diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9882408 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "gomod" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" \ No newline at end of file diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml new file mode 100644 index 0000000..5484f9a --- /dev/null +++ b/.github/workflows/releaser.yml @@ -0,0 +1,93 @@ +name: "Automatic Releaser" + +on: + push: + branches: + - main + +permissions: + contents: write + +jobs: + check-commit: + runs-on: ubuntu-latest + outputs: + msg_check: ${{ steps.check-msg.outputs.match }} + steps: + - name: Check Message + id: check-msg + run: | + pattern="^Release v[0-9]+.[0-9]+.[0-9]+ #(minor|major|patch)$" + if [[ "${{ github.event.head_commit.message }}" =~ ${pattern} ]]; then + echo ::set-output name=match::true + fi + create-tag: + runs-on: ubuntu-latest + if: needs.check-commit.outputs.msg_check == 'true' + needs: check-commit + outputs: + new_tag: ${{ steps.tagger.outputs.new_tag }} + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: '0' + + - name: Bump version and push tag + id: tagger + uses: anothrNick/github-tag-action@1.36.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: true + DEFAULT_BUMP: "none" + + goreleaser: + runs-on: ubuntu-latest + needs: create-tag + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.21 + + - name: Docker Login + env: + DOCKER_USERNAME: ${{ github.repository_owner }} + DOCKER_PASSWORD: ${{ secrets.CR_PAT }} + run: | + echo "${DOCKER_PASSWORD}" | docker login ghcr.io --username "${DOCKER_USERNAME}" --password-stdin + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + distribution: goreleaser + version: 1.26.2 + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.CR_PAT }} + + - name: Clear + if: always() + run: | + rm -f ${HOME}/.docker/config.json + release: + runs-on: ubuntu-latest + needs: ["goreleaser", "create-tag"] + name: Release Notification + steps: + - name: Get the version + id: get_version + run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} + + - run: | + echo "{\"text\":\"External-DNS Vultr Webhook : Release https://github.com/${{ github.repository }}/releases/tag/${{ needs.create-tag.outputs.new_tag }} \"}" > mattermost.json + + - uses: mattermost/action-mattermost-notify@master + env: + MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_WEBHOOK_URL }} + MATTERMOST_USERNAME: ${{ secrets.MATTERMOST_USERNAME}} + MATTERMOST_ICON: ${{ secrets.MATTERMOST_ICON }} \ No newline at end of file diff --git a/README.md b/README.md index 9c5dd6a..8097268 100644 --- a/README.md +++ b/README.md @@ -1 +1,197 @@ -# external-dns-vultr-webhook \ No newline at end of file +# ExternalDNS - Vultr Webhook + +ExternalDNS is a Kubernetes add-on for automatically managing +Domain Name System (DNS) records for Kubernetes services by using different DNS providers. +By default, Kubernetes manages DNS records internally, +but ExternalDNS takes this functionality a step further by delegating the management of DNS records to an external DNS +provider such as this one. +Therefore, the Vultr webhook allows to manage your +Vultr domains inside your kubernetes cluster with [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). + +To use ExternalDNS with Vultr, you need your Vultr API token of the account managing +your domains. +For detailed technical instructions on how the Vultr webhook is deployed using the Bitnami Helm charts for ExternalDNS, +see[deployment instructions](#kubernetes-deployment). + +## Kubernetes Deployment + +The deployment can be performed in every way Kubernetes supports. +The following example shows the deployment as +a [sidecar container](https://kubernetes.io/docs/concepts/workloads/pods/#workload-resources-for-managing-pods) in the +ExternalDNS pod +using the [Bitnami Helm charts for ExternalDNS](https://github.com/bitnami/charts/tree/main/bitnami/external-dns). + +⚠️ This webhook requires at least ExternalDNS v0.14.0. + +The webhook can be installed using either the Bitnami chart or the ExternalDNS one. + +First, create the Vultr secret: + +```yaml +kubectl create secret generic vultr-credentials --from-literal=api-key='' -n external-dns +``` + +### Using the Bitnami chart + +Skip this if you already have the Bitnami repository added: + +```shell +helm repo add bitnami https://charts.bitnami.com/bitnami +``` + +You can then create the helm values file, for example +`external-dns-vultr-values.yaml`: + +```yaml +image: + registry: registry.k8s.io + repository: external-dns/external-dns + tag: v0.14.0 + +provider: webhook + +extraArgs: + webhook-provider-url: http://localhost:8888 + txt-prefix: reg- + +sidecars: + - name: vultr-webhook + image: ghcr.io/vultr/external-dns-vultr-webhook:v0.1.0 + ports: + - containerPort: 8888 + name: webhook + - containerPort: 8080 + name: http + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /ready + port: http + initialDelaySeconds: 10 + timeoutSeconds: 5 + env: + - name: VULTR_API_KEY + valueFrom: + secretKeyRef: + name: vultr-credentials + key: api-key +``` + +And then: + +```shell +# install external-dns with helm +helm install external-dns-vultr bitnami/external-dns -f external-dns-vultr-values.yaml -n external-dns +``` + +### Using the ExternalDNS chart + +Skip this if you already have the ExternalDNS repository added: + +```shell +helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ +``` + +You can then create the helm values file, for example +`external-dns-vultr-values.yaml`: + +```yaml +namespace: external-dns +policy: sync +provider: + name: webhook + webhook: + image: + repository: ghcr.io/vultr/external-dns-vultr-webhook + tag: v0.1.0 + env: + - name: VULTR_API_KEY + valueFrom: + secretKeyRef: + name: vultr-credentials + key: api-key + livenessProbe: + httpGet: + path: /health + port: http-wh-metrics + initialDelaySeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /ready + port: http-wh-metrics + initialDelaySeconds: 10 + timeoutSeconds: 5 + +extraArgs: + - --txt-prefix=reg- +``` + +And then: + +```shell +# install external-dns with helm +helm install external-dns-vultr external-dns/external-dns -f external-dns-vultr-values.yaml --version 1.14.3 -n external-dns +``` + +## Environment variables + +The following environment variables are available: + +| Variable | Description | Notes | +| --------------- | -------------------------------- | -------------------------- | +| VULTR_API_KEY | Vultr API token | Mandatory | +| DRY_RUN | If set, changes won't be applied | Default: `false` | +| WEBHOOK_HOST | Webhook hostname or IP address | Default: `localhost` | +| WEBHOOK_PORT | Webhook port | Default: `8888` | +| HEALTH_HOST | Liveness and readiness hostname | Default: `0.0.0.0` | +| HEALTH_PORT | Liveness and readiness port | Default: `8080` | +| READ_TIMEOUT | Servers' read timeout in ms | Default: `60000` | +| WRITE_TIMEOUT | Servers' write timeout in ms | Default: `60000` | + +Additional environment variables for domain filtering: + +| Environment variable | Description | +| ------------------------------ | ---------------------------------- | +| DOMAIN_FILTER | Filtered domains | +| EXCLUDE_DOMAIN_FILTER | Excluded domains | +| REGEXP_DOMAIN_FILTER | Regex for filtered domains | +| REGEXP_DOMAIN_FILTER_EXCLUSION | Regex for excluded domains | + +If the `REGEXP_DOMAIN_FILTER` is set, the following variables will be used to +build the filter: + +- REGEXP_DOMAIN_FILTER +- REGEXP_DOMAIN_FILTER_EXCLUSION + +otherwise, the filter will be built using: + +- DOMAIN_FILTER +- EXCLUDE_DOMAIN_FILTER + +## Tweaking the configuration + +While tweaking the configuration, there are some points to take into +consideration: + +- if `WEBHOOK_HOST` and `HEALTH_HOST` are set to the same address/hostname or + one of them is set to `0.0.0.0` remember to use different ports. +- if your records don't get deleted when applications are uninstalled, you + might want to verify the policy in use for ExternalDNS: if it's `upsert-only` + no deletion will occur. It must be set to `sync` for deletions to be + processed. Please add the following to `external-dns-vultr-values.yaml` if + you want this strategy: + + ```yaml + policy: sync + ``` + +## Development + +The basic development tasks are provided by make. Run `make help` to see the +available targets. \ No newline at end of file diff --git a/internal/vultr/vultr.go b/internal/vultr/vultr.go index 6f4d9d5..d7a4299 100644 --- a/internal/vultr/vultr.go +++ b/internal/vultr/vultr.go @@ -40,8 +40,6 @@ type VultrChanges struct { type Configuration struct { APIKey string `env:"VULTR_API_KEY" required:"true"` DryRun bool `env:"DRY_RUN" default:"false"` - BatchSize int `env:"BATCH_SIZE" default:"100"` - DefaultTTL int `env:"DEFAULT_TTL" default:"7200"` DomainFilter []string `env:"DOMAIN_FILTER" default:""` ExcludeDomains []string `env:"EXCLUDE_DOMAIN_FILTER" default:""` RegexDomainFilter string `env:"REGEXP_DOMAIN_FILTER" default:""`