Commits · c97781a49dd3a1b7c8a1ccdf6d594217f3a28a17 · torgiren / External Dns

16 Sep, 2019 1 commit

Fix AWS IAM Roles for Service Accounts permission · c97781a4

Brian Hong authored 5 years ago

Amazon EKS supports IAM Roles for Service Accounts. It mounts tokens
files to `/var/run/secrets/eks.amazonaws.com/serviceaccount/token`.
Unfortunately, external-dns runs as 'nobody' so it cannot access this
file. External DNS is then unable to make any AWS API calls to work:

```
time="2019-09-11T07:31:53Z" level=error msg="WebIdentityErr: unable to read file at /var/run/secrets/eks.amazonaws.com/serviceaccount/token\ncaused by: open /var/run/secrets/eks.amazonaws.com/serviceaccount/token: permission denied"
```

See: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html

Below are the file permissions mounted on External DNS pod:

```
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/
total 0
drwxrwxrwt    3 root     root           100 Sep 11 06:40 .
drwxr-xr-x    3 root     root            28 Sep 11 06:40 ..
drwxr-xr-x    2 root     root            60 Sep 11 06:40 ..2019_09_11_06_40_49.865776187
lrwxrwxrwx    1 root     root            31 Sep 11 06:40 ..data -> ..2019_09_11_06_40_49.865776187
lrwxrwxrwx    1 root     root            12 Sep 11 06:40 token -> ..data/token
~ $ ls -al /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
-rw-------    1 root     root          1028 Sep 11 06:40 /var/run/secrets/eks.amazonaws.com/serviceaccount/..data/token
```

This commit fixes this problem by specifying securityContext to make
mounted volumes with 65534 (nobody) group ownership.

c97781a4

10 Sep, 2019 12 commits
- Merge pull request #1013 from p53/fix-prefix-to-lower · 8da3b34f
  Kubernetes Prow Robot authored 5 years ago
```
Fix txt prefix bug, should be lowercased because when writing to dns …
```
  8da3b34f
- Update txt_test.go · b685c738
  Nick Jüttner authored 5 years ago
  
  b685c738
- Update txt_test.go · 816929ad
  Nick Jüttner authored 5 years ago
  
  816929ad
- Merge branch 'master' into fix-prefix-to-lower · b2c5ad02
  Nick Jüttner authored 5 years ago
  
  b2c5ad02
- Merge pull request #1107 from JoaoBraveCoding/source-crd-improvements · 74582eff
  Kubernetes Prow Robot authored 5 years ago
```
Improvements to the source CRD
```
  74582eff
- Merge pull request #1136 from syseleven/txtregistry-keep-endpoint-labels · 2545e80c
  Kubernetes Prow Robot authored 5 years ago
```
TXTRegistry: do not overwrite labels of records returned by the provider
```
  2545e80c
- Merge pull request #1178 from bjschafer/docs/rfc2136-improvements · ee59421f
  Kubernetes Prow Robot authored 5 years ago
```
Update rfc2136 tutorial for use with Microsoft DNS
```
  ee59421f
- Merge pull request #1144 from jonasrmichel/fix/contour-ingressroute · 9cb6a783
  Kubernetes Prow Robot authored 5 years ago
```
Support delegate Contour IngressRoutes
```
  9cb6a783
- Merge pull request #1128 from gregsidelinger/master · 35b02a51
  Kubernetes Prow Robot authored 5 years ago
```
Fixing Infoblox incorrect match of zone dns names
```
  35b02a51
- Merge pull request #1170 from vanekjar/aws-sd-nlb-support · 16959543
  Kubernetes Prow Robot authored 5 years ago
```
AWS-SD: Add support for AWS Network Load Balancers
```
  16959543
- Merge pull request #1182 from MarcusNoble/master · 5fa52817
  Kubernetes Prow Robot authored 5 years ago
```
Updated AWS SDK version
```
  5fa52817
- Updated AWS SDK version · 0ba01198
  Marcus Noble authored 5 years ago
```
Signed-off-by: Marcus Noble <m.noble@elsevier.com>
```
  0ba01198
05 Sep, 2019 2 commits
- Update rfc2136 tutorial for use with Microsoft DNS · 905800f9
  Braxton Schafer authored 5 years ago
```
Clean up the tutorial and update it to clarify usage with non-BIND DNS servers.
```
  905800f9
- AWS-SD Add support for NLB · 46b17a62
  Jaromir Vanek authored 5 years ago
  
  46b17a62
30 Aug, 2019 1 commit
- Merge pull request #1172 from micahhausler/aws-sdk-go-version-bump · bc36ee90
  Kubernetes Prow Robot authored 5 years ago
```
Updated AWS SDK to v1.23.12
```
  bc36ee90
29 Aug, 2019 1 commit
- Updated AWS SDK to v1.23.12 · 6524c08b
  Micah Hausler authored 5 years ago
  
  6524c08b
28 Aug, 2019 3 commits
- Merge pull request #1160 from danieldabate/create-only-policy · 73ec9384
  Kubernetes Prow Robot authored 5 years ago
```
Add create-only policy
```
  73ec9384
- Merge branch 'master' into create-only-policy · d62dd9bf
  Martin Linkhorst authored 5 years ago
  
  d62dd9bf
- Merge pull request #1 from kubernetes-incubator/master · 6dbc9fac
  Greg authored 5 years ago
```
Updating latest upstream
```
  6dbc9fac
23 Aug, 2019 5 commits
- Merge pull request #1162 from kubernetes-incubator/linki-patch-3 · 332748ee
  Kubernetes Prow Robot authored 5 years ago
```
Update changelog with fix for retries flag
```
  332748ee
- chore: add github issue number for create-only flag · 2a2784cb
  Martin Linkhorst authored 5 years ago
  
  2a2784cb
- chore: update changelog with fix for retries flag · 515aeef1
  Martin Linkhorst authored 5 years ago
  
  515aeef1
- chore: add create-only policy to changelog · 299c8cbc
  Martin Linkhorst authored 5 years ago
  
  299c8cbc
- Merge pull request #1158 from coreypobrien/restoreAWSRetries · fa23c3cc
  Kubernetes Prow Robot authored 5 years ago
```
Fix --aws-api-retries
```
  fa23c3cc
22 Aug, 2019 4 commits
- Fix lint · 24e50328
  danieldabate authored 5 years ago
  
  24e50328
- Fixed identation · d35633b4
  João Marçal authored 5 years ago
```
Signed-off-by: João Marçal <joao.marcal12@gmail.com>
```
  d35633b4
- Add create-only policy · 2b13a7fa
  danieldabate authored 5 years ago
  
  2b13a7fa
- Fix --aws-api-retries · 3a62d4ea
  Corey O'Brien authored 5 years ago
  
  3a62d4ea
20 Aug, 2019 5 commits
- Merge pull request #1150 from tariq1890/upd_docker · 06052acf
  Kubernetes Prow Robot authored 5 years ago
```
update versions and remove unnecessary files in Dockerfile
```
  06052acf
- Merge remote-tracking branch 'upstream/master' into upd_docker · 583c96f0
  Martin Linkhorst authored 5 years ago
  
  583c96f0
- Merge pull request #1152 from linki/changelog-v0.5.16 · cc3ebf86
  Kubernetes Prow Robot authored 5 years ago
```
Update changelog for v0.5.16
```
  cc3ebf86
- chore: update changelog for v0.5.16 · d4672534
  Martin Linkhorst authored 5 years ago
  
  d4672534
- Merge pull request #1151 from tariq1890/flaky · 8292b86f
  Kubernetes Prow Robot authored 5 years ago
```
fix flaky unit test in external-dns/provider
```
  8292b86f
19 Aug, 2019 1 commit
- Added the requested changes · 4dc7e755
  João Marçal authored 5 years ago
```
Signed-off-by: João Marçal <joao.marcal12@gmail.com>
```
  4dc7e755
18 Aug, 2019 1 commit
- TXTRegistry: do not overwrite labels of records returned by the provider · a348bd7a
  Olaf Klischat authored 5 years ago
  
  a348bd7a
16 Aug, 2019 4 commits
- fix flaky unit test in external-dns/provider · 6c6ebceb
  Tariq Ibrahim authored 5 years ago
  
  6c6ebceb
- update versions and remove unnecessary files in Dockerfile · 2749b438
  Tariq Ibrahim authored 5 years ago
  
  2749b438
- Support delegate Contour IngressRoutes · c0c3d25b
  Jonas Michel authored 5 years ago
  
  c0c3d25b
- Merge pull request #1148 from tariq1890/upd_docker · 6c68e1bb
  Kubernetes Prow Robot authored 5 years ago
```
update image versions in Dockerfile
```
  6c68e1bb

GitLab

Menu