Fix build

apis/external/v1alpha1/externaldns_types.go

@@ -91,10 +91,6 @@ type CloudflareProvider struct {
 	// +optional
 	Proxied *bool `json:"proxied,omitempty"`
 
-	// When using the Cloudflare provider, specify how many zones per page listed, max. possible 50 (default: 50)
-	// +optional
-	ZonesPerPage *int `json:"zonesPerPage,omitempty"`
-
 	// +optional
 	BaseURL string `json:"baseURL,omitempty"`
 

crds/external-dns.appscode.com_externaldnses.yaml

@@ -162,10 +162,6 @@ spec:
                     required:
                     - name
                     type: object
-                  zonesPerPage:
-                    description: 'When using the Cloudflare provider, specify how
-                      many zones per page listed, max. possible 50 (default: 50)'
-                    type: integer
                 type: object
               connectorSourceServer:
                 description: The server to connect for connector source, valid only

examples/azure-credential.md

@@ -1,15 +1,53 @@
-### Create credential file
-You have to create a JSON credential file for Azure Provider:
+### Create configuration file
+* Create `Resource Group` and `DNS Zone`
+```bash
+az group create --name "MyDnsResourceGroup" --location "eastus"
+az network dns zone create --resource-group "MyDnsResourceGroup" --name "example.com"
+```
+* Create a `Service Principal`
+```bash
+EXTERNALDNS_NEW_SP_NAME="ExternalDnsServicePrincipal" # name of the service principal
+AZURE_DNS_ZONE_RESOURCE_GROUP="MyDnsResourceGroup" # name of resource group where dns zone is hosted
+AZURE_DNS_ZONE="example.com" # DNS zone name like example.com or sub.example.com
+
+# Create the service principal
+DNS_SP=$(az ad sp create-for-rbac --name $EXTERNALDNS_NEW_SP_NAME)
+EXTERNALDNS_SP_APP_ID=$(echo $DNS_SP | jq -r '.appId')
+EXTERNALDNS_SP_PASSWORD=$(echo $DNS_SP | jq -r '.password')
+```
+* Grant access to Azure DNS zone for the service principal.
+```bash
+# fetch DNS id used to grant access to the service principal
+DNS_ID=$(az network dns zone show --name $AZURE_DNS_ZONE \
+ --resource-group $AZURE_DNS_ZONE_RESOURCE_GROUP --query "id" --output tsv)
+
+# 1. as a reader to the resource group
+# az role assignment create --role "Reader" --assignee $EXTERNALDNS_SP_APP_ID --scope $DNS_ID
+
+# 2. as a contributor to DNS Zone itself
+az role assignment create --role "Contributor" --assignee $EXTERNALDNS_SP_APP_ID --scope $DNS_ID
+```
+* Write the credentials to a local path
 ```bash
 cat <<-EOF > /local/path/to/azure.json
+{
+  "tenantId": "$(az account show --query tenantId -o tsv)",
+  "subscriptionId": "$(az account show --query id -o tsv)",
+  "resourceGroup": "$AZURE_DNS_ZONE_RESOURCE_GROUP",
+  "aadClientId": "$EXTERNALDNS_SP_APP_ID",
+  "aadClientSecret": "$EXTERNALDNS_SP_PASSWORD"
+}
+EOF
+```
+* Once you have completed all the process you will have a json file in `/local/path/to/azure.json` path
+```json
 {
   "tenantId": "your-azure-tenant-id",
   "subscriptionId": "your-azure-subscription-id",
   "resourceGroup": "your-azure-resource-group-name",
   "aadClientId": "your-azure-client-id",
   "aadClientSecret": "your-azure-client-password"
 }
-EOF
 ```
 
 ### Create secret from file

examples/google-credential.md

@@ -1,5 +1,23 @@
+### Create static credentials
+* Create a Google Service Account(GSA) that has access to the CloudDNS Zone
+```bash
+GKE_PROJECT_ID="your-organization-project-id"
+DNS_SA_NAME="external-dns-sa"
+DNS_SA_EMAIL="$DNS_SA_NAME@${GKE_PROJECT_ID}.iam.gserviceaccount.com"
+
+# create GSA used to access the Cloud DNS zone
+gcloud iam service-accounts create $DNS_SA_NAME --display-name $DNS_SA_NAME
+
+# assign google service account to dns.admin role in cloud-dns project
+gcloud projects add-iam-policy-binding $DNS_PROJECT_ID --member serviceAccount:$DNS_SA_EMAIL --role "roles/dns.admin"
+```
+* Generate static credential from the ExternalDNS GSA
+```bash
+# download static credentials
+gcloud iam service-accounts keys create /local/path/to/credentials.json --iam-account $DNS_SA_EMAIL
+```
 ### Create Secret from
-Create a Kubernetes secret with the credentials in the same namespace of External-DNS operator. 
+Create a Kubernetes secret with the credentials in the `same namespace of External-DNS` operator. 
 ```shell
 kubectl create secret generic google-credential --namespace demo --from-file /local/path/to/credentials.json
 ```

examples/node-cloudflare.yaml

@@ -10,9 +10,9 @@ spec:
       version: v1
       kind: Node
     node:
-      labelFilter: app=demo-node
-      annotationFilter: lke.linode.com/wgip=0.0.0.0
-      fqdnTemplate: "{{.Name}}.example.com"
+#      labelFilter: app=demo-node
+#      annotationFilter: lke.linode.com/wgip=0.0.0.0
+      fqdnTemplate: "nodes.example.com"
   registry: txt
   txtOwnerID: external-dns
   txtPrefix: xyz
@@ -21,5 +21,5 @@ spec:
   provider: cloudflare
   cloudflare:
     secretRef:
-      name: cloudflare-credentials
-      apiToken: CF_API_TOKEN
+      name: cloudflare-credential
+      apiTokenKey: CF_API_TOKEN

examples/nodes-google.yaml

@@ -4,17 +4,15 @@ metadata:
   name: google-nodes
   namespace: demo
 spec:
-  providerSecretRef:
-    name: google-credential
   source:
     type:
       group: ""
       version: v1
       kind: Node
     node:
       #multiple label filter, comma separated
-      labelFilter: "node-pool-id=123xyz,beta.kubernetes.io/arch=amd64"
-      annotationFilter: lke.linode.com/wgip=0.0.0.1
+#      labelFilter: "node-pool-id=123xyz,beta.kubernetes.io/arch=amd64"
+#      annotationFilter: lke.linode.com/wgip=0.0.0.1
       fqdnTemplate: node.example.com
   registry: txt
   txtOwnerID: external-dns

pkg/cmds/run.go

@@ -28,14 +28,13 @@
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
-	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	"k8s.io/klog/v2"
 	"k8s.io/klog/v2/klogr"
 	"kmodules.xyz/client-go/meta"
-	_ "kmodules.xyz/client-go/meta"
 	"kmodules.xyz/client-go/tools/clusterid"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 )
 
 var (
@@ -64,7 +63,7 @@
 		Run: func(cmd *cobra.Command, args []string) {
 			klog.Infof("Starting binary version %s+%s ...", v.Version.Version, v.Version.CommitHash)
 
 			ctrl.SetLogger(klogr.New())
 
 			cfg := ctrl.GetConfigOrDie()
 			cfg.QPS = QPS
@@ -72,8 +71,7 @@
 
 			mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 				Scheme:                 scheme,
-				MetricsBindAddress:     metricsAddr,
-				Port:                   9443,
+				Metrics:                metricsserver.Options{BindAddress: metricsAddr},
 				HealthProbeBindAddress: probeAddr,
 				LeaderElection:         enableLeaderElection,
 				LeaderElectionID:       "4de9ad66.appscode.com",

pkg/controllers/external-dns/externaldns_controller.go

@@ -37,7 +37,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-	"sigs.k8s.io/controller-runtime/pkg/source"
 )
 
 var mutex sync.Mutex
@@ -187,9 +186,8 @@ func (r *ExternalDNSReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *ExternalDNSReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	secretToEdns := handler.EnqueueRequestsFromMapFunc(func(object client.Object) []reconcile.Request {
+	secretToEdns := handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, object client.Object) []reconcile.Request {
 		reconcileReq := make([]reconcile.Request, 0)
-		ctx := context.TODO()
 		ednsList := &api.ExternalDNSList{}
 
 		if err := mgr.GetClient().List(ctx, ednsList, client.InNamespace(object.GetNamespace())); err != nil {
@@ -226,14 +224,15 @@ func (r *ExternalDNSReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	// for dynamic watcher
 	controller, err := ctrl.NewControllerManagedBy(mgr).
 		For(&api.ExternalDNS{}).
-		Watches(&source.Kind{Type: &core.Secret{}}, secretToEdns).
+		Watches(&core.Secret{}, secretToEdns).
 		Build(r)
 	if err != nil {
 		klog.Error("failed to build controller.", err.Error())
 		return err
 	}
 
 	r.watcher = &informers.ObjectTracker{
+		Manager:    mgr,
 		Controller: controller,
 	}
 

pkg/informers/dynamicWatcher.go

@@ -32,6 +32,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	"sigs.k8s.io/controller-runtime/pkg/source"
@@ -40,6 +41,7 @@ import (
 type ObjectTracker struct {
 	m sync.Map
 
+	Manager manager.Manager
 	controller.Controller
 }
 
@@ -60,7 +62,7 @@ func (o *ObjectTracker) Watch(obj runtime.Object, handler handler.EventHandler)
 
 	// adding watcher to an external object
 	err := o.Controller.Watch(
-		&source.Kind{Type: u},
+		source.Kind(o.Manager.GetCache(), u),
 		handler,
 		predicate.Funcs{UpdateFunc: func(e event.UpdateEvent) bool {
 			if e.ObjectOld.GetObjectKind().GroupVersionKind().Kind != "Node" {
@@ -109,7 +111,7 @@ func getRuntimeObject(gvk schema.GroupVersionKind) runtime.Object {
 }
 
 func RegisterWatcher(ctx context.Context, crd *api.ExternalDNS, watcher *ObjectTracker, r client.Client) error {
-	sourceHandler := func(object client.Object) []reconcile.Request {
+	sourceHandler := func(ctx context.Context, object client.Object) []reconcile.Request {
 		reconcileReq := make([]reconcile.Request, 0)
 
 		dnsList := &api.ExternalDNSList{}