docs(aws): add missing supported DNS record types in Route53 ABAC #5839
+2
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ExternalDNS writes TXT ownership records. ABAC missing TXT can cause 403 AccessDenied from Route 53. * Update AWS ABAC docs to include TXT in record types * Log entries when AccessDenied occurs and batch contains TXT * Added unit tests for AccessDenied detection, TXT detection and logging Refs: kubernetes-sigs#5773 Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
docs
provider
Contributor
|
Hi @TobyTheHutt. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/L
* Return the first Route 53 error from `submitChanges` so operators see the original AWS message * Remove IAM-guessing branch while keeping split-and-retry submission * Tidy error test and fall back to `provider.NewSoftErrorf` when no AWS error was captured * Add tests for error return on failures upon zone submission Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
k8s-ci-robot
added
size/M
TobyTheHutt
changed the title
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
TobyTheHutt
changed the title
Collaborator
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
Collaborator
|
The code lgtm. |
Contributor
Author
|
@mloiseleur the title and message are up to date. I updated them with each commit. If there's a specific change you're missing, let me know. |
ivankatliarchuk
suggested changes
Sep 17, 2025
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
k8s-ci-robot
added
size/XS
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
TobyTheHutt
changed the title
mloiseleur
changed the title
Collaborator
|
/lgtm |
k8s-ci-robot
added
the
lgtm
Member
|
/approve |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ivankatliarchuk The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
JesusMtnez
pushed a commit
to JesusMtnez/homelab
that referenced
this pull request
Dec 1, 2025
…o v0.20.0 (#869) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [registry.k8s.io/external-dns/external-dns](https://github.com/kubernetes-sigs/external-dns) | minor | `v0.19.0` -> `v0.20.0` | --- ### Release Notes <details> <summary>kubernetes-sigs/external-dns (registry.k8s.io/external-dns/external-dns)</summary> ### [`v0.20.0`](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.20.0) [Compare Source](kubernetes-sigs/external-dns@v0.19.0...v0.20.0) #### 🚀 Features - feat: add new flags to allow migration of OwnerID by [@​troll-os](https://github.com/troll-os) in [#​4823](kubernetes-sigs/external-dns#4823) - feat(annotations): add custom annotation prefix support for split horizon DNS by [@​lexfrei](https://github.com/lexfrei) in [#​5889](kubernetes-sigs/external-dns#5889) - feat(aws): add ap-southeast-6 region by [@​rhysmdnz](https://github.com/rhysmdnz) in [#​5812](kubernetes-sigs/external-dns#5812) - feat(chart): Release for v0.19.0 by [@​stevehipwell](https://github.com/stevehipwell) in [#​5819](kubernetes-sigs/external-dns#5819) - feat(cli): add Cobra binder and backend switch by [@​TobyTheHutt](https://github.com/TobyTheHutt) in [#​5820](kubernetes-sigs/external-dns#5820) - feat(cli): migrate kingpin to cobra - dual parity by [@​TobyTheHutt](https://github.com/TobyTheHutt) in [#​5836](kubernetes-sigs/external-dns#5836) - feat(coredns): add annotations for groups by [@​farodin91](https://github.com/farodin91) in [#​5842](kubernetes-sigs/external-dns#5842) - feat(coredns): pass context to etcd client by [@​farodin91](https://github.com/farodin91) in [#​5915](kubernetes-sigs/external-dns#5915) - feat(provider/cloudflare): add support for tags by [@​nkhl99](https://github.com/nkhl99) in [#​5862](kubernetes-sigs/external-dns#5862) - feat(source): add min-ttl support by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5641](kubernetes-sigs/external-dns#5641) - feat(source/f5-virtual-server): add host aliases support for Virtual … by [@​shkarface](https://github.com/shkarface) in [#​5745](kubernetes-sigs/external-dns#5745) #### 🐛 Bug fixes - fix(cloudflare): infinite reconciliation loop with cloudflare-record-comment flag by [@​vflaux](https://github.com/vflaux) in [#​5828](kubernetes-sigs/external-dns#5828) - fix: cloudflare softError failedZones by [@​nissessenap](https://github.com/nissessenap) in [#​5899](kubernetes-sigs/external-dns#5899) - fix(controller): panic in OCI provider build by [@​vflaux](https://github.com/vflaux) in [#​5877](kubernetes-sigs/external-dns#5877) - fix(coredns): debug message on labels update by [@​bachorp](https://github.com/bachorp) in [#​5789](kubernetes-sigs/external-dns#5789) - fix(deps): bump openshift with gateway-api by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5942](kubernetes-sigs/external-dns#5942) - fix(endpoint): debug message when owner label is missing by [@​bachorp](https://github.com/bachorp) in [#​5788](kubernetes-sigs/external-dns#5788) - fix(endpoint): deduplicate targets by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5805](kubernetes-sigs/external-dns#5805) - fix(endpoint/source) Allow '.' in TXT Records by [@​onelapahead](https://github.com/onelapahead) in [#​5844](kubernetes-sigs/external-dns#5844) - fix(gen/metrics): deduplicate generated in metrics.md by [@​vflaux](https://github.com/vflaux) in [#​5837](kubernetes-sigs/external-dns#5837) - fix(service): rollback nodeinformer for addevent handler by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5941](kubernetes-sigs/external-dns#5941) - fix(txt-register): reset existingTXTs even when ApplyChanges is skipped to avoid stale TXT records by [@​u-kai](https://github.com/u-kai) in [#​5897](kubernetes-sigs/external-dns#5897) #### 📝 Documentation - docs(advanced): configuration precedence by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5871](kubernetes-sigs/external-dns#5871) - docs(aws): add missing supported DNS record types in Route53 ABAC by [@​TobyTheHutt](https://github.com/TobyTheHutt) in [#​5839](kubernetes-sigs/external-dns#5839) - docs(aws): scoping the IAM policy to explicitely defined Route53 zones by [@​crtr109](https://github.com/crtr109) in [#​5663](kubernetes-sigs/external-dns#5663) - docs(ci): improve release note template by [@​mloiseleur](https://github.com/mloiseleur) in [#​5791](kubernetes-sigs/external-dns#5791) - docs: clarify hostname annotation behavior by [@​PseudoResonance](https://github.com/PseudoResonance) in [#​5912](kubernetes-sigs/external-dns#5912) - docs(contributing): add reference to developer documentation by [@​lexfrei](https://github.com/lexfrei) in [#​5923](kubernetes-sigs/external-dns#5923) - docs(core-dns): update tutorial by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5926](kubernetes-sigs/external-dns#5926) - docs: fix mkdocs build by [@​mloiseleur](https://github.com/mloiseleur) in [#​5795](kubernetes-sigs/external-dns#5795) - docs(gateway-api): clarify annotation placement for sources by [@​lexfrei](https://github.com/lexfrei) in [#​5918](kubernetes-sigs/external-dns#5918) - docs(myra): add info about protection option and docker image by [@​armaaar](https://github.com/armaaar) in [#​5879](kubernetes-sigs/external-dns#5879) - docs(release): update release docs by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5893](kubernetes-sigs/external-dns#5893) - docs(tutorials): import existing DNS records into ExternalDNS by [@​naavveenn](https://github.com/naavveenn) in [#​5811](kubernetes-sigs/external-dns#5811) - docs(txt-registry): improve formatting and examples for apex record by [@​u-kai](https://github.com/u-kai) in [#​5863](kubernetes-sigs/external-dns#5863) - docs(webhook): add volcengine provider to readme by [@​firemiles](https://github.com/firemiles) in [#​5866](kubernetes-sigs/external-dns#5866) #### 📦 Others - Build(tool) remove vacuum by [@​szuecs](https://github.com/szuecs) in [#​5955](kubernetes-sigs/external-dns#5955) - chore(ci): fix releaser script by [@​mloiseleur](https://github.com/mloiseleur) in [#​5953](kubernetes-sigs/external-dns#5953) - chore(ci): speed-up & coveralls by [@​mloiseleur](https://github.com/mloiseleur) in [#​5870](kubernetes-sigs/external-dns#5870) - chore(cloudflare): migrate `DeleteCustomHostname()` to new lib by [@​vflaux](https://github.com/vflaux) in [#​5880](kubernetes-sigs/external-dns#5880) - chore(cloudflare): migrate DeleteDNSRecord() to new lib by [@​vflaux](https://github.com/vflaux) in [#​5780](kubernetes-sigs/external-dns#5780) - chore(cloudflare): migrate ListRecords() to new lib by [@​vflaux](https://github.com/vflaux) in [#​5778](kubernetes-sigs/external-dns#5778) - chore(cloudflare): migrate UpdateDNSRecord() to new lib by [@​vflaux](https://github.com/vflaux) in [#​5781](kubernetes-sigs/external-dns#5781) - chore(controller-gen): move tools under go tools by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5878](kubernetes-sigs/external-dns#5878) - chore(deps): bump renovatebot/github-action from 43.0.10 to 43.0.11 in the dev-dependencies group by [@​app/dependabot](https://github.com/app/dependabot) in [#​5823](kubernetes-sigs/external-dns#5823) - chore(deps): bump renovatebot/github-action from 43.0.11 to 43.0.12 in the dev-dependencies group by [@​app/dependabot](https://github.com/app/dependabot) in [#​5840](kubernetes-sigs/external-dns#5840) - chore(deps): bump renovatebot/github-action from 43.0.12 to 43.0.13 in the dev-dependencies group by [@​app/dependabot](https://github.com/app/dependabot) in [#​5856](kubernetes-sigs/external-dns#5856) - chore(deps): bump renovatebot/github-action from 43.0.13 to 43.0.14 in the dev-dependencies group by [@​app/dependabot](https://github.com/app/dependabot) in [#​5874](kubernetes-sigs/external-dns#5874) - chore(deps): bump renovatebot/github-action from 43.0.14 to 43.0.15 in the dev-dependencies group by [@​app/dependabot](https://github.com/app/dependabot) in [#​5890](kubernetes-sigs/external-dns#5890) - chore(deps): bump renovatebot/github-action from 43.0.9 to 43.0.10 in the dev-dependencies group by [@​app/dependabot](https://github.com/app/dependabot) in [#​5797](kubernetes-sigs/external-dns#5797) - chore(deps): bump the dev-dependencies group across 1 directory with 15 updates by [@​app/dependabot](https://github.com/app/dependabot) in [#​5952](kubernetes-sigs/external-dns#5952) - chore(deps): bump the dev-dependencies group across 1 directory with 36 updates by [@​app/dependabot](https://github.com/app/dependabot) in [#​5943](kubernetes-sigs/external-dns#5943) - chore(deps): bump the dev-dependencies group across 1 directory with 5 updates by [@​app/dependabot](https://github.com/app/dependabot) in [#​5940](kubernetes-sigs/external-dns#5940) - chore(deps): bump the dev-dependencies group across 1 directory with 9 updates by [@​app/dependabot](https://github.com/app/dependabot) in [#​5949](kubernetes-sigs/external-dns#5949) - chore(deps): bump the dev-dependencies group with 2 updates by [@​app/dependabot](https://github.com/app/dependabot) in [#​5895](kubernetes-sigs/external-dns#5895) - chore(deps): bump the dev-dependencies group with 2 updates by [@​app/dependabot](https://github.com/app/dependabot) in [#​5946](kubernetes-sigs/external-dns#5946) - chore(deps): bump the dev-dependencies group with 3 updates by [@​app/dependabot](https://github.com/app/dependabot) in [#​5806](kubernetes-sigs/external-dns#5806) - chore(lint): configure goconst linter by [@​lexfrei](https://github.com/lexfrei) in [#​5929](kubernetes-sigs/external-dns#5929) - chore(owners): update reviewers by [@​mloiseleur](https://github.com/mloiseleur) in [#​5925](kubernetes-sigs/external-dns#5925) - chore(pihole): reduce cyclometic complexity of TestListRecords by [@​AndrewCharlesHay](https://github.com/AndrewCharlesHay) in [#​5802](kubernetes-sigs/external-dns#5802) - chore(release): updates kustomize & docs with v0.19.0 by [@​mloiseleur](https://github.com/mloiseleur) in [#​5792](kubernetes-sigs/external-dns#5792) - chore: upgrade ExternalDNS to go v1.25 and golangci-lint v2.5 by [@​mloiseleur](https://github.com/mloiseleur) in [#​5869](kubernetes-sigs/external-dns#5869) - ci(linter): add gochecknoinits by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5911](kubernetes-sigs/external-dns#5911) - ci(linter): add go-critic by [@​PascalBourdier](https://github.com/PascalBourdier) in [#​5875](kubernetes-sigs/external-dns#5875) - doc(tutorials/rfc2136): fix RBAC by [@​vflaux](https://github.com/vflaux) in [#​5827](kubernetes-sigs/external-dns#5827) - refactor(annotations): modernize ProviderSpecificAnnotation by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5813](kubernetes-sigs/external-dns#5813) - refactor(pihole): reduce cyclomatic complexity of TestProvider by [@​AndrewCharlesHay](https://github.com/AndrewCharlesHay) in [#​5865](kubernetes-sigs/external-dns#5865) - refactor(pihole): reduce cyclomatic complexity of TestProviderV6 by [@​AndrewCharlesHay](https://github.com/AndrewCharlesHay) in [#​5876](kubernetes-sigs/external-dns#5876) - refactor(service): reduce cyclomatic complexity of extractHeadlessEndpoints by [@​AndrewCharlesHay](https://github.com/AndrewCharlesHay) in [#​5822](kubernetes-sigs/external-dns#5822) - refactor(source/nat64): optional source & early prefixes parsing by [@​vflaux](https://github.com/vflaux) in [#​5810](kubernetes-sigs/external-dns#5810) - refactor(source/wrappers): move wrappers logic away from execute file by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5888](kubernetes-sigs/external-dns#5888) - test(cloudflare): clear environment variables before setting test values by [@​u-kai](https://github.com/u-kai) in [#​5851](kubernetes-sigs/external-dns#5851) - test(cloudflare): improve coverage of zoneService by [@​vflaux](https://github.com/vflaux) in [#​5800](kubernetes-sigs/external-dns#5800) - test(cloudflare): mock provider for cf change tests by [@​vflaux](https://github.com/vflaux) in [#​5852](kubernetes-sigs/external-dns#5852) - test(cloudflare): modernize zoneDomainFilter test by [@​vflaux](https://github.com/vflaux) in [#​5853](kubernetes-sigs/external-dns#5853) - test(controller): improve code coverage by [@​TobyTheHutt](https://github.com/TobyTheHutt) in [#​5816](kubernetes-sigs/external-dns#5816) - test(source): fqdn for source/service/nodeport/srv records by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5554](kubernetes-sigs/external-dns#5554) - test(source/service): add serviceTypeFilter edge case by [@​ivankatliarchuk](https://github.com/ivankatliarchuk) in [#​5872](kubernetes-sigs/external-dns#5872) - test(source/wrappers): fix race condition by [@​vflaux](https://github.com/vflaux) in [#​5841](kubernetes-sigs/external-dns#5841) - test: update goversion label to 1.25 in metrics test by [@​AndrewCharlesHay](https://github.com/AndrewCharlesHay) in [#​5886](kubernetes-sigs/external-dns#5886) - update test certs used for pdns by [@​Raffo](https://github.com/Raffo) in [#​5902](kubernetes-sigs/external-dns#5902) #### 📦 Docker Image ```sh docker pull registry.k8s.io/external-dns/external-dns:v0.20.0 ``` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMS4wIiwidXBkYXRlZEluVmVyIjoiNDIuMTEuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwL21pbm9yIl19--> Reviewed-on: https://codeberg.org/JesusMtnez/homelab/pulls/869 Co-authored-by: JesusMtnez-bot <jesusmartinez93+bot@gmail.com> Co-committed-by: JesusMtnez-bot <jesusmartinez93+bot@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does it do ?
ExternalDNS writes TXT ownership records. ABAC missing TXT can cause 403 AccessDenied from Route 53.
Update AWS ABAC docs to include TXT and CNAME in record types
Motivation
Resolve #5773
More