kubernetes-sigs
diff --git a/‎docs/sources/unstructured.md‎
Lines changed: 105 additions & 1 deletion b/‎docs/sources/unstructured.md‎
Lines changed: 105 additions & 1 deletion
diff --git a/‎source/unstructured.go‎
Lines changed: 48 additions & 84 deletions b/‎source/unstructured.go‎
Lines changed: 48 additions & 84 deletions
@@ -14,8 +14,9 @@ Use this source when:
 
 Example CRDs:
 
-- KubeVirt VirtualMachineInstances
+- Use ConfigMaps as a lightweight DNS registry without needing custom CRDs
 - Crossplane managed resources (RDS, ElastiCache, S3, etc.)
+- KubeVirt VirtualMachineInstances
 - ArgoCD Applications
 
 > **Note**: Prefer built-in sources when available (e.g., `istio-virtualservice`, `gateway-httproute`) as they provide optimized handling for those resource types.
@@ -65,6 +66,24 @@ status:
     status: "True"
 ```
 
+**ACK FieldExport** - AWS Controllers for Kubernetes can export resource status (RDS endpoints, S3 bucket URLs) to ConfigMaps via FieldExport, enabling dynamic DNS records
+
+```yaml
+# FieldExport copies S3 bucket URL to ConfigMap
+apiVersion: services.k8s.aws/v1alpha1
+kind: FieldExport
+spec:
+  from:
+    path: ".status.location"
+    resource:
+      group: s3.services.k8s.aws
+      kind: Bucket
+      name: my-bucket
+  to:
+    kind: configmap
+    name: bucket-dns
+```
+
 ## Configuration
 
 | Flag                           | Description                                                        |
@@ -93,6 +112,35 @@ Templates have access to typed-style fields and raw object data:
 
 ## Examples
 
+### ConfigMap DNS Registry
+
+Use ConfigMaps as a lightweight DNS registry without needing custom CRDs. Useful for GitOps workflows where teams manage DNS entries via ConfigMaps in their namespaces.
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: api-dns
+  namespace: production
+  labels:
+    external-dns.alpha.kubernetes.io/dns-controller: "dns-controller"
+data:
+  hostname: api.example.com
+  target: 10.0.0.100
+```
+
+```bash
+external-dns \
+  --source=unstructured \
+  --unstructured-fqdn-resource=configmaps.v1 \
+  --fqdn-template='{{index .Object.data "hostname"}}' \
+  --fqdn-target-template='{{index .Object.data "target"}}' \
+  --label-filter='external-dns.alpha.kubernetes.io/controller=dns-controller'
+
+# Result:
+# api.example.com -> 10.0.0.100 (A)
+```
+
 ### Crossplane RDS Instance
 
 ```bash
@@ -240,6 +288,62 @@ external-dns \
 # my-node-1.nodes.example.com -> 203.0.113.10 (A)
 ```
 
+### ACK FieldExport with ConfigMap
+
+Use AWS Controllers for Kubernetes (ACK) to dynamically populate ConfigMaps with resource endpoints. FieldExport copies values from ACK-managed resources (RDS, S3, ElastiCache) to ConfigMaps, which external-dns can then use for DNS records.
+
+```yaml
+# 1. ACK creates an S3 bucket
+apiVersion: s3.services.k8s.aws/v1alpha1
+kind: Bucket
+metadata:
+  name: app-assets
+  namespace: default
+spec:
+  name: my-app-assets-bucket
+---
+# 2. FieldExport copies the bucket URL to a ConfigMap
+apiVersion: services.k8s.aws/v1alpha1
+kind: FieldExport
+metadata:
+  name: export-bucket-url
+  namespace: default
+spec:
+  from:
+    path: ".status.location"
+    resource:
+      group: s3.services.k8s.aws
+      kind: Bucket
+      name: app-assets
+  to:
+    kind: configmap
+    name: app-assets-dns
+    namespace: default
+---
+# 3. ConfigMap is populated by FieldExport
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: app-assets-dns
+  namespace: default
+  labels:
+    app.kubernetes.io/managed-by: ack-fieldexport
+data:
+  default.export-bucket-url: "https://my-app-assets-bucket.s3.amazonaws.com/"
+```
+
+```bash
+external-dns \
+  --source=unstructured \
+  --unstructured-fqdn-resource=configmaps.v1 \
+  --fqdn-template='{{if eq .Kind "ConfigMap"}}{{.Name}}.cdn.example.com{{end}}' \
+  --fqdn-target-template='{{if eq .Kind "ConfigMap"}}{{$url := index .Object.data "default.export-bucket-url"}}{{trimSuffix (trimPrefix $url "https://") "/"}}{{end}}' \
+  --label-filter='app.kubernetes.io/managed-by=ack-fieldexport'
+
+# Result:
+# app-assets-dns.cdn.example.com -> my-app-assets-bucket.s3.amazonaws.com (CNAME)
+```
+
 ## RBAC
 
 Grant external-dns access to your custom resources:
 
@@ -22,7 +22,6 @@ import (
 	"strings"
 	"text/template"
 
-	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/labels"
@@ -59,7 +58,7 @@ type unstructuredSource struct {
 	combineFqdnAnnotation bool
 	fqdnTemplate          *template.Template
 	targetFqdnTemplate    *template.Template
-	resources             []resourceConfig
+	informers             []kubeinformers.GenericInformer
 }
 
 // NewUnstructuredFQDNSource creates a new unstructuredSource.
@@ -83,21 +82,9 @@ func NewUnstructuredFQDNSource(
 		return nil, err
 	}
 
-	// Discover and validate all resources using cached discovery client
-	cachedDiscovery := memory.NewMemCacheClient(kubeClient.Discovery())
-	resourceConfigs := make([]resourceConfig, 0, len(resources))
-	for _, r := range resources {
-		gvr, err := parseResourceIdentifier(r)
-		if err != nil {
-			return nil, err
-		}
-
-		rc, err := discoverResource(cachedDiscovery, gvr)
-		if err != nil {
-			return nil, err
-		}
-
-		resourceConfigs = append(resourceConfigs, *rc)
+	gvrs, err := discoverResources(kubeClient, resources)
+	if err != nil {
+		return nil, err
 	}
 
 	// Create a single informer factory for all resources
@@ -109,11 +96,12 @@ func NewUnstructuredFQDNSource(
 	)
 
 	// Create informers for each resource
-	for i := range resourceConfigs {
-		resourceConfigs[i].informer = informerFactory.ForResource(resourceConfigs[i].gvr)
+	resourceInformers := make([]kubeinformers.GenericInformer, 0, len(gvrs))
+	for _, gvr := range gvrs {
+		informer := informerFactory.ForResource(gvr)
 
 		// Add indexers for efficient lookups by namespace and labels (must be before AddEventHandler)
-		err := resourceConfigs[i].informer.Informer().AddIndexers(
+		err := informer.Informer().AddIndexers(
 			informers.IndexerWithOptions[*unstructured.Unstructured](
 				informers.IndexSelectorWithAnnotationFilter(annotationFilter),
 				informers.IndexSelectorWithLabelSelector(labelSelector),
@@ -123,7 +111,8 @@ func NewUnstructuredFQDNSource(
 			return nil, err
 		}
 
-		_, _ = resourceConfigs[i].informer.Informer().AddEventHandler(informers.DefaultEventHandler())
+		_, _ = informer.Informer().AddEventHandler(informers.DefaultEventHandler())
+		resourceInformers = append(resourceInformers, informer)
 	}
 
 	informerFactory.Start(ctx.Done())
@@ -137,17 +126,17 @@ func NewUnstructuredFQDNSource(
 		labelSelector:         labelSelector,
 		fqdnTemplate:          fqdnTmpl,
 		targetFqdnTemplate:    targetTmpl,
-		resources:             resourceConfigs,
+		informers:             resourceInformers,
 		combineFqdnAnnotation: combineFqdnAnnotation,
 	}, nil
 }
 
 // Endpoints returns the list of endpoints from unstructured resources.
-func (us *unstructuredSource) Endpoints(ctx context.Context) ([]*endpoint.Endpoint, error) {
+func (us *unstructuredSource) Endpoints(_ context.Context) ([]*endpoint.Endpoint, error) {
 	var endpoints []*endpoint.Endpoint
 
-	for _, rc := range us.resources {
-		resourceEndpoints, err := us.endpointsForResource(ctx, rc)
+	for _, informer := range us.informers {
+		resourceEndpoints, err := us.endpointsFromInformer(informer)
 		if err != nil {
 			return nil, err
 		}
@@ -157,17 +146,16 @@ func (us *unstructuredSource) Endpoints(ctx context.Context) ([]*endpoint.Endpoi
 	return endpoints, nil
 }
 
-// endpointsForResource returns endpoints for a single resource type.
-func (us *unstructuredSource) endpointsForResource(_ context.Context, rc resourceConfig) ([]*endpoint.Endpoint, error) {
+// endpointsFromInformer returns endpoints for a single resource type.
+func (us *unstructuredSource) endpointsFromInformer(informer kubeinformers.GenericInformer) ([]*endpoint.Endpoint, error) {
 	var endpoints []*endpoint.Endpoint
 
 	// Get objects that match the indexer filter (annotation and label selectors)
-	indexKeys := rc.informer.Informer().GetIndexer().ListIndexFuncValues(informers.IndexWithSelectors)
+	indexKeys := informer.Informer().GetIndexer().ListIndexFuncValues(informers.IndexWithSelectors)
 
 	for _, key := range indexKeys {
-		obj, err := informers.GetByKey[*unstructured.Unstructured](rc.informer.Informer().GetIndexer(), key)
+		obj, err := informers.GetByKey[*unstructured.Unstructured](informer.Informer().GetIndexer(), key)
 		if err != nil {
-			log.Debugf("failed to get object by key %q: %v", key, err)
 			continue
 		}
 
@@ -240,17 +228,11 @@ func (us *unstructuredSource) endpointsFromTemplate(el *unstructuredWrapper) ([]
 
 // AddEventHandler adds an event handler that is called when resources change.
 func (us *unstructuredSource) AddEventHandler(_ context.Context, handler func()) {
-	for _, rc := range us.resources {
-		_, _ = rc.informer.Informer().AddEventHandler(eventHandlerFunc(handler))
+	for _, informer := range us.informers {
+		_, _ = informer.Informer().AddEventHandler(eventHandlerFunc(handler))
 	}
 }
 
-// resourceConfig holds the parsed configuration for a single resource type.
-type resourceConfig struct {
-	gvr      schema.GroupVersionResource
-	informer kubeinformers.GenericInformer
-}
-
 // unstructuredWrapper wraps an unstructured.Unstructured to provide both
 // typed-style template access ({{ .Name }}, {{ .Namespace }}) and raw map access
 // ({{ .Spec.field }}, {{ index .Status.interfaces 0 "ipAddress" }}).
@@ -312,66 +294,48 @@ func newUnstructuredWrapper(obj runtime.Object) *unstructuredWrapper {
 	return w
 }
 
-// parseResourceIdentifier parses a resource identifier in the format "resource.version.group"
-// (e.g., "virtualmachineinstances.v1.kubevirt.io") and returns a GroupVersionResource.
-//
-// Format: resource.version.group
-// - resource: plural resource name (e.g., "vmachines")
-// - version: API version (e.g., "v1", "v1beta1")
-// - group: API group (e.g., "kubevirt.io", "apps")
-//
-// For core API resources (e.g., pods.v1), the group is empty.
-func parseResourceIdentifier(identifier string) (schema.GroupVersionResource, error) {
-	parts := strings.SplitN(identifier, ".", 3)
-	if len(parts) < 2 {
-		return schema.GroupVersionResource{}, fmt.Errorf("invalid resource identifier %q: expected format resource.version.group (e.g., virtualmachineinstances.v1.kubevirt.io)", identifier)
-	}
+// discoverResources parses and validates resource identifiers against the cluster.
+// It uses a cached discovery client to minimize API calls.
+func discoverResources(kubeClient kubernetes.Interface, resources []string) ([]schema.GroupVersionResource, error) {
+	cachedDiscovery := memory.NewMemCacheClient(kubeClient.Discovery())
+	gvrs := make([]schema.GroupVersionResource, 0, len(resources))
 
-	resource := parts[0]
-	version := parts[1]
-	group := ""
-	if len(parts) == 3 {
-		group = parts[2]
-	}
+	for _, r := range resources {
+		// Handle core API resources (e.g., "configmaps.v1" -> "configmaps.v1.")
+		if strings.Count(r, ".") == 1 {
+			r += "."
+		}
 
-	if resource == "" {
-		return schema.GroupVersionResource{}, fmt.Errorf("invalid resource identifier %q: resource name cannot be empty", identifier)
-	}
-	if version == "" {
-		return schema.GroupVersionResource{}, fmt.Errorf("invalid resource identifier %q: version cannot be empty", identifier)
+		gvr, _ := schema.ParseResourceArg(r)
+		if gvr == nil {
+			return nil, fmt.Errorf("invalid resource identifier %q: expected format resource.version.group (e.g., certificates.v1.cert-manager.io)", r)
+		}
+
+		if err := validateResource(cachedDiscovery, *gvr); err != nil {
+			return nil, err
+		}
+
+		gvrs = append(gvrs, *gvr)
 	}
 
-	return schema.GroupVersionResource{
-		Group:    group,
-		Version:  version,
-		Resource: resource,
-	}, nil
+	return gvrs, nil
 }
 
-// discoverResource validates that a resource exists in the cluster and returns its configuration.
-// It uses the Discovery API to verify the resource and determine if it's namespaced.
-func discoverResource(discoveryClient discovery.DiscoveryInterface, gvr schema.GroupVersionResource) (*resourceConfig, error) {
+// validateResource validates that a resource exists in the cluster.
+// It uses the Discovery API to verify the resource is available.
+func validateResource(discoveryClient discovery.DiscoveryInterface, gvr schema.GroupVersionResource) error {
 	gv := gvr.GroupVersion().String()
 
 	apiResourceList, err := discoveryClient.ServerResourcesForGroupVersion(gv)
 	if err != nil {
-		return nil, fmt.Errorf("failed to discover resources for %q: %w", gv, err)
+		return fmt.Errorf("failed to discover resources for %q: %w", gv, err)
 	}
 
-	var apiResource *metav1.APIResource
 	for i := range apiResourceList.APIResources {
-		ar := &apiResourceList.APIResources[i]
-		if ar.Name == gvr.Resource {
-			apiResource = ar
-			break
+		if apiResourceList.APIResources[i].Name == gvr.Resource {
+			return nil
 		}
 	}
 
-	if apiResource == nil {
-		return nil, fmt.Errorf("resource %q not found in %q", gvr.Resource, gv)
-	}
-
-	return &resourceConfig{
-		gvr: gvr,
-	}, nil
+	return fmt.Errorf("resource %q not found in %q", gvr.Resource, gv)
 }