From a926f16a364145ac0ec6480179d3394364058abe Mon Sep 17 00:00:00 2001 From: Grant Spence Date: Thu, 28 Sep 2023 15:04:40 -0400 Subject: [PATCH] NE-1323: Add default to AWS credentials field By adding a default value to the spec.provider.aws.credentials field, it enables the configuration of spec.provider.aws.assumeRole for an OpenShift user that doesn't need to explicitly specify the credentials field. Otherwise, an OpenShift user must manually insert "" as the credentials name to use the assumeRole field. Revert docs update about requiring to add empty ("") credentials field. --- api/v1beta1/externaldns_types.go | 3 ++- docs/usage.md | 19 ------------------- 2 files changed, 2 insertions(+), 20 deletions(-) diff --git a/api/v1beta1/externaldns_types.go b/api/v1beta1/externaldns_types.go index 2bc16001..01d5954b 100644 --- a/api/v1beta1/externaldns_types.go +++ b/api/v1beta1/externaldns_types.go @@ -255,6 +255,7 @@ type ExternalDNSAWSProviderOptions struct { // for more information. // // +kubebuilder:validation:Required + // +kubebuilder:default:={"name":""} // +required Credentials SecretReference `json:"credentials"` @@ -491,7 +492,7 @@ const ( ) type ExternalDNSAWSAssumeRoleOptions struct { - // arn is an AWS role ARN that the ExternalDNS + // arn is an IAM role ARN that the ExternalDNS // operator will assume when making DNS updates. // // +kubebuilder:validation:Required diff --git a/docs/usage.md b/docs/usage.md index 428cc4a8..307d9dd3 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -82,25 +82,6 @@ spec: - '{{.Name}}.mydomain.net' ``` -**Note**: Due to a limitation of the `v1beta1` API requiring the `credentials` field, OpenShift users will be required -to provide an empty (`""`) credentials field. The empty credentials will be ignored and the secret provided by -OpenShift's Cloud Credentials Operator will be used: - -```yaml -apiVersion: externaldns.olm.openshift.io/v1beta1 -kind: ExternalDNS -metadata: - name: aws-example -spec: - provider: - type: AWS - aws: - credentials: - name: "" # Empty Credentials - assumeRole: - arn: arn:aws:iam::123456789012:role/role-name # Replace with the desire Role ARN -``` - ## GovCloud The operator makes the assumption that `ExternalDNS` instances which target GovCloud DNS also run on the GovCloud. This is needed to detect the AWS region. As for the rest: the usage is exactly the same as for `AWS`.