• This repository has been archived on 16/Sep/2019
  • Stars
    star
    114
  • Rank 308,031 (Top 7 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 8 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Deprecated: Mate manages AWS Route53 and Google CloudDNS records for your Kubernetes services and ingresses. (moved from https://github.com/zalando-incubator/mate)

Deprecated

This repo has been officially deprecated in favor of the https://github.com/kubernetes-incubator/external-dns addon. That addon offers a lot more features, better performance, and a compatibility mode for current users of Mate. See compatibility mode docs here.

Mate

Build Status Coverage Status Go Report Card

Purpose

Mate synchronizes AWS Route53 or Google CloudDNS records with exposed Kubernetes services and ingresses.

When creating ingress objects or services with Type=LoadBalancer Kubernetes provisions an external load balancer to forward traffic to its cluster IP. Depending on the cloud provider this load balancer will get a random public IP or DNS name but no defined DNS record to point to it.

Mate bridges this gap and synchronizes DNS records based on the service's or ingress' name and/or namespace. This allows exposed services to be seamlessly discovered even if the load balancer address changes or isn't known beforehand. Additionally, Mate can create DNS entries for each of your Type=NodePort services pointing to all nodes in your cluster.

Install

go get github.com/zalando-incubator/mate

or

docker run registry.opensource.zalan.do/teapot/mate:v0.6.2 --help

Features

  1. Supports both Google and Amazon Cloud Providers
  2. Complete and safe management of DNS records for both services and ingress resources. Only records created by Mate will be updated and deleted.
  3. Immediate updates via Kubernetes event listener and periodic resync of all endpoints to match the Kubernetes state.
  4. Allows to specify record DNS via Service Annotations, Ingress Rules or passed in go-template
  5. Pluggable consumers and producers (see below)
  6. Supports multiple hosted zones in AWS Route53

Usage

Depending on the cloud provider the invocation differs slightly. For more detailed step-by-step guide see examples.

AWS

$ mate \
    --producer=kubernetes \
    --kubernetes-format="{{.Namespace}}-{{.Name}}.example.com" \
    --consumer=aws \
    --aws-record-group-id=foo

For each exposed service Mate will create two records in Route53:

  1. A record - An Alias to the ELB with the name inferred from kubernetes-format or zalando.org/dnsname annotation. When using ingress DNS records based on the hostnames in your rules will be created.

  2. TXT record - A TXT record that will have the same name as an A record and a special identifier with an embedded aws-record-group-id value. This helps to identify which records are created via Mate and makes it safe not to overwrite manually created records.

Google

$ mate \
    --producer=kubernetes \
    --kubernetes-format="{{.Namespace}}-{{.Name}}.example.com" \
    --consumer=google \
    --google-project=bar \
    --google-zone=example-com \
    --google-record-group-id=foo

Analogous to the AWS case with the difference that it doesn't use the AWS specific Alias functionality but plain A records.

Permissions

Mate needs permission to modify DNS records in your chosen cloud provider. On GCP this maps to using service accounts and scopes, on AWS to IAM roles and policies. For detailed instructions see the examples.

Kubernetes

Mate will listen for events from the API Server and create corresponding records for newly created services. Further synchronization (create, update and removal) will occur every minute. There's an initial syncronization when Mate boots up so it's safe to reboot the process at any point in time. If you only like to do the synchronization you can use the sync-only flag.

By default Mate uses the in cluster environment to configure the connection to the API server. When running outside a cluster it is possible to configure the API server url using the flag kubernetes-server. For instance you can run Mate locally with the server URL set to http://127.0.0.1:8001 and use kubectl proxy to forward requests to a cluster.

Ingress

In Zalando we use our in-house built ingress controller on AWS - kube-ingress-aws-controller which makes the whole setup super simple and it is production tested. Please refer to the ingress section for usage manual.

Producers and Consumers

Mate supports swapping out Endpoint producers (e.g. a service list from Kubernetes) and endpoint consumers (e.g. making API calls to Google to create DNS records) and both sides are pluggable. There currently exist two producer and three consumer implementations.

Producers

  • Kubernetes: watches kubernetes services and ingresses with exactly one external IP or DNS name
  • Fake: generates random endpoints simulating a very busy cluster

Consumers

  • Google: listens for endpoints and creates Google CloudDNS entries accordingly
  • AWS : listens for endpoints and creates AWS Route53 DNS entries
  • Stdout: listens for endpoints and prints them to Stdout

You can choose any combination. Kubernetes + Stdout is useful for testing your service watching functionality, whereas Fake + Google is useful for testing that you create the correct records in GCP.

Caveats

  • Although the modular design allows to specify it, you currently cannot create DNS records on Google CloudDNS for a cluster running on AWS because AWS ELBs will send ELB endpoints in the form of DNS names whereas the Google consumer expects them to be IPs and vice versa.
  • Creating DNS entries for NodePort services doesn't currently work in combination with the AWS consumer.

Compatibility with other controllers

By default mate will process all Services and Ingresses in all namespaces. This can lead to conflicts with other controllers such as kops' dns-controller or wearemolecule's route53-kubernetes. In order to avoid conflicts with other implementations or for when you want opt-in behaviour you can start mate with the --kubernetes-filter flag passing it an annotation selector to filter Services and Ingresses for. For example,

$ ./mate \
    --producer kubernetes \
    --kubernetes-filter external-dns.alpha.kubernetes.io/controller=mate \
    [...]

will only consider Services and Ingresses annotated with external-dns.alpha.kubernetes.io/controller=mate.

License

The MIT License (MIT)

Copyright (c) 2016 Zalando SE

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

More Repositories

1

chaoskube

chaoskube periodically kills random pods in your Kubernetes cluster.
Go
1,781
star
2

cloudformation-operator

A Kubernetes operator for managing CloudFormation stacks via a CustomResource
Go
102
star
3

instrumented_http

A Go http.RoundTripper that exports request statistics via Prometheus.
Go
21
star
4

cryptoprom

CryptoProm is a Prometheus metrics exporter for Cryptocurrency market prices.
Ruby
20
star
5

ethereum-deploy

Kubernetes deployment manifests for an Ethereum 2 Prysm Validator (testnet only and a little bit outdated)
12
star
6

snapshot-controller

Snapshot Controller snapshots the GCE Persistent Disks that are backing your Kubernetes Persistent Volumes. (Deprecated: use https://github.com/heptio/ark instead)
Go
10
star
7

0x-go

[Experimental] A collection of tools relating to Ethereum's 0xProject (v2)
Go
9
star
8

publishable

Adds simple publishing functionality to your active record models
Ruby
7
star
9

armor-ingress-controller

A Kubernetes Ingress Controller for @labstack's Armor
Go
6
star
10

etherdelta-go

EtherDelta bindings for Go and example code
Go
5
star
11

openproject-docker

openproject dockerfiles and friends (wip)
Nginx
4
star
12

twp

Java
3
star
13

encrypted-secrets

Go
2
star
14

thief

Ruby
2
star
15

rng

An easy to use random number generator with distributions
C++
2
star
16

manifest-controller

manifest-controller watches remote Kubernetes manifests and applies them to your cluster.
Go
1
star
17

k8s-proxy

standalone transparent kubectl proxy supporting exec
Go
1
star
18

wanchain-cli

CLI for a Wanchain RPC endpoint
Go
1
star
19

ngntracker

bug & issue tracker, not quite done yet. no further development for now
Ruby
1
star
20

earthcoin-1.2

Deprecated EarthCoin Qt Wallet
TypeScript
1
star
21

Android_Pusher

A simple pusher implementation and activity for Android!
Java
1
star
22

vohl-immobilien

JavaScript
1
star
23

dnsseed

checks your cryptocoin's dnsseed response node count
Ruby
1
star
24

errbit-docker

Dockerfile for running errbit
1
star
25

getter_for

Adds getter methods for attributes that the object belongs to
Ruby
1
star
26

earthcoin-docker

Runs an EarthCoin node on Mainnet inside a Docker container.
Shell
1
star
27

moinmoin

collection of hello world snippets for various libs and languages
Shell
1
star
28

process_monitor

A /proc based process and thread monitor
C++
1
star