Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[addon/external-dns] update irsa policy #806

Merged
merged 2 commits into from Aug 9, 2022
Merged

[addon/external-dns] update irsa policy #806

merged 2 commits into from Aug 9, 2022

Conversation

Hokwang
Copy link
Contributor

@Hokwang Hokwang commented Jul 26, 2022
edited

What does this PR do?

current policy occurs error in external-dns when user has hosted zone more than 2.
and refer to official document (https://kubernetes-sigs.github.io/external-dns/v0.12.1/tutorials/aws/#iam-policy) , follow the policy guide.

Motivation

before fix

time="2022-07-26T07:44:34Z" level=error msg="failed to list resource records sets for zone /hostedzone/Z0098938DV62NKCC892B: AccessDenied: User: arn:aws:sts::88425xxxxxxx:assumed-role/eks-external-dns-sa-irsa/1658820563382445612 is not authorized to perform: route53:ListResourceRecordSets on resource: arn:aws:route53:::hostedzone/Z0098938DV62xxxxxxxx because no identity-based policy allows the route53:ListResourceRecordSets action\n\tstatus code: 403, request id: cdb13f18-51ba-490b-a0fe-8c21"

after apply fix

time="2022-07-26T07:46:36Z" level=info msg="Applying provider record filter for domains: [xxxx.com. .xxxx.com. xxxxx.io. .xxxxx.io. a.com. .a.com. b.com. .b.com.]"
time="2022-07-26T07:46:37Z" level=info msg="Desired change: CREATE cname-n.a.com TXT [Id: /hostedzone/Z0004878N3Yxxxx]"

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Yes, I have added a new example under examples to support my PR
  • Yes, I have created another PR for add-ons under add-ons repo (if applicable)
  • Yes, I have updated the docs for this feature
  • Yes, I ran pre-commit run -a with this PR

Note: Not all the PRs required examples and docs except a new pattern or add-on added.

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

vara-bonthu
vara-bonthu approved these changes Aug 9, 2022
View reviewed changes
Copy link
Contributor

@vara-bonthu vara-bonthu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏼

@bryantbiggs bryantbiggs temporarily deployed to EKS Blueprints Test August 9, 2022 13:15 Inactive
@bryantbiggs bryantbiggs merged commit bba0a11 into aws-ia:main Aug 9, 2022
allamand pushed a commit to allamand/terraform-aws-eks-blueprints that referenced this pull request Dec 15, 2022
@Hokwang @bryantbiggs @allamand
[addon/external-dns] update irsa policy (aws-ia#806)
8004c3f 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vara-bonthu vara-bonthu vara-bonthu approved these changes

@askulkarni2 askulkarni2 Awaiting requested review from askulkarni2

@kcoleman731 kcoleman731 Awaiting requested review from kcoleman731

@bryantbiggs bryantbiggs Awaiting requested review from bryantbiggs

@Zvikan Zvikan Awaiting requested review from Zvikan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Hokwang @vara-bonthu @bryantbiggs