the repository at this point in the history
  • Loading branch information
angeloxx committed Feb 25, 2024
1 parent 5c01e95 commit 940899b
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 4 deletions.
10 changes: 10 additions & 0 deletions docs/tutorials/rfc2136.md
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,16 @@ A default TTL for all records can be set using the the flag with a time in secon
There are other annotation that can affect the generation of DNS records, but these are beyond the scope of this
tutorial and are covered in the main documentation.

### Generate reverse DNS records

If you want to generate reverse DNS records for your services, you have to enable the functionality using the `--rfc2136-manageptr`
flag. You have also to add the zone to the list of zones managed by ExternalDNS via the `--rfc2136-zone` and `--domain-filter` flags.
An example of a valid configuration is the following:

```--domain-filter=157.168.192.in-addr.arpa --rfc2136-zone=157.168.192.in-addr.arpa```

PTR record tracking is managed by the A/AAAA record so you can't create PTR records for already generated A/AAAA records.

### Test with external-dns installed on local machine (optional)
You may install external-dns and test on a local machine by running:
```external-dns --txt-owner-id k8s --provider rfc2136 --rfc2136-host=192.168.0.1 --rfc2136-port=53 --rfc2136-zone=k8s.example.org --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8= --rfc2136-tsig-secret-alg=hmac-sha256 --rfc2136-tsig-keyname=externaldns-key --rfc2136-tsig-axfr --source ingress --once --domain-filter=k8s.example.org --dry-run```
Expand Down
2 changes: 1 addition & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,7 @@ func main() {
p, err = oci.NewOCIProvider(*config, domainFilter, zoneIDFilter, cfg.OCIZoneScope, cfg.DryRun)
}
case "rfc2136":
p, err = rfc2136.NewRfc2136Provider(cfg.RFC2136Host, cfg.RFC2136Port, cfg.RFC2136Zone, cfg.RFC2136Insecure, cfg.RFC2136TSIGKeyName, cfg.RFC2136TSIGSecret, cfg.RFC2136TSIGSecretAlg, cfg.RFC2136TAXFR, domainFilter, cfg.DryRun, cfg.RFC2136MinTTL, cfg.RFC2136GSSTSIG, cfg.RFC2136KerberosUsername, cfg.RFC2136KerberosPassword, cfg.RFC2136KerberosRealm, cfg.RFC2136BatchChangeSize, nil)
p, err = rfc2136.NewRfc2136Provider(cfg.RFC2136Host, cfg.RFC2136Port, cfg.RFC2136Zone, cfg.RFC2136Insecure, cfg.RFC2136TSIGKeyName, cfg.RFC2136TSIGSecret, cfg.RFC2136TSIGSecretAlg, cfg.RFC2136TAXFR, domainFilter, cfg.DryRun, cfg.RFC2136MinTTL, cfg.RFC2136ManagePTR, cfg.RFC2136GSSTSIG, cfg.RFC2136KerberosUsername, cfg.RFC2136KerberosPassword, cfg.RFC2136KerberosRealm, cfg.RFC2136BatchChangeSize, nil)
case "ns1":
p, err = ns1.NewNS1Provider(
ns1.NS1Config{
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/externaldns/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,7 @@ type Config struct {
RFC2136Zone []string
RFC2136Insecure bool
RFC2136GSSTSIG bool
RFC2136ManagePTR bool
RFC2136KerberosRealm string
RFC2136KerberosUsername string
RFC2136KerberosPassword string `secure:"yes"`
Expand Down Expand Up @@ -579,6 +580,7 @@ func (cfg *Config) ParseFlags(args []string) error {
app.Flag("rfc2136-host", "When using the RFC2136 provider, specify the host of the DNS server").Default(defaultConfig.RFC2136Host).StringVar(&cfg.RFC2136Host)
app.Flag("rfc2136-port", "When using the RFC2136 provider, specify the port of the DNS server").Default(strconv.Itoa(defaultConfig.RFC2136Port)).IntVar(&cfg.RFC2136Port)
app.Flag("rfc2136-zone", "When using the RFC2136 provider, specify zone entries of the DNS server to use").StringsVar(&cfg.RFC2136Zone)
app.Flag("rfc2136-manageptr", "When using the RFC2136 provider, enable PTR management").Default(strconv.FormatBool(defaultConfig.RFC2136ManagePTR)).BoolVar(&cfg.RFC2136ManagePTR)
app.Flag("rfc2136-insecure", "When using the RFC2136 provider, specify whether to attach TSIG or not (default: false, requires --rfc2136-tsig-keyname and rfc2136-tsig-secret)").Default(strconv.FormatBool(defaultConfig.RFC2136Insecure)).BoolVar(&cfg.RFC2136Insecure)
app.Flag("rfc2136-tsig-keyname", "When using the RFC2136 provider, specify the TSIG key to attached to DNS messages (required when --rfc2136-insecure=false)").Default(defaultConfig.RFC2136TSIGKeyName).StringVar(&cfg.RFC2136TSIGKeyName)
app.Flag("rfc2136-tsig-secret", "When using the RFC2136 provider, specify the TSIG (base64) value to attached to DNS messages (required when --rfc2136-insecure=false)").Default(defaultConfig.RFC2136TSIGSecret).StringVar(&cfg.RFC2136TSIGSecret)
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/externaldns/validation/validation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ func TestValidateBadRfc2136Config(t *testing.T) {
cfg.Sources = []string{"test-source"}
cfg.Provider = "rfc2136"
cfg.RFC2136MinTTL = -1
cfg.ManagePTR = false
cfg.RFC2136BatchChangeSize = 50

err := ValidateConfig(cfg)
Expand Down
8 changes: 5 additions & 3 deletions provider/rfc2136/rfc2136.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ type rfc2136Provider struct {
axfr bool
minTTL time.Duration
batchChangeSize int
managePTR bool

// options specific to rfc3645 gss-tsig support
gssTsig bool
Expand Down Expand Up @@ -82,7 +83,7 @@ type rfc2136Actions interface {
}

// NewRfc2136Provider is a factory function for OpenStack rfc2136 providers
func NewRfc2136Provider(host string, port int, zoneNames []string, insecure bool, keyName string, secret string, secretAlg string, axfr bool, domainFilter endpoint.DomainFilter, dryRun bool, minTTL time.Duration, gssTsig bool, krb5Username string, krb5Password string, krb5Realm string, batchChangeSize int, actions rfc2136Actions) (provider.Provider, error) {
func NewRfc2136Provider(host string, port int, zoneNames []string, insecure bool, keyName string, secret string, secretAlg string, axfr bool, domainFilter endpoint.DomainFilter, dryRun bool, minTTL time.Duration, managePTR bool, gssTsig bool, krb5Username string, krb5Password string, krb5Realm string, batchChangeSize int, actions rfc2136Actions) (provider.Provider, error) {
secretAlgChecked, ok := tsigAlgs[secretAlg]
if !ok && !insecure && !gssTsig {
return nil, errors.Errorf("%s is not supported TSIG algorithm", secretAlg)
Expand All @@ -103,6 +104,7 @@ func NewRfc2136Provider(host string, port int, zoneNames []string, insecure bool
zoneNames: zoneNames,
insecure: insecure,
gssTsig: gssTsig,
managePTR: managePTR,
krb5Username: krb5Username,
krb5Password: krb5Password,
krb5Realm: strings.ToUpper(krb5Realm),
Expand Down Expand Up @@ -306,7 +308,7 @@ func (r rfc2136Provider) ApplyChanges(ctx context.Context, changes *plan.Changes
m[zone].SetUpdate(zone)
r.AddRecord(m[zone], ep)

if ep.RecordType == "A" || ep.RecordType == "AAAA" {
if r.managePTR && (ep.RecordType == "A" || ep.RecordType == "AAAA") {
r.AddReverseRecord(ep.Targets[0], ep.DNSName)
}
}
Expand Down Expand Up @@ -378,7 +380,7 @@ func (r rfc2136Provider) ApplyChanges(ctx context.Context, changes *plan.Changes
m[zone].SetUpdate(zone)

r.RemoveRecord(m[zone], ep)
if ep.RecordType == "A" || ep.RecordType == "AAAA" {
if r.managePTR && (ep.RecordType == "A" || ep.RecordType == "AAAA") {
r.RemoveReverseRecord(ep.Targets[0], ep.DNSName)
}
}
Expand Down

0 comments on commit 940899b

Please sign in to comment.