Open chancez opened 7 years ago
Hi @chancez,
we recently implemented this feature and it's part of mate
v0.6.1 but undocumented :(
Have a look at this PR: https://github.com/zalando-incubator/mate/pull/84
In a nutshell, you can configure mate
to ignore all services and ingresses that are not tagged with a particular annotation and value, basically allowing exactly what you want by using
./mate ... --kubernetes-filter=zalando.org/dns.class=mate
Great, that would do what I want I believe then.
In all fairness, --kubernetes-filter is mentioned in the release logs of v0.6.0, however it is worth mentioning in the README as well :)
I created an issue for the missing docs: https://github.com/zalando-incubator/mate/issues/91
@chancez let us know if usage of the flag solved your issue.
docs for the flag https://github.com/zalando-incubator/mate/pull/92
I tried this functionality and my kuberntes deployment looks like this:
Args:
--producer=kubernetes
--kubernetes-format={{.Namespace}}-{{.Name}}c.tropo.com
--consumer=aws
--kubernetes-filter external-dns.alpha.kubernetes.io/controller=mate
--aws-record-group-id=mate-managed
however immediately the container goes into a back off crash loop and the only logs I get out are:
2017-03-14T19:12:49.284776893Z mate: error: unknown long flag '--kubernetes-filter external-dns.alpha.kubernetes.io/controller', try --help
Where did I screw up? I'm using release v0.6.1
missing =
sign ?
I just double checked the Args look EXACTLY like they do in my original post.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mate
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: mate
annotations:
iam.amazonaws.com/role: mate-route53-role
spec:
containers:
- name: mate
image: registry.opensource.zalan.do/teapot/mate:v0.6.1
env:
- name: AWS_REGION
value: us-west-2
args:
- --producer=kubernetes
- --kubernetes-format={{.Namespace}}-{{.Name}}c.tropo.com
- --consumer=aws
- --kubernetes-filter external-dns.alpha.kubernetes.io/controller=mate
- --aws-record-group-id=mate-managed
I meant have u tried - --kubernetes-filter="external-dns.alpha.kubernetes.io/controller=mate"
?
AH HA! That's what it was. I was hoping that this could help my rate limiting problem but doesn't seem too. I continually get lots that show mate is querying DNS and attempting to change records to zones that it has not business in... I'll open another bug. thanks!
I would like to only have explicitly annotated services to have DNS records associated with their load balancer, but if
zalando.org/dnsname
is not set, it will fallback to--kubernetes-format
. I would prefer to have an configuration option which let's me disable this by requiringmate
to only create DNS for services I explicitly tell it to.Perhaps a flag for an annotation to use as an indicator could be used. Ex you could have an annotation
zolando.org/dns.class
which has a value ofmate
by default. This would be similar toingress-class
for the nginx ingress, which allows running multiple ingress controllers. https://github.com/kubernetes/ingress/tree/master/controllers/nginx#running-multiple-ingress-controllersWhen configured, mate would only look at services with
zolando.org/dns.class=mate
, wheremate
could be something the user specifies on the controller (via a flag or env var) and on the annotation. This feature would allow for running multiple instances ofmate
in a single cluster, and also allows the admin to disablemate
(by not setting thezolando.org/dns.class
annotation) for particular services.