kubernetes-sigs
diff --git a/‎docs/flags.md‎
Lines changed: 4 additions & 3 deletions b/‎docs/flags.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎docs/sources/unstructured.md‎
Lines changed: 175 additions & 16 deletions b/‎docs/sources/unstructured.md‎
Lines changed: 175 additions & 16 deletions
@@ -28,7 +28,6 @@
 | `--exclude-target-net=EXCLUDE-TARGET-NET` | Exclude target nets (optional) |
 | `--[no-]exclude-unschedulable` | Exclude nodes that are considered unschedulable (default: true) |
 | `--[no-]expose-internal-ipv6` | When using the node source, expose internal IPv6 addresses (optional, default: false) |
-| `--fqdn-template=""` | A templated string that's used to generate DNS names from sources that don't define a hostname themselves, or to add a hostname suffix when paired with the fake source (optional). Accepts comma separated list for multiple global FQDN. |
 | `--gateway-label-filter=""` | Filter Gateways of Route endpoints via label selector (default: all gateways) |
 | `--gateway-name=""` | Limit Gateways of Route endpoints to a specific name (default: all names) |
 | `--gateway-namespace=""` | Limit Gateways of Route endpoints to a specific namespace (default: all namespaces) |
@@ -49,8 +48,7 @@
 | `--target-net-filter=TARGET-NET-FILTER` | Limit possible targets by a net filter; specify multiple times for multiple possible nets (optional) |
 | `--[no-]traefik-enable-legacy` | Enable legacy listeners on Resources under the traefik.containo.us API Group |
 | `--[no-]traefik-disable-new` | Disable listeners on Resources under the traefik.io API Group |
-| `--unstructured-fqdn-resource=UNSTRUCTURED-FQDN-RESOURCE` | When using the unstructured-fqdn source, specify resources in resource.version.group format (e.g., virtualmachineinstances.v1.kubevirt.io); specify multiple times for multiple resources |
-| `--fqdn-target-template=""` | When using the unstructured source, specify the target FQDN template for DNS records |
+| `--unstructured-resource=UNSTRUCTURED-RESOURCE` | When using the unstructured source, specify resources in resource.version.group format (e.g., virtualmachineinstances.v1.kubevirt.io, configmap.v1); specify multiple times for multiple resources |
 | `--events-emit=EVENTS-EMIT` | Events that should be emitted. Specify multiple times for multiple events support (optional, default: none, expected: RecordReady, RecordDeleted, RecordError) |
 | `--provider-cache-time=0s` | The time to cache the DNS provider record list requests. |
 | `--domain-filter=` | Limit possible target zones by a domain suffix; specify multiple times for multiple domains (optional) |
@@ -182,5 +180,8 @@
 | `--webhook-provider-read-timeout=5s` | The read timeout for the webhook provider in duration format (default: 5s) |
 | `--webhook-provider-write-timeout=10s` | The write timeout for the webhook provider in duration format (default: 10s) |
 | `--[no-]webhook-server` | When enabled, runs as a webhook server instead of a controller. (default: false). |
+| `--fqdn-template=""` | A templated string that's used to generate DNS names from sources that don't define a hostname themselves, or to add a hostname suffix when paired with the fake source (optional). Accepts comma separated list for multiple global FQDN. |
+| `--fqdn-target-template=""` | When using the unstructured source, specify the target FQDN template for DNS records |
+| `--fqdn-host-target-template=""` | When using the unstructured source, specify a template that returns host:target pairs (e.g., '{{range .Object.endpoints}}{{.targetRef.name}}.svc.example.com:{{index .addresses 0}},{{end}}'). Mutually exclusive with --fqdn-template and --fqdn-target-template |
 | `--provider=provider` | The DNS provider where the DNS records will be created (required, options: akamai, alibabacloud, aws, aws-sd, azure, azure-dns, azure-private-dns, civo, cloudflare, coredns, digitalocean, dnsimple, exoscale, gandi, godaddy, google, inmemory, linode, ns1, oci, ovh, pdns, pihole, plural, rfc2136, scaleway, skydns, transip, webhook) |
 | `--source=source` | The resource types that are queried for endpoints; specify multiple times for multiple sources (required, options: service, ingress, node, pod, gateway-httproute, gateway-grpcroute, gateway-tlsroute, gateway-tcproute, gateway-udproute, istio-gateway, istio-virtualservice, contour-httpproxy, gloo-proxy, fake, connector, crd, empty, skipper-routegroup, openshift-route, ambassador-host, kong-tcpingress, f5-virtualserver, f5-transportserver, traefik-proxy, unstructured) |
@@ -11,12 +11,11 @@ Use this source when:
 - The resource exposes DNS-relevant data (hostnames, IPs, endpoints) in `.spec` or `.status`
 - A built-in source exists but only supports an older API version than you're using
 - You want to experiment with custom controllers or meshes but keep external-dns
-
-Example CRDs:
-
-- KubeVirt VirtualMachineInstances
-- Crossplane managed resources (RDS, ElastiCache, S3, etc.)
-- ArgoCD Applications
+- Create DNS entries based on any attribute of any Kubernetes object
+  - Use ConfigMaps as a lightweight DNS registry without needing custom CRDs
+  - Crossplane managed resources (RDS, ElastiCache, S3, etc.)
+  - Support Endpoints directly
+- Allows the community to support new CRDs via configuration rather than code changes
 
 > **Note**: Prefer built-in sources when available (e.g., `istio-virtualservice`, `gateway-httproute`) as they provide optimized handling for those resource types.
 
@@ -65,13 +64,32 @@ status:
     status: "True"
 ```
 
+**ACK FieldExport** - AWS Controllers for Kubernetes can export resource status (RDS endpoints, S3 bucket URLs) to ConfigMaps via FieldExport, enabling dynamic DNS records
+
+```yaml
+# FieldExport copies S3 bucket URL to ConfigMap
+apiVersion: services.k8s.aws/v1alpha1
+kind: FieldExport
+spec:
+  from:
+    path: ".status.location"
+    resource:
+      group: s3.services.k8s.aws
+      kind: Bucket
+      name: my-bucket
+  to:
+    kind: configmap
+    name: bucket-dns
+```
+
 ## Configuration
 
 | Flag                           | Description                                                        |
 |--------------------------------|--------------------------------------------------------------------|
-| `--unstructured-fqdn-resource` | Resources to watch in `resource.version.group` format (repeatable) |
+| `--unstructured-resource` | Resources to watch in `resource.version.group` format (repeatable) |
 | `--fqdn-template`              | Go template for DNS names                                          |
 | `--fqdn-target-template`       | Go template for DNS targets                                        |
+| `--fqdn-host-target-template`  | Go template returning `host:target` pairs (mutually exclusive with above two) |
 | `--label-filter`               | Filter resources by labels                                         |
 | `--annotation-filter`          | Filter resources by annotations                                    |
 
@@ -93,12 +111,41 @@ Templates have access to typed-style fields and raw object data:
 
 ## Examples
 
+### ConfigMap DNS Registry
+
+Use ConfigMaps as a lightweight DNS registry without needing custom CRDs. Useful for GitOps workflows where teams manage DNS entries via ConfigMaps in their namespaces.
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: api-dns
+  namespace: production
+  labels:
+    external-dns.alpha.kubernetes.io/dns-controller: "dns-controller"
+data:
+  hostname: api.example.com
+  target: 10.0.0.100
+```
+
+```bash
+external-dns \
+  --source=unstructured \
+  --unstructured-resource=configmaps.v1 \
+  --fqdn-template='{{index .Object.data "hostname"}}' \
+  --fqdn-target-template='{{index .Object.data "target"}}' \
+  --label-filter='external-dns.alpha.kubernetes.io/controller=dns-controller'
+
+# Result:
+# api.example.com -> 10.0.0.100 (A)
+```
+
 ### Crossplane RDS Instance
 
 ```bash
 external-dns \
   --source=unstructured \
-  --unstructured-fqdn-resource=rdsinstances.v1alpha1.rds.aws.crossplane.io \
+  --unstructured-resource=rdsinstances.v1alpha1.rds.aws.crossplane.io \
   --fqdn-template='{{.Name}}.db.example.com' \
   --fqdn-target-template='{{.Status.atProvider.endpoint.address}}'
 ```
@@ -108,8 +155,8 @@ external-dns \
 ```bash
 external-dns \
   --source=unstructured \
-  --unstructured-fqdn-resource=virtualmachineinstances.v1.kubevirt.io \
-  --unstructured-fqdn-resource=rdsinstances.v1alpha1.rds.aws.crossplane.io \
+  --unstructured-resource=virtualmachineinstances.v1.kubevirt.io \
+  --unstructured-resource=rdsinstances.v1alpha1.rds.aws.crossplane.io \
   --fqdn-template='{{.Name}}.{{.Kind}}.example.com' \
   --fqdn-target-template='{{.Status.endpoint}}'
 ```
@@ -132,14 +179,16 @@ spec:
 ```bash
 external-dns \
   --source=unstructured \
-  --unstructured-fqdn-resource=ipaddresspools.v1beta1.metallb.io \
+  --unstructured-resource=ipaddresspools.v1beta1.metallb.io \
   --fqdn-template='{{index .Annotations "external-dns.alpha.kubernetes.io/hostname"}}' \
-  --fqdn-target-template='{{index .Spec.addresses 0}}'
+  --fqdn-target-template='{{$addr := index .Spec.addresses 0}}{{if contains $addr "/32"}}{{trimSuffix $addr "/32"}}{{else}}{{$addr}}{{end}}'
 
 # Result:
-# lb.example.com -> 192.168.10.11/32 (CNAME)
+# lb.example.com -> 192.168.10.11 (A)
 ```
 
+> **Tip**: Use `contains` with `trimSuffix` to extract the IP from `/32` CIDR notation.
+
 ### Apache APISIX Route
 
 ```yaml
@@ -167,7 +216,7 @@ status:
 ```bash
 external-dns \
   --source=unstructured \
-  --unstructured-fqdn-resource=apisixroutes.v2.apisix.apache.org \
+  --unstructured-resource=apisixroutes.v2.apisix.apache.org \
   --fqdn-template='{{.Name}}.route.example.com' \
   --fqdn-target-template='{{.Status.apisix.gateway}}'
 
@@ -198,7 +247,7 @@ spec:
 ```bash
 external-dns \
   --source=unstructured \
-  --unstructured-fqdn-resource=certificates.v1.cert-manager.io \
+  --unstructured-resource=certificates.v1.cert-manager.io \
   --fqdn-template='{{index .Spec.dnsNames 0}}' \
   --fqdn-target-template='{{index .Annotations "external-dns.alpha.kubernetes.io/target"}}'
 
@@ -231,7 +280,7 @@ status:
 ```bash
 external-dns \
   --source=unstructured \
-  --unstructured-fqdn-resource=nodes.v3.management.cattle.io \
+  --unstructured-resource=nodes.v3.management.cattle.io \
   --fqdn-template='{{.Spec.hostname}}.nodes.example.com' \
   --fqdn-target-template='{{(index .Status.internalNodeStatus.addresses 0).address}}' \
   --label-filter='node-role.kubernetes.io/controlplane=true'
@@ -240,6 +289,116 @@ external-dns \
 # my-node-1.nodes.example.com -> 203.0.113.10 (A)
 ```
 
+### ACK FieldExport with ConfigMap
+
+Use AWS Controllers for Kubernetes (ACK) to dynamically populate ConfigMaps with resource endpoints. FieldExport copies values from ACK-managed resources (RDS, S3, ElastiCache) to ConfigMaps, which external-dns can then use for DNS records.
+
+```yaml
+# 1. ACK creates an S3 bucket
+apiVersion: s3.services.k8s.aws/v1alpha1
+kind: Bucket
+metadata:
+  name: app-assets
+  namespace: default
+spec:
+  name: my-app-assets-bucket
+---
+# 2. FieldExport copies the bucket URL to a ConfigMap
+apiVersion: services.k8s.aws/v1alpha1
+kind: FieldExport
+metadata:
+  name: export-bucket-url
+  namespace: default
+spec:
+  from:
+    path: ".status.location"
+    resource:
+      group: s3.services.k8s.aws
+      kind: Bucket
+      name: app-assets
+  to:
+    kind: configmap
+    name: app-assets-dns
+    namespace: default
+---
+# 3. ConfigMap is populated by FieldExport
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: app-assets-dns
+  namespace: default
+  labels:
+    app.kubernetes.io/managed-by: ack-fieldexport
+data:
+  default.export-bucket-url: "https://my-app-assets-bucket.s3.amazonaws.com/"
+```
+
+```bash
+external-dns \
+  --source=unstructured \
+  --unstructured-resource=configmaps.v1 \
+  --fqdn-template='{{if eq .Kind "ConfigMap"}}{{.Name}}.cdn.example.com{{end}}' \
+  --fqdn-target-template='{{if eq .Kind "ConfigMap"}}{{$url := index .Object.data "default.export-bucket-url"}}{{trimSuffix (trimPrefix $url "https://") "/"}}{{end}}' \
+  --label-filter='app.kubernetes.io/managed-by=ack-fieldexport'
+
+# Result:
+# app-assets-dns.cdn.example.com -> my-app-assets-bucket.s3.amazonaws.com (CNAME)
+```
+
+### EndpointSlice for Headless Services
+
+Create per-pod DNS records from EndpointSlice resources for headless services. Each pod gets its own DNS entry pointing to its IP address.
+
+```yaml
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: test-headless-abc12
+  namespace: default
+  labels:
+    endpointslice.kubernetes.io/managed-by: endpointslice-controller.k8s.io
+    kubernetes.io/service-name: test-headless
+    service.kubernetes.io/headless: ""
+addressType: IPv4
+endpoints:
+- addresses:
+  - 10.244.1.2
+  conditions:
+    ready: true
+  nodeName: worker1
+  targetRef:
+    kind: Pod
+    name: app-abc12
+    namespace: default
+- addresses:
+  - 10.244.2.3
+  - 10.244.2.4
+  conditions:
+    ready: true
+  nodeName: worker2
+  targetRef:
+    kind: Pod
+    name: app-def34
+    namespace: default
+ports:
+- name: http
+  port: 80
+  protocol: TCP
+```
+
+```bash
+external-dns \
+  --source=unstructured \
+  --unstructured-resource=endpointslices.v1.discovery.k8s.io \
+  --fqdn-host-target-template='{{if and (eq .Kind "EndpointSlice") (hasKey .Labels "service.kubernetes.io/headless")}}{{range $ep := .Object.endpoints}}{{if $ep.conditions.ready}}{{range $ep.addresses}}{{$ep.targetRef.name}}.pod.com:{{.}},{{end}}{{end}}{{end}}{{end}}'
+
+# Result:
+# app-abc12.pod.com -> 10.244.1.2 (A)
+# app-def34.pod.com -> 10.244.2.3, 10.244.2.4 (A)
+```
+
+The `--fqdn-host-target-template` flag returns `host:target` pairs, enabling 1:1 mapping between hostnames and targets. Useful when a Kubernetes resource contains arrays where each element should produce its own DNS record (e.g., EndpointSlice endpoints, multi-host configurations).
+
 ## RBAC
 
 Grant external-dns access to your custom resources: