Optionally ignore tls rules in ingress source

main.go

@@ -102,6 +102,7 @@ func main() {
 		FQDNTemplate:                   cfg.FQDNTemplate,
 		CombineFQDNAndAnnotation:       cfg.CombineFQDNAndAnnotation,
 		IgnoreHostnameAnnotation:       cfg.IgnoreHostnameAnnotation,
+		IgnoreTLSSpec:                  cfg.IgnoreTLSSpec,
 		Compatibility:                  cfg.Compatibility,
 		PublishInternal:                cfg.PublishInternal,
 		PublishHostIP:                  cfg.PublishHostIP,

pkg/apis/externaldns/types.go

@@ -50,6 +50,7 @@ type Config struct {
 	FQDNTemplate                      string
 	CombineFQDNAndAnnotation          bool
 	IgnoreHostnameAnnotation          bool
+	IgnoreTLSSpec                     bool
 	Compatibility                     string
 	PublishInternal                   bool
 	PublishHostIP                     bool
@@ -157,6 +158,7 @@ var defaultConfig = &Config{
 	FQDNTemplate:                "",
 	CombineFQDNAndAnnotation:    false,
 	IgnoreHostnameAnnotation:    false,
+	IgnoreTLSSpec:               false,
 	Compatibility:               "",
 	PublishInternal:             false,
 	PublishHostIP:               false,
@@ -308,6 +310,7 @@ func (cfg *Config) ParseFlags(args []string) error {
 	app.Flag("fqdn-template", "A templated string that's used to generate DNS names from sources that don't define a hostname themselves, or to add a hostname suffix when paired with the fake source (optional). Accepts comma separated list for multiple global FQDN.").Default(defaultConfig.FQDNTemplate).StringVar(&cfg.FQDNTemplate)
 	app.Flag("combine-fqdn-annotation", "Combine FQDN template and Annotations instead of overwriting").BoolVar(&cfg.CombineFQDNAndAnnotation)
 	app.Flag("ignore-hostname-annotation", "Ignore hostname annotation when generating DNS names, valid only when using fqdn-template is set (optional, default: false)").BoolVar(&cfg.IgnoreHostnameAnnotation)
+	app.Flag("ignore-tls-spec", "Ignore tls spec section in ingresses resources, valid only for ingress sources (optional, default: false)").BoolVar(&cfg.IgnoreTLSSpec)
 	app.Flag("compatibility", "Process annotation semantics from legacy implementations (optional, options: mate, molecule)").Default(defaultConfig.Compatibility).EnumVar(&cfg.Compatibility, "", "mate", "molecule")
 	app.Flag("publish-internal-services", "Allow external-dns to publish DNS records for ClusterIP services (optional)").BoolVar(&cfg.PublishInternal)
 	app.Flag("publish-host-ip", "Allow external-dns to publish host-ip for headless services (optional)").BoolVar(&cfg.PublishHostIP)

pkg/apis/externaldns/types_test.go

@@ -111,6 +111,7 @@ var (
 		Sources:                     []string{"service", "ingress", "connector"},
 		Namespace:                   "namespace",
 		IgnoreHostnameAnnotation:    true,
+		IgnoreTLSSpec:               true,
 		FQDNTemplate:                "{{.Name}}.service.example.com",
 		Compatibility:               "mate",
 		Provider:                    "google",
@@ -214,6 +215,7 @@ func TestParseFlags(t *testing.T) {
 				"--namespace=namespace",
 				"--fqdn-template={{.Name}}.service.example.com",
 				"--ignore-hostname-annotation",
+				"--ignore-tls-spec",
 				"--compatibility=mate",
 				"--provider=google",
 				"--google-project=project",
@@ -303,6 +305,7 @@ func TestParseFlags(t *testing.T) {
 				"EXTERNAL_DNS_NAMESPACE":                       "namespace",
 				"EXTERNAL_DNS_FQDN_TEMPLATE":                   "{{.Name}}.service.example.com",
 				"EXTERNAL_DNS_IGNORE_HOSTNAME_ANNOTATION":      "1",
+				"EXTERNAL_DNS_IGNORE_TLS_SPEC":                 "1",
 				"EXTERNAL_DNS_COMPATIBILITY":                   "mate",
 				"EXTERNAL_DNS_PROVIDER":                        "google",
 				"EXTERNAL_DNS_GOOGLE_PROJECT":                  "project",

source/ingress.go

@@ -56,10 +56,11 @@ type ingressSource struct {
 	combineFQDNAnnotation    bool
 	ignoreHostnameAnnotation bool
 	ingressInformer          extinformers.IngressInformer
+	ignoreTLSSpec            bool
 }
 
 // NewIngressSource creates a new ingressSource with the given config.
-func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool) (Source, error) {
+func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool, ignoreTLSSpec bool) (Source, error) {
 	var (
 		tmpl *template.Template
 		err  error
@@ -105,6 +106,7 @@ func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilt
 		combineFQDNAnnotation:    combineFqdnAnnotation,
 		ignoreHostnameAnnotation: ignoreHostnameAnnotation,
 		ingressInformer:          ingressInformer,
+		ignoreTLSSpec:            ignoreTLSSpec,
 	}
 	return sc, nil
 }
@@ -132,7 +134,7 @@ func (sc *ingressSource) Endpoints() ([]*endpoint.Endpoint, error) {
 			continue
 		}
 
-		ingEndpoints := endpointsFromIngress(ing, sc.ignoreHostnameAnnotation)
+		ingEndpoints := endpointsFromIngress(ing, sc.ignoreHostnameAnnotation, sc.ignoreTLSSpec)
 
 		// apply template if host is missing on ingress
 		if (sc.combineFQDNAnnotation || len(ingEndpoints) == 0) && sc.fqdnTemplate != nil {
@@ -240,7 +242,7 @@ func (sc *ingressSource) setDualstackLabel(ingress *v1beta1.Ingress, endpoints [
 }
 
 // endpointsFromIngress extracts the endpoints from ingress object
-func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) []*endpoint.Endpoint {
+func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool, ignoreTLSSpec bool) []*endpoint.Endpoint {
 	var endpoints []*endpoint.Endpoint
 
 	ttl, err := getTTLFromAnnotations(ing.Annotations)
@@ -263,13 +265,18 @@ func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) [
 		endpoints = append(endpoints, endpointsForHostname(rule.Host, targets, ttl, providerSpecific, setIdentifier)...)
 	}
 
-	for _, tls := range ing.Spec.TLS {
-		for _, host := range tls.Hosts {
-			if host == "" {
-				continue
+	// Skip endpoints if we do not want entries from tls spec section
+	if !ignoreTLSSpec {
+		for _, tls := range ing.Spec.TLS {
+			for _, host := range tls.Hosts {
+				if host == "" {
+					continue
+				}
+				endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier)...)
 			}
-			endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier)...)
 		}
+	} else {
+		log.Debugf("Ignoring TLS section for ingress: %s/%s",ing.Namespace, ing.Name)
 	}
 
 	// Skip endpoints if we do not want entries from annotations

source/ingress_test.go

@@ -51,6 +51,7 @@ func (suite *IngressSuite) SetupTest() {
 		"{{.Name}}",
 		false,
 		false,
+		false,
 	)
 	suite.NoError(err, "should initialize ingress source")
 
@@ -133,6 +134,7 @@ func TestNewIngressSource(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				false,
+				false,
 			)
 			if ti.expectError {
 				assert.Error(t, err)
@@ -220,7 +222,7 @@ func testEndpointsFromIngress(t *testing.T) {
 	} {
 		t.Run(ti.title, func(t *testing.T) {
 			realIngress := ti.ingress.Ingress()
-			validateEndpoints(t, endpointsFromIngress(realIngress, false), ti.expected)
+			validateEndpoints(t, endpointsFromIngress(realIngress, false, false), ti.expected)
 		})
 	}
 }
@@ -237,6 +239,7 @@ func testIngressEndpoints(t *testing.T) {
 		fqdnTemplate             string
 		combineFQDNAndAnnotation bool
 		ignoreHostnameAnnotation bool
+		ignoreTLSSpec            bool
 	}{
 		{
 			title:           "no ingress",
@@ -992,6 +995,21 @@ func testIngressEndpoints(t *testing.T) {
 				},
 			},
 		},
+		{
+			title:										"ignore tls section",
+			targetNamespace:          "",
+			ignoreHostnameAnnotation: true,
+			ignoreTLSSpec:            true,
+			ingressItems: []fakeIngress{
+				{
+					name:      "fake1",
+					namespace: namespace,
+					tlsdnsnames: [][]string{{"example.org"}},
+					ips:         []string{"1.2.3.4"},
+				},
+		  },
+			expected: []*endpoint.Endpoint{},
+		},
 	} {
 		t.Run(ti.title, func(t *testing.T) {
 			ingresses := make([]*v1beta1.Ingress, 0)
@@ -1007,6 +1025,7 @@ func testIngressEndpoints(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				ti.ignoreHostnameAnnotation,
+				ti.ignoreTLSSpec,
 			)
 			for _, ingress := range ingresses {
 				_, err := fakeClient.ExtensionsV1beta1().Ingresses(ingress.Namespace).Create(ingress)

source/store.go

@@ -45,6 +45,7 @@ type Config struct {
 	FQDNTemplate                   string
 	CombineFQDNAndAnnotation       bool
 	IgnoreHostnameAnnotation       bool
+	IgnoreTLSSpec                  bool
 	Compatibility                  string
 	PublishInternal                bool
 	PublishHostIP                  bool
@@ -185,7 +186,7 @@ func BuildWithConfig(source string, p ClientGenerator, cfg *Config) (Source, err
 		if err != nil {
 			return nil, err
 		}
-		return NewIngressSource(client, cfg.Namespace, cfg.AnnotationFilter, cfg.FQDNTemplate, cfg.CombineFQDNAndAnnotation, cfg.IgnoreHostnameAnnotation)
+		return NewIngressSource(client, cfg.Namespace, cfg.AnnotationFilter, cfg.FQDNTemplate, cfg.CombineFQDNAndAnnotation, cfg.IgnoreHostnameAnnotation, cfg.IgnoreTLSSpec)
 	case "istio-gateway":
 		kubernetesClient, err := p.KubeClient()
 		if err != nil {