Skip to content

Commit 0a15c3d

Browse files
authored
Merge branch 'master' into feat-resolve-load-balancer-hostname-to-A-AAAA-records
2 parents 9492f95 + 0b70f86 commit 0a15c3d

225 files changed

Lines changed: 6493 additions & 5397 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/codeql-analysis.yaml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ on:
1010
- cron: '35 13 * * 5'
1111
workflow_dispatch:
1212

13+
permissions: {}
14+
1315
jobs:
1416
analyze:
1517
name: Analyze
@@ -33,7 +35,7 @@ jobs:
3335

3436
# Initializes the CodeQL tools for scanning.
3537
- name: Initialize CodeQL
36-
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
38+
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
3739
with:
3840
languages: ${{ matrix.language }}
3941
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -45,4 +47,4 @@ jobs:
4547
make build
4648
4749
- name: Perform CodeQL Analysis
48-
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
50+
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2

.github/workflows/dependency-update.yaml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,20 +8,21 @@ on:
88
# once a day
99
- cron: '0 0 * * *'
1010

11-
permissions:
12-
contents: write
13-
pull-requests: write
11+
permissions: {}
1412

1513
jobs:
1614
update-versions-with-renovate:
1715
runs-on: ubuntu-latest
1816
if: github.repository == 'kubernetes-sigs/external-dns'
17+
permissions:
18+
contents: write
19+
pull-requests: write
1920
steps:
2021
- name: checkout
2122
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2223
# https://github.com/renovatebot/github-action
2324
- name: self-hosted renovate
24-
uses: renovatebot/github-action@3633cede7d4d4598438e654eac4a695e46004420 # v46.1.7
25+
uses: renovatebot/github-action@f66d8679fcfcfa051abde6e7a623007173bf5164 # v46.1.12
2526
with:
2627
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication
2728
token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/gh-workflow-approve.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ on:
88
branches:
99
- master
1010

11+
permissions: {}
12+
1113
jobs:
1214
approve:
1315
name: Approve ok-to-test
@@ -17,7 +19,7 @@ jobs:
1719
actions: write
1820
steps:
1921
- name: Update PR
20-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
22+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
2123
continue-on-error: true
2224
with:
2325
github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/json-yaml-validate.yml

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,18 +8,12 @@ on:
88

99
permissions:
1010
contents: read
11-
pull-requests: write # enable write permissions for pull requests
1211

1312
jobs:
1413
json-yaml-validate:
1514
runs-on: ubuntu-latest
1615
steps:
1716
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1817

19-
- name: json-yaml-validate
20-
uses: GrantBirki/json-yaml-validate@9bbaa8474e3af4e91f25eda8ac194fdc30564d96 # v4.0.0
21-
with:
22-
# ref: https://github.com/GrantBirki/json-yaml-validate?tab=readme-ov-file#inputs-
23-
comment: "true" # enable comment mode
24-
yaml_exclude_regex: "(charts/external-dns/templates.*|mkdocs.yml)"
25-
allow_multiple_documents: "true"
18+
- name: Validate JSON and YAML
19+
run: bash scripts/validate-json-yaml.sh

.github/workflows/lint.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@ on:
44
pull_request:
55
branches: [ master ]
66

7+
permissions: {}
8+
79
jobs:
810
lint:
911
name: Markdown and Go

.github/workflows/scorecards.yml

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
name: Scorecard supply-chain security
2+
on:
3+
# For Branch-Protection check. Only the default branch is supported. See
4+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
5+
branch_protection_rule:
6+
# To guarantee Maintained check is occasionally updated. See
7+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
8+
schedule:
9+
- cron: '25 7 * * 1' # Every Monday at 7:25am UTC
10+
push:
11+
branches: [ "master" ]
12+
13+
# Declare default permissions as read only.
14+
permissions: read-all
15+
16+
jobs:
17+
analysis:
18+
name: Scorecard analysis
19+
runs-on: ubuntu-latest
20+
permissions:
21+
# Needed to upload the results to code-scanning dashboard.
22+
security-events: write
23+
# Needed to publish results and get a badge (see publish_results below).
24+
id-token: write
25+
# Uncomment the permissions below if installing in a private repository.
26+
# contents: read
27+
# actions: read
28+
29+
steps:
30+
- name: "Checkout code"
31+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
32+
with:
33+
persist-credentials: false
34+
35+
- name: "Run analysis"
36+
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
37+
with:
38+
results_file: results.sarif
39+
results_format: sarif
40+
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
41+
# - you want to enable the Branch-Protection check on a *public* repository, or
42+
# - you are installing Scorecard on a *private* repository
43+
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
44+
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
45+
46+
# Public repositories:
47+
# - Publish results to OpenSSF REST API for easy access by consumers
48+
# - Allows the repository to include the Scorecard badge.
49+
# - See https://github.com/ossf/scorecard-action#publishing-results.
50+
# For private repositories:
51+
# - `publish_results` will always be set to `false`, regardless
52+
# of the value entered here.
53+
publish_results: true
54+
55+
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
56+
# format to the repository Actions tab.
57+
- name: "Upload artifact"
58+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
59+
with:
60+
name: SARIF file
61+
path: results.sarif
62+
retention-days: 5
63+
64+
# Upload the results to GitHub's code scanning dashboard (optional).
65+
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
66+
- name: "Upload to code-scanning"
67+
uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
68+
with:
69+
sarif_file: results.sarif

.github/workflows/validate-crd.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ jobs:
3030
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3131

3232
- name: Set up Go
33-
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.2.0
33+
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.2.0
3434
with:
3535
go-version-file: 'go.mod'
3636

Makefile

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,12 @@ licensecheck:
5555

5656
#? lint: Run all the linters
5757
.PHONY: lint
58-
lint: licensecheck go-lint
58+
lint: licensecheck go-lint validate-json-yaml
59+
60+
#? validate-json-yaml: Validate JSON and YAML files
61+
.PHONY: validate-json-yaml
62+
validate-json-yaml:
63+
bash scripts/validate-json-yaml.sh
5964

6065
#? crd: Generates CRD using controller-gen and copy it into chart
6166
.PHONY: crd
@@ -203,7 +208,7 @@ helm-lint:
203208
scripts/helm-tools.sh --docs
204209

205210
.PHONY: go-dependency
206-
#? go-dependency: Dependency maintanance
211+
#? go-dependency: Dependency maintenance
207212
go-dependency:
208213
go mod tidy
209214

OWNERS

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,14 @@ approvers:
1313
- mloiseleur
1414
- raffo
1515
- szuecs
16+
- vflaux
1617

1718
reviewers:
1819
- ivankatliarchuk
1920
- mloiseleur
2021
- raffo
2122
- szuecs
23+
- u-kai
2224
- vflaux
2325

2426
emeritus_approvers:

README.md

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ hide:
1212

1313
[![Build Status](https://github.com/kubernetes-sigs/external-dns/workflows/Go/badge.svg)](https://github.com/kubernetes-sigs/external-dns/actions)
1414
[![Coverage Status](https://coveralls.io/repos/github/kubernetes-sigs/external-dns/badge.svg)](https://coveralls.io/github/kubernetes-sigs/external-dns)
15+
[![OpenSSF](https://api.scorecard.dev/projects/github.com/kubernetes-sigs/external-dns/badge)](https://scorecard.dev/viewer/?uri=github.com/kubernetes-sigs/external-dns)
1516
[![GitHub release](https://img.shields.io/github/release/kubernetes-sigs/external-dns.svg)](https://github.com/kubernetes-sigs/external-dns/releases)
1617
[![go-doc](https://godoc.org/github.com/kubernetes-sigs/external-dns?status.svg)](https://godoc.org/github.com/kubernetes-sigs/external-dns)
1718
[![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes-sigs/external-dns)](https://goreportcard.com/report/github.com/kubernetes-sigs/external-dns)
@@ -111,10 +112,12 @@ from the usage of any externally developed webhook.
111112
| Netic | https://github.com/neticdk/external-dns-tidydns-webhook |
112113
| OpenStack Designate | https://github.com/inovex/external-dns-designate-webhook |
113114
| OpenWRT | https://github.com/renanqts/external-dns-openwrt-webhook |
115+
| Porkbun | https://github.com/mattgmoser/external-dns-porkbun-webhook |
114116
| PS Cloud Services | https://github.com/supervillain3000/external-dns-pscloud-webhook |
115117
| SAKURA Cloud | https://github.com/sacloud/external-dns-sacloud-webhook |
116118
| Simply | https://github.com/uozalp/external-dns-simply-webhook |
117119
| STACKIT | https://github.com/stackitcloud/external-dns-stackit-webhook |
120+
| Tencent Cloud | https://github.com/tkestack/external-dns-tencentcloud-webhook |
118121
| Unbound | https://github.com/guillomep/external-dns-unbound-webhook |
119122
| Unifi | https://github.com/kashalls/external-dns-unifi-webhook |
120123
| UniFi | https://github.com/lexfrei/external-dns-unifios-webhook |
@@ -248,21 +251,21 @@ kubectl expose pod nginx --port=80 --target-port=80 --type=LoadBalancer
248251
Annotate the Service with your desired external DNS name. Make sure to change `example.org` to your domain.
249252

250253
```console
251-
kubectl annotate service nginx "external-dns.alpha.kubernetes.io/hostname=nginx.example.org."
254+
kubectl annotate service nginx "external-dns.kubernetes.io/hostname=nginx.example.org."
252255
```
253256

254-
Optionally, you can customize the TTL value of the resulting DNS record by using the `external-dns.alpha.kubernetes.io/ttl` annotation:
257+
Optionally, you can customize the TTL value of the resulting DNS record by using the `external-dns.kubernetes.io/ttl` annotation:
255258

256259
```console
257-
kubectl annotate service nginx "external-dns.alpha.kubernetes.io/ttl=10"
260+
kubectl annotate service nginx "external-dns.kubernetes.io/ttl=10"
258261
```
259262

260263
For more details on configuring TTL, see [advanced ttl](docs/advanced/ttl.md).
261264

262265
Use the internal-hostname annotation to create DNS records with ClusterIP as the target.
263266

264267
```console
265-
kubectl annotate service nginx "external-dns.alpha.kubernetes.io/internal-hostname=nginx.internal.example.org."
268+
kubectl annotate service nginx "external-dns.kubernetes.io/internal-hostname=nginx.internal.example.org."
266269
```
267270

268271
If the service is not of type Loadbalancer you need the --publish-internal-services flag.

0 commit comments

Comments
 (0)